Threat hunting is the proactive, hypothesis-driven search for adversary activity that has slipped past your automated defenses. It assumes breach: rather than waiting for an alert to fire, the hunter forms a theory about how an attacker might be operating in the environment and goes looking for the evidence. The MITRE ATT&CK framework gives this practice a shared vocabulary and a map of real-world adversary behavior, turning vague suspicion into structured, repeatable hunts. This guide walks through the prerequisites, the hunt loop, how to choose what to hunt with ATT&CK, defensive analysis techniques, and how to operationalize wins into lasting detections. It is written for intermediate analysts who already understand their telemetry and want to hunt with discipline rather than improvisation.