Meanwhile, many defenders have accepted that prevention does not always work. Therefore, it becomes critical to detect intrusions quickly. But what attacks can we already discover using existing data sources? What should we prioritize next? And which capabilities can we enhance?MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a knowledge base and model for adversary behavior. It focuses on the various (post-compromise) phases of an adversary.In this talk, I’ll present the ATT&CK™ model and possible ways of using it to evaluate, prioritize and improve defense capabilities.