Features Threat Library Pricing Why CyberThreatBase
MITRE ATT&CK® Framework v14  ·  360+ Techniques

Master Every
Cyber Attack
Technique Known.

The cyber threat intelligence platform for anyone entering or advancing in cybersecurity. 360+ MITRE ATT&CK techniques. In-depth analysis, real-world case studies, and career guidance.

360+
TECHNIQUES
14
TACTIC GROUPS
20+
SIMULATORS
£45k+
AVG ANALYST SALARY
THREATLENS — TECHNIQUE BROWSER
◆  FREE ACCESS
📨
Phishing
T1566 · Initial Access
CRITICAL
🧠
OS Credential Dumping
T1003 · Credential Access
CRITICAL
🔒
Data Encrypted for Impact
T1486 · Impact
CRITICAL
🔒  PRO — 355+ MORE
💉
Process Injection
T1055 · Privilege Escalation
🔒
🌳
Rootkit
T1014 · Defense Evasion
🔒
Unlock All 360+ Techniques
From £2.99 per month  ·  Cancel anytime
BUILT ON THE FRAMEWORK USED BY
MITRE CORPORATION CISA NCSC UK NATO CCDCOE SANS INSTITUTE NIST

What You Get

Not another tutorial.
A real intelligence platform.

CyberThreatBase is built around one question: what would an actual SOC analyst, pen tester, or threat hunter need to know? Everything else is noise.

Attack Simulator
Play as the attacker. Make real decisions at each step of a live breach: Podesta phishing, LockBit ransomware, SolarWinds. See what defenders see in their SIEM simultaneously. No other platform offers this.
🔬
Detection Lab
Analyse real Sysmon, Windows Event, and proxy logs from actual attack scenarios. Answer questions like a Tier 2 analyst. Immediate feedback explains exactly why. Teaching pattern recognition, not just theory.
🗺️
Kill Chain Visualisation
Every technique is mapped to its exact position in the MITRE ATT&CK kill chain. See which phases come before, which follow, and how attackers chain techniques together in real operations.
🌍
Named Breach Case Studies
Not hypotheticals. The 2016 DNC hack. Colonial Pipeline. Log4Shell. WannaCry NHS. MOVEit. Each technique is anchored to a real, documented incident with verified facts and specific consequences.
🧠
Practitioner-Level Analysis
Attack mechanics, detection logic with exact Windows Event IDs and Sysmon rules, mitigation playbooks with CIS Control mappings, and the specific tools attackers use: Mimikatz, BloodHound, Cobalt Strike, Rclone.
💼
Career & Salary Intelligence
Role-specific salary ranges, certification roadmaps (OSCP, GIAC, SANS, CompTIA), and exactly which techniques each job title uses daily. Built for career changers and professionals looking to level up.
🏛️
Trusted by governments worldwideThe MITRE ATT&CK framework used by FBI, NSA, NCSC, GCHQ and NATO.
📖
Plain English throughoutNo jargon. No prerequisites. Expert knowledge made accessible.
⚔️
Complete ATT&CK coverage360+ techniques across all 14 MITRE tactic categories.
🆓
Free to start todayNo credit card required. Upgrade only when you are ready.

Why CyberThreatBase

Every resource out there explains what attacks are.
We show you how they actually happen.

Area
❌  Everywhere Else
✓  CyberThreatBase
Content
Generic explanations copied from vendor blogs
Practitioner-written — used by working SOC analysts and pen testers
Real incidents
Hypothetical scenarios. No named breach.
Podesta, Colonial Pipeline, LockBit, SolarWinds — verified and documented
Tooling
Theory only. No real attacker tools mentioned.
Mimikatz, BloodHound, Cobalt Strike, Rclone — how they work and how to catch them
Interactivity
Passive reading. No exercises or practice.
Attack Simulator and Detection Lab on every single technique
Career
Generic cert lists. No salary benchmarks.
Role-specific paths with UK and US salary ranges per technique
Currency
Often years out of date
Built on MITRE ATT&CK v14. The live standard used by every government security team.
🎓
Career Changers
Breaking into cybersecurity from another field. CyberThreatBase gives you the practitioner knowledge that certifications don't give you. What you need to pass interviews and perform on day one.
🔵
SOC Analysts
Tier 1 and Tier 2 analysts who need to understand what they're detecting. Not just that an alert fired, but why it matters and what comes next in the attack chain.
🔴
Pen Testers
Offensive practitioners who need deep knowledge of every MITRE technique: attack mechanics, tooling, and the detection signatures defenders are looking for.
🏢
Security Leaders
CISOs and security managers who need to brief boards, justify budgets, and understand the threat landscape at the level their teams work at every day.

Pricing

Simple, transparent pricing.

Less than a coffee a week. More valuable than most paid courses.

FREE
Free

Start exploring immediately. No credit card, no commitment.

