Intel, Micron, and Analog Devices join The Semiconductor Alliance. Read the Press Release

        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Semiconductors
        • Dive into the revolutionary work that MITRE Engenuity is doing within this critical ecosystem.

        • Circuit Talk
        • Hear directly from the semiconductor experts through our speaker series featuring titans of industry, groundbreaking researchers, and many more.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • MITRE ATT&CK Defender
        • Strengthen your threat-informed defense capabilities with our cybersecurity trainings taught by MITRE ATT&CK subject matter experts.

        • Telecom
        • The transformative power of 5G shifts paradigms across industries and empowers businesses to change the way they interact with people. See how MITRE Engenuity is impacting the next generation of telecommunications. 

        • Open Generation 5G Consortium
        • We are getting to our 5G future faster. Discover how we are accelerating network technology and device-to-device application innovation through use case-focused R&D in the Open Generation 5G Consortium.

        • Health
        • We identify potential health security threats to ensure faster public health pandemic responses and incubate new ideas to ensure national health security.

mitre att&ck defender logo
Join the community of Certified MITRE ATT&CK® Defenders who have proven their real-world mastery in applying the knowledge of adversary behaviors to improve security configurations, analytics and decision-making.

One year of unlimited access to ATT&CK badges and certifications – USD 499

MAD Training and Certification Curriculum 

MAD delivers a comprehensive curriculum to ensure holistic threat-informed operations 

The curriculum is constantly growing and currently offers skills training and credentialing programs in the areas of: 

  • ATT&CK Fundamentals 
  • ATT&CK for Cyber Threat Intelligence (CTI)
  • ATT&CK for Security Operations Center (SOC) Assessments 
  • ATT&CK for Adversary Emulation Methodology 
  • ATT&CK for Threat Hunting Detection Engineering 

ATT&CK fundamentalsCTI CertificationsSOC CertificationAEM certificationThreat Hunting Detection Engineering Certification

CYBER RANGES Partnership

MAD subscribers will soon have access to labs running on a next-generation cyber range

CYBER RANGES Corp. delivers world-class cyber security training and capability development exercises using next-generation technology and services for the design, delivery, and management of simulation-based, deep-dive experiences in cyber security. The platform delivers real-world scenarios to better prepare security operators and managers to be able to work with real threats.  

The partnership between CYBER RANGES and MAD adds access to MAD-developed labs running on the CYBER RANGES platform, enabling learners to practice the skills they learn in the training around Adversary Emulation and Threat Hunting. Going forward, the partnership will bring new hands-on assessments and credentials, offering MAD subscribers new ways to prove their mastery of ATT&CK-based Adversary Emulation and Threat Hunting concepts. 

CYBER RANGES fully supports MITRE ATT&CK across its entire cyber range architecture. Through its proprietary Injector Engine CYBER RANGES platform can automatically emulate the latest-intel attacks, APTs, and specific tactics and exploits from the MITRE ATT&CK Matrix™.  

ATT&CK Fundamentals Credential 

Fundamentals Badge

An ATT&CK Fundamentals course and credential created by ATT&CK subject matter expert, Jamie Williams. This is the first and fundamental piece of the MITRE ATT&CK Defender™ (MAD) series to educate and affirm that a defender: 

  • Understands the MITRE ATT&CK framework, a globally accessible knowledge base, and a cyber adversary behavior model based on real-world observations. 
  • Is familiar with how the ATT&CK knowledge base documents real-world adversary tactics, techniques, and procedures (TTPs). 
  • Can visualize the various ways to exploit the understanding of adversary TTPs to address current (operational) and future (strategic) threats. 
  • Grasps how ATT&CK enables us to produce measurable and trackable answers to the hard questions we face every day as defenders, such as “how does our decision to ____ make us better/worse at defending against threats?” 

