An attack framework is a structured knowledge base in cybersecurity that systematically catalogs the tactics, techniques, and procedures (TTPs) employed by threat actors during cyberattacks. It provides organizations with a common language and comprehensive understanding of how adversaries plan and execute malicious operations across the entire attack lifecycle—from initial reconnaissance and access through privilege escalation, lateral movement, and data exfiltration.

These frameworks serve as essential tools for threat intelligence, risk management, and defensive strategy development. By mapping documented adversary behaviors against existing security controls, organizations can identify gaps in their defenses, prioritize remediation efforts, and fine-tune incident response protocols. Popular examples include MITRE ATT&CK and the Cyber Kill Chain, which enable security teams to evaluate their posture from an attacker's perspective and build more resilient, adaptive cybersecurity environments.