TTPs: Tactics, Techniques & Procedures

TTPs refer to activities and patters that attackers or group (including APT) will utilize.

They are useful to profile attackers.

TTPs can be found online. This can help get an idea of who’s coming at you.


Way the attacker operates during the different phases of the attack.

Using the tactics we can profile the attackers, the methods they typically follow for the initial compromise. Some may only use OSINT while other may only use social engineering or pivoting from a third party into an organization.

Understanding tactics helps anticipate attackers next move by understanding their tactics.


Specific techniques used, including how did they initially do the exploitation? What was the setup to maintaining the C&Cs?


The sequence of actions that are performed by attackers to gain or achieve certain goals throughout their attack life cycle.