Module 1: Understanding ATT&CK

1.1Introduction to ATT&CK5 minutes
1.2Matrices/Platforms3 minutes
1.3Tactics2 minutes
1.4Techniques and Sub-Techniques4 minutes
1.5Mitigations2 minutes
1.6Data Sources and Detections4 minutes
1.7Groups and Software3 minutes
1.8How ATT&CK Grows and Evolves4 minutes

Module 2: Benefits of Using ATT&CK

2.1Community Perspective3 minutes
2.2Common Language2 minutes
2.3Quantitative Scorecard2 minutes
2.4ATT&CK Navigator4 minutes

Module 3: Operationalizing ATT&CK

3.1Cyber Threat Intelligence3 minutes
3.2Detection and Analysis3 minutes
3.3Threat Emulation3 minutes
3.4Assessment and Engineering3 minutes
3.5Putting it all Together into Threat-Informed Defense2 minutes
3.6Course Summary1 minute

ATT&CK Cyber Threat Intelligence Certification and Training Program 

CTI Defense Recommendations CTI From Narrative Reporting CTI Storage and AnalysisCTI From Raw Data

This is an intermediate-level program to inform and affirm a defender’s mastery in the skill to identify, develop, analyze, and apply ATT&CK-mapped intelligence. Defenders must earn five distinct badges to achieve the ATT&CK for CTI certification: 

  • ATT&CK Cyber Threat Intelligence from Narrative Reporting Badge 
  • ATT&CK Cyber Threat Intelligence from Raw Data Badge 
  • ATT&CK Cyber Threat Intelligence Storage and Analysis Badge 
  • ATT&CK Cyber Threat Intelligence Defensive Recommendations Badge 
  • ATT&CK Cyber Threat Intelligence Certification 


  • Practitioners should have a solid understanding of the ATT&CK Framework 
  • An understanding of security concepts, previous training, or prior CTI field experience 
  • We highly recommend taking the ATT&CK Cyber Threat Intelligence course to facilitate success 

Training Modules 

ATT&CK subject matter experts, Adam Pennington, Amy Robertson, and Jaclyn Lasky, produced MITRE ATT&CK Defender’s ATT&CK for Cyber Threat Intelligence course. This training may be completed solo or as a team. This training will: 

  • Introduce learners to ATT&CK and why it’s useful for CTI
  • Show learners how to map to ATT&CK from both finished reporting and raw data 
  • Share why it’s challenging to store ATT&CK-mapped data and what to consider when doing so
  • Visualize how to perform CTI analysis using ATT&CK-mapped data
  • Familiarize learners with making defensive recommendations based on CTI analysis


Module 1: Mapping to ATT&CK from Narrative Reports

1.1Introduction: Challenges, Advantages and the Process of Mapping to ATT&CK15 minutes
1.2Finding and Researching the Behavior8 minutes
1.3Translating the Behavior into a Tactic10 minutes
1.4Identifying Techniques or Sub-Techniques12 minutes
1.5Mapping to a Narrative Point10 minutes
1.6Hedging Your Biases10 minutes

Module 2: Mapping to ATT&CK from Raw Data 

2.1The Process of Mapping from Raw Data5 minutes
2.2Identify and Research Behaviors5 minutes
2.3Translate Behaviors to Tactics, Techniques and Sub-Techniques4 minutes
2.4Raw Data to Narrative Reporting8 minutes

Module 3: Storing and Analyzing ATT&CK-Mapped Data 

3.1Storing and Displaying ATT&CK-Mapped Data3 minutes
3.2Expressing and Storing ATT&CK-Mapped Data3 minutes
3.3Analyzing ATT&CK-Mapped Data5 minutes
3.4Exercise 3: Comparing Layers in ATT&CK Navigator1 minute

Module 4: Making Defensive Recommendations from ATT&CK-Mapped Data 

4.1The Defensive Recommendations Process5 minutes
4.2How Techniques and Sub-Techniques are Being Used8 minutes
4.3Researching Organizational Capabilities & Constraints & Determine Trade-Offs9 minutes
4.4Make Defensive Recommendations12 minutes

ATT&CK Security Operations Center Assessments Certification and Training Program 

SOC Assessment Analysis SOC Assessment Fundamentals SOC Assessment Synthesis

This is an intermediate  level program that educates and endorses mastery in the skill to conduct Security Operations Center (SOC) assessments that are rapid, have low overhead, and are broad enough to help the SOC get on their feet with ATT&CK. The certification affirms your mastery at analyzing SOC technologies, like tools and data sources, savviness at interviewing and discussing ATT&CK with SOC personnel, and recommend improvements based on the assessments’ results. Defenders must earn four distinct badges to achieve the ATT&CK for SOC Assessments certification: 

