Tactics, Techniques, and Procedures (TTP)

Tactics, Techniques, and Procedures (TTP) is the method used by IT and military professionals to determine the behavior of a threat actor (hacker).

These three elements help you understand your adversaries better. While each element is important by itself, by studying all three elements, attacks can more easily be hunted down, identified, and neutralized. Knowing a hacker’s TTP’s can help you identify attacks early enabling you to neutralize them before significant damage is done. Read on for detailed descriptions of each component:

Tactics – Generic, beginning-to-end strategies hackers follow to accomplish their goals. This is the “what” a cyberattack’s goal is. Hackers often steal critical data to monetize via online dark web forums.

Techniques – Non-specific, common methods or tools that a criminal will use to compromise your information. This is “how” cyberattacks are conducted. An example would be phishing users via email attachments or malicious links.
Procedures – Step-by-step orchestration of an attack. Procedures are often the best way to profile an attacker. Various hacking groups follow common procedures such as reconnaissance, then enumeration, then attack.