diff --git a/skills/deploying-osquery-for-endpoint-monitoring/SKILL.md b/skills/deploying-osquery-for-endpoint-monitoring/SKILL.md
index 7418822a..61dd827d 100644
--- a/skills/deploying-osquery-for-endpoint-monitoring/SKILL.md
+++ b/skills/deploying-osquery-for-endpoint-monitoring/SKILL.md
@@ -9,6 +9,7 @@ description: >
 domain: cybersecurity
 subdomain: endpoint-security
 tags: [endpoint, osquery, endpoint-monitoring, threat-hunting, fleet-management]
+mitre_attack: ["T1547", "T1049", "T1620", "T1053.003", "T1548.001", "T1552"]
 version: 1.0.0
 author: mahipal
 license: Apache-2.0
diff --git a/skills/extracting-credentials-from-memory-dump/SKILL.md b/skills/extracting-credentials-from-memory-dump/SKILL.md
index f0e60b50..08d88395 100644
--- a/skills/extracting-credentials-from-memory-dump/SKILL.md
+++ b/skills/extracting-credentials-from-memory-dump/SKILL.md
@@ -4,6 +4,7 @@ description: Extract cached credentials, password hashes, Kerberos tickets, and
 domain: cybersecurity
 subdomain: digital-forensics
 tags: [forensics, credential-extraction, memory-forensics, volatility, mimikatz, password-hashes, incident-response]
+mitre_attack: ["T1003", "T1558", "T1552"]
 version: "1.0"
 author: mahipal
 license: Apache-2.0
diff --git a/skills/performing-malware-persistence-investigation/SKILL.md b/skills/performing-malware-persistence-investigation/SKILL.md
index 738c1432..00f1925b 100644
--- a/skills/performing-malware-persistence-investigation/SKILL.md
+++ b/skills/performing-malware-persistence-investigation/SKILL.md
@@ -4,6 +4,7 @@ description: Systematically investigate all persistence mechanisms on Windows an
 domain: cybersecurity
 subdomain: digital-forensics
 tags: [forensics, malware-persistence, autoruns, registry, scheduled-tasks, rootkit-detection, incident-response]
+mitre_attack: ["T1547.001", "T1053.005", "T1543.003", "T1546.003", "T1574"]
 version: "1.0"
 author: mahipal
 license: Apache-2.0