  • ATT&CK Fundamentals 
  • ATT&CK Security Operations Center Assessment Fundamentals 
  • ATT&CK Security Operations Center Assessment Analysis 
  • ATT&CK Security Operations Center Assessment Synthesis 


  • Practitioners should have a solid understanding of the ATT&CK Framework 
  • An understanding of information security technology and security operations 
  • We highly recommend taking the ATT&CK SOC Assessments course to facilitate success 

Training Modules 

ATT&CK subject matter experts, Andy Applebaum and Dr. Clem Skorupka produced the ATT&CK SOC Assessments course to familiarize learners with how to implement ATT&CK for visibility into where a SOC needs improvements and inform how to apply ATT&CK to design a rapid, low overhead, and broad SOC Assessment. This training will: 

  • Provide tips on how to analyze SOC technologies like tools and data sources 
  • Share best practices for performing interviews and leading discussions on ATT&CK with SOC personnel 
  • Educate on how to recommend changes based on assessment results 


Module 1: Mapping to ATT&CK from Narrative Reports 

1.1Introduction: Bringing ATT&CK into the SOC8 minutes
1.2A Methodology for Assessments9 minutes
1.3Framing an Assessment10 minutes
1.4Scoping an Assessment6 minutes

Module 2: Mapping to ATT&CK from Raw Data 

2.1Setting a Coverage Rubric12 minutes
2.2Working with Data Sources Part 110 minutes
2.3Working with Data Sources Part 27 minutes
2.4Analyzing Analytics14 minutes
2.5Breaking Down Tools13 minutes

Module 3: Storing and Analyzing ATT&CK-Mapped Data 

3.1Interviewing Staff14 minutes
3.2Communicating with ATT&CK14 minutes
3.3Compiling a Final Heatmap Part 113 minutes
3.4Compiling a Final Heatmap Part 29 minutes
3.5Proposing Recommendations Part 112 minutes
3.6Proposing Recommendations Part 213 minutes
3.7SOC Assessments Demo 113 minutes
3.8SOC Assessments Demo 211 minutes

ATT&CK Adversary Emulation Methodology Certification and Training Program

AE - Application Badge AE - Fundamentals Badge AE - Planning Badge AE - TTP Implementation Badge AE - TTP Research Badge

The program educates and validates a practitioner’s ability to conduct adversary emulation activities based on real-world threats. The defender learns and proves mastery at researching, implementing, and ethically executing adversary TTPs to help organizations assess and improve cybersecurity. Defenders must earn five distinct badges to achieve the ATT&CK for SOC Assessments certification: 

  • ATT&CK Fundamentals 
  • ATT&CK Adversary Emulation Fundamentals 
  • ATT&CK Adversary Emulation TTP Research 
  • ATT&CK Adversary Emulation Planning 
  • ATT&CK Adversary Emulation TTP Implementation 


  • Practitioners should have a solid understanding of the ATT&CK Framework 
  • Competent with basic Windows and Linux command-line tools 
  • We highly recommend taking the ATT&CK Adversary Emulation Fundamentals course to facilitate success
  • (Recommended) Familiarity with common red team tools and techniques (example: Metasploit) 
  • (Recommended) An understanding of cyber threat intelligence practices through the ATT&CK Cyber Threat intelligence course 

ATT&CK Threat Hunting Detection Engineering Certification and Training Program

Threat Hunting Addressing Data Collection Gaps Badge Threat Hunting Application Badge Threat Hunting Data Collection Requirements Badge Threat Hunting Fundamentals Badge Threat Hunting Hypotheses Badge Threat Hunting Tuning Analytics Badge

The program enables defenders to demonstrate foundational knowledge that supports the execution of a six-step TTP-based hunting methodology centered on the use of the ATT&CK Framework. It is designed for practitioners who can apply a solid understanding of the ATT&CK Framework, adversarial behaviors of interest, and possess the ability to articulate hunt-directing hypotheses that inform the development of written analytics that drive information needs and data collection requirements. The credential verifies the ability to apply the TTP-based hunting methodology and supports dedication to securing critical networks and systems against attacks from advanced cyber adversaries. 

Stay Informed

Sign up for news about MITRE Engenuity and the critical technical challenges facing our nation and world.