PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Understanding Hacker Methodology

The more you know about how an attacker attacks, the better you can defend against it.

Like a politician preparing arguments for an upcoming debate against an opponent or like an NFL defense watching tape of the opposing quarterback and his tendencies, it is all about preparing for the strategies you will face.

Defending against hackers is the same way – understanding how hackers think and the methods they use to exploit systems is critical to defending against them.

Fortunately, the MITRE ATT&CK framework has created a fantastic resource that breaks hacker methods down into distinct techniques and phases:

  • Reconnaissance
  • Resource Development
  • Initial Access
  • Execution
  • Persistence
  • Privilege Escalation
  • Defense Evasion
  • Credential Access
  • Discovery
  • Lateral Movement
  • Collection
  • Command and Control
  • Exfiltration
  • Impact

Using this framework, security teams can better understand how hackers think and analyze their security defenses across the different phases of attacks.

To learn more about the ATT&CK framework, see MITRE’s website at:

And, if you want to verify that your security controls catch all of these techniques, contact us today:

If you are looking for a reliable and experienced offensive security service that provides Rock Solid Security, look no further than PEN Consultants for all your information and cybersecurity testing needs. Contact us: