The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a globally accessible knowledge base documenting adversary tactics and techniques based on real-world observations. Created by MITRE Corporation in 2013, ATT&CK has become the industry standard for understanding and communicating cyber threat behaviors across three primary matrices: Enterprise (covering Windows, macOS, Linux, cloud, and containers), Mobile (iOS and Android), and ICS (Industrial Control Systems). The framework organizes adversary behaviors into 14 tactical objectives spanning the attack lifecycle—from reconnaissance through impact—with each tactic containing multiple techniques and sub-techniques that describe specific methods attackers use. What makes ATT&CK uniquely valuable is its behavior-centric approach: rather than focusing on indicators of compromise or specific malware families, it maps how adversaries operate, enabling defenders to build detections that remain effective even when attacker tooling changes.