
Mar 12, 2024
Cybersecurity training aligned with the MITRE ATT&CK framework
The MITRE ATT&CK framework was developed in 2013 as a knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is a foundation for specific threat models and methodologies in the private sector, government, and cybersecurity product and service community. This MITRE ATT&CK Enterprise framework is used by many of
The MITRE ATT&CK framework was developed in 2013 as a knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is a foundation for specific threat models and methodologies in the private sector, government, and cybersecurity product and service community.
This MITRE ATT&CK Enterprise framework is used by many of our customers to understand their teams’ existing skills and develop new learning plans to address skill gaps and protect the organization’s attack surface.
As we continue to meet our mission to empower individuals and organizations to fight cyber threats with indispensable cybersecurity skills and resources, we’ve developed 12 learning paths that are aligned with the MITRE ATT&CK framework. OffSec training and content cover nearly 70% of the skills required to match the entire attack framework. With these new learning paths, team leaders can:
- Identify skill gaps based on current training achievements
- Develop training plans for new and existing employees
- Achieve compliance goals by identifying skills proficiencies
The 12 learning paths cover the following MITRE techniques:
- Reconnaissance
- Resource development
- Initial access
- Execution
- Persistence
- Privledge escalation
- Defense evasion
- Credential access
- Discovery
- Lateral movement
- Collection
- Command and control
These 12 MITRE ATT&CK learning paths are available for Learn Enterprise and Learn Unlimited subscribers and great for:
- Offensive security professionals at enterprises that require training for regulatory compliance
- Cybersecurity team leaders who want to develop MITRE ATT&CK skills
Assess & train cybersecurity teams
Use the MITRE ATT&CK framework to identify skill gaps across teams. Pick the OffSec MITRE ATT&CK Learning Paths that focus on desirable skills. Addressing over 150 MITRE ATT&CK techniques, these learning paths provide teams with text-based training and reinforce training with real-world, hands-on labs.
Achieve regulatory compliance
Leveraging industry-standard frameworks from MITRE, cybersecurity teams can identify risk areas across their organizations. Those same techniques are mapped to the MITRE ATT&CK learning paths from OffSec ensuring teams get proper training to meet compliance requirements for cybersecurity training.
Find out more about these new learning paths.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read