  • 20 techniques free on sign-up
  • Attack chain & kill chain map
  • Real-world case studies
  • Attack Simulator & Detection Lab
  • All 360+ techniques
  • Full mitigation playbooks
  • All 360+ techniques
  • Career and salary guides
Most Popular
PRO
£ 2.99 /month

Everything you need to go from beginner to job-ready security analyst.

  • All 360+ techniques
  • Attack Simulator on every technique
  • Detection Lab with real log exercises
  • Full kill chain maps and attack chains
  • Complete mitigation playbooks
  • Attacker tools database
  • Career and salary guides
  • Cancel anytime, no commitment
ENTERPRISE
Custom

For SOC teams, training academies, and organisations deploying at scale.

  • Everything in Pro
  • Unlimited team members
  • Team progress dashboards
  • Custom learning pathways
  • API access for integrations
  • SSO and SAML authentication
  • Dedicated account manager
  • Invoice and PO billing

🔒  Secure checkout  ·  Cancel anytime  ·  Prices in GBP  ·  Secure checkout via Stripe

HAVE A PROMO CODE?

What You'll Learn

The knowledge that gets you hired and promoted

Cybersecurity is one of the fastest-growing, highest-paying sectors in the UK and globally. CyberThreatBase gives you the practical knowledge employers actually test for.

360+
ATTACK TECHNIQUES COVERED
14
MITRE TACTIC CATEGORIES
£45k+
AVG ANALYST SALARY UK
3.5M
GLOBAL JOBS UNFILLED IN CYBER

UK & US Salary Ranges by Role

SOC ANALYST (TIER 1)
£28–45k
$55–80k US
ENTRY LEVEL
SOC ANALYST (TIER 2)
£40–65k
$75–115k US
MID LEVEL
PENETRATION TESTER
£50–90k
$100–200k US
MID–SENIOR
INCIDENT RESPONDER
£60–140k
$90–160k US
MID–SENIOR

Salary data based on 2024–2025 UK and US job market figures. Individual salaries vary by employer, location, and experience.

What You'll Actually Learn

🧠
How Real Attacks Work

Every technique is explained from first principles: what the attacker does, why it works, and what they gain. Not theory. Not textbook definitions. The mechanics that matter in real incidents.

Attack chains Attacker tools Case studies
🔵
How to Detect & Stop Them

For every attack, a practical defence. Specific Windows Event IDs, SIEM queries, EDR behavioural rules, and compensating controls. Content you can actually use in a SOC or architecture review.

SIEM queries Event IDs EDR rules
🌍
Lessons from Real Breaches

SolarWinds. Colonial Pipeline. Log4Shell. WannaCry. Each technique is anchored in a real-world incident: what happened, how the attack unfolded, and exactly why the defences failed.

Named APT groups Ransomware ops Nation-state TTPs
🎓
Certification-Ready Knowledge

The MITRE ATT&CK framework is core to CompTIA CySA+, GIAC GCIH, GCFA, and SANS FOR508. CyberThreatBase covers every technique those exams test, at the depth they actually need.

CompTIA CySA+ GIAC GCIH SANS FOR508
💼
Career & Salary Intelligence

For every technique, understand which roles use it, which certifications prove your knowledge of it, and what those roles pay in the UK and US. Build a clear path forward..

Role maps Cert pathways Salary data
🚀
Skills That Get You Hired

Employers don't test textbook knowledge. They test whether you can explain how a phishing attack becomes a ransomware deployment, and what you would have done to stop it. That's what this teaches.

Interview prep Practical skills SOC-ready

Get Started Today

Your adversaries study every day.
So should you.

Start building the threat intelligence knowledge that gets you hired. Free to begin, no card required.

No credit card required  ·  Cancel anytime  ·  iOS and Android app coming soon

Welcome back, Analyst 👋

Your cyber threat intelligence command centre. Track your progress and continue where you left off.

TECHNIQUES REVIEWED
0
of 360+ available
TACTICS COVERED
0/14
kill-chain categories
CURRENT PLAN
Free
MEMBER SINCE
Today
founding member
Learning Progress
0% complete
Continue Learning
Browse All →
📋
You haven't explored any techniques yet.
Start with Phishing →
Recommended Certifications
C+
CompTIA CySA+
Blue Team · Intermediate
OS
OSCP
Offensive · Advanced
GC
GIAC GCIH
Incident Response
Quick Start

Threat Library

360+ MITRE ATT&CK techniques · Select one to explore

20 Free 355+ Pro
Showing all techniques
⚔️
Select a technique

Choose any technique from the list to view full technique analysis, real-world case studies, detection rules and career guidance.

💡 Start with Phishing (T1566) · present in over 80% of major breaches
🔒
Pro Technique

Unlock all 360+ techniques with complete technique analysis, detection playbooks, mitigation guides and career intelligence.

Cancel anytime  ·  Secure via Stripe