Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

RSS Feeds

Search

IDNamePlatformFamilyFramework
T1049_WindowsSystem Network Connections Discovery (Windows)WindowsDiscoveryMITRE ATT&CK
T1537_AWSTransfer Data to Cloud AccountAWSExfiltrationMITRE ATT&CK
T1619_AWSCloud Storage Object Discovery (AWS)AWSDiscoveryMITRE ATT&CK
T1133_AWSExternal Remote ServicesWindowsInitial Access, PersistenceMITRE ATT&CK
T1530_AWSData from Cloud Storage Object (AWS)AWSCollectionMITRE ATT&CK
T1069.003_AWSPermission Groups Discovery: Cloud Groups (AWS)AWSDiscoveryMITRE ATT&CK
T1136.003_AWSCreate Account: Cloud AccountAWSPersistenceMITRE ATT&CK
T1204_AWSUser ExecutionAWSExecutionMITRE ATT&CK
T1528_AWSSteal Application Access Token (AWS)AWSCollectionMITRE ATT&CK
T1204.002_AWSUser Execution: Malicious File (AWS)AWSExecutionMITRE ATT&CK
T1087.004_AWSAccount Discovery: Cloud Account (AWS)AWSDiscoveryMITRE ATT&CK
T1098.003_AWSAccount Manipulation: Additional Cloud Roles (AWS)AWSCollectionMITRE ATT&CK
T1133_WindowsExternal Remote Services (Windows)WindowsPersistence, Initial AccessMITRE ATT&CK
T1611_AWSEscape to Host (AWS)AWSDiscoveryMITRE ATT&CK
T1048.002_WindowsExfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (Windows)WindowsExfiltrationMITRE ATT&CK
T1048.003_WindowsExfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows)WindowsExfiltrationMITRE ATT&CK
T1048.001_WindowsExfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol (Windows)WindowsExfiltrationMITRE ATT&CK
T1021.002_WindowsRemote Services: SMB/Windows Admin SharesWindowsLateral MovementMITRE ATT&CK
T1047_WindowsWindows Management InstrumentationWindowsExecutionMITRE ATT&CK
T1110.001_WindowsBrute Force: Password Guessing (Windows)WindowsCredential AccessMITRE ATT&CK
T1110.003_WindowsBrute Force: Password Spraying (Windows)WindowsCredential AccessMITRE ATT&CK
T1211_WindowsExploitation for Defense Evasion (Windows)WindowsDefense EvasionMITRE ATT&CK
T1203_WindowsExploitation for Client Execution (Windows)WindowsExecutionMITRE ATT&CK
T1558.004_WindowsSteal or Forge Kerberos Tickets: AS-REP RoastingWindowsCredential AccessMITRE ATT&CK
T1574.011_WindowsHijack Execution Flow: Services Registry Permissions WeaknessWindowsPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
T1212_WindowsExploitation for Credential Access (Windows)WindowsCredential AccessMITRE ATT&CK
T1548_WindowsAbuse Elevation Control MechanismWindowsPrivilege Escalation, Defense EvasionMITRE ATT&CK
T1003.006_WindowsOS Credential Dumping: DCSyncWindowsCredential AccessMITRE ATT&CK
T1021.001_WindowsRemote Services: Remote Desktop ProtocolWindowsLateral MovementMITRE ATT&CK
T1021.006_WindowsRemote Services: Windows Remote ManagementWindowsLateral MovementMITRE ATT&CK
T1068_WindowsExploitation for Privilege Escalation (Windows)WindowsPrivilege EscalationMITRE ATT&CK
T1110.002_WindowsBrute Force: Password Cracking (Windows)WindowsCredential AccessMITRE ATT&CK
T1210_WindowsExploitation of Remote Services (Windows)WindowsLateral MovementMITRE ATT&CK
T1003.001_WindowsOS Credential Dumping: LSASS MemoryWindowsCredential AccessMITRE ATT&CK
T1003.002_WindowsOS Credential Dumping: Security Account ManagerWindowsCredential AccessMITRE ATT&CK
T1135_WindowsNetwork Share Discovery (Windows)WindowsDiscoveryMITRE ATT&CK
T1482_WindowsDomain Trust DiscoveryWindowsDiscoveryMITRE ATT&CK
T1059.001_WindowsCommand and Scripting Interpreter: PowerShell (Windows)WindowsExecutionMITRE ATT&CK
T1547.002_WindowsBoot or Logon Autostart Execution: Authentication PackageWindowsPersistence, Privilege EscalationMITRE ATT&CK
T1547.005_WindowsBoot or Logon Autostart Execution: Security Support ProviderWindowsPersistence, Privilege EscalationMITRE ATT&CK
T1557.001_WindowsAdversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB RelayWindowsCredential Access, CollectionMITRE ATT&CK
T1003.003_WindowsOS Credential Dumping: NTDSWindowsCredential AccessMITRE ATT&CK
T1012_WindowsQuery RegistryWindowsDiscoveryMITRE ATT&CK
T1078.002_WindowsValid Accounts: Domain AccountsWindowsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1078.003_WindowsValid Accounts: Local AccountsWindowsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1495_WindowsFirmware CorruptionWindowsImpactMITRE ATT&CK
T1134.005_WindowsAccess Token Manipulation: SID-History InjectionWindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
T1069.001_WindowsPermission Groups Discovery: Local GroupsWindowsDiscoveryMITRE ATT&CK
T1195.002_WindowsSupply Chain Compromise: Compromise Software Supply ChainWindowsInitial AccessMITRE ATT&CK
T1518.001_WindowsSoftware Discovery: Security Software DiscoveryWindowsDiscoveryMITRE ATT&CK