TTPs (Tactics, techniques and procedures)

DEFINITION: TTPs (Tactics, techniques and procedures)

TTPs analyze how a malicious actor operates, they describe how cyber attackers orchestrate, execute and manage operational attacks. TTPs contextualize a threat. They reveal the steps or actions taken by malicious actors when exfiltrating data, for example.

Learn more about the TTPs

To understand and fight your enemy you need to understand their techniques, tactics and procedures.

Tactical: This is the way the threat actor operates. It is the highest level of behavior.

Example the attacker uses social engineering, or physical infiltration into an organization, information gathered from the Internet…or the attacker can use Zero-Day vulnerabilities, or his own tools…

Technical: corresponds to the tools used for information gathering or compromise. This is a more detailed description.

Procedure : it is a special sequence of actions


According to the Definitive Guide to Cyber Threat Intelligence, they are “patterns of activities or methods associated with a specific threat actor or group of threat actors“.

To explore the subject

These other words will help your cyber understanding.


Typosquatting is a form of cybercrime based on social engineering. Typosquatting uses altered or...

Cyber or not cyber ?

Une fois par mois, soyez au courant de l’actualité cyber en vous abonnant à la newsletter TEHTRIS.