Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

Search

IDNamePlatformFamilyFramework
T1595.001_PREActive Scanning: Scanning IP BlocksPREReconnaissanceMITRE ATT&CK
T1059.009_AzureCommand and Scripting Interpreter: Cloud APIEntra IDExecutionMITRE ATT&CK
T1556.007Modify Authentication Process: Hybrid IdentityEntra IDCredential Access, Defense Evasion, PersistenceMITRE ATT&CK
T1098.003_AzureAccount Manipulation: Additional Cloud Roles (Azure)Entra IDPersistence, Privilege EscalationMITRE ATT&CK
T1484.002_AzureDomain Policy Modification: Trust Modification(Azure)Entra IDDefense Evasion, Privilege EscalationMITRE ATT&CK
T1069.003_AzurePermission Groups Discovery:Cloud Groups(Azure)Entra IDDiscoveryMITRE ATT&CK
T1098.001_AzureAccount Manipulation: Additional Cloud CredentialsEntra IDPersistenceMITRE ATT&CK
T0846_ICSRemote System DiscoveryOTDiscoveryMITRE ATT&CK
T0814_ICSDenial of ServiceOTInhibit Response FunctionMITRE ATT&CK
T0891_ICSHardcoded CredentialsOTLateral Movement, PersistenceMITRE ATT&CK
T1615_WindowsGroup Policy DiscoveryWindowsDiscoveryMITRE ATT&CK
T0812_ICSDefault CredentialsOTLateral MovementMITRE ATT&CK
T0843_ICSProgram DownloadOTLateral MovementMITRE ATT&CK
T0866_ICSExploitation of Remote ServicesOTInitial Access, Lateral MovementMITRE ATT&CK
T1499.004Endpoint Denial of Service: Application or System ExploitationAzure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOSImpactMITRE ATT&CK
T1548.005_AzureAbuse Elevation Control Mechanism: Temporary Elevated Cloud AccessEntra IDDefense Evasion, Privilege EscalationMITRE ATT&CK
1078.001Valid Accounts: Default AccountsAzure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOSDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1078.004_AzureValid Accounts: Cloud AccountsEntra IDDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1087.004_AzureAccount Discovery:Cloud Account(Azure)Entra IDDiscoveryMITRE ATT&CK
T1606.002_AzureForge Web Credentials:SAML Tokens(Azure)Entra IDCredential AccessMITRE ATT&CK
T0820_ICSExploitation for EvasionOTEvasionMITRE ATT&CK
T1078.001_ICSValid Accounts: Default AccountsAzure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOSDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1133_AzureExploit Public-Facing Application (Azure)Entra IDInitial Access, PersistenceMITRE ATT&CK
T1592.002_PREGather Victim Host Information: SoftwarePREReconnaissanceMITRE ATT&CK
T1059.004_LinuxCommand and Scripting Interpreter: Unix ShellLinuxExecutionMITRE ATT&CK
T1190_AwsExploit Public-Facing Application (Aws)AwsInitial Access, PersistenceMITRE ATT&CK
T1218.007_WindowsSystem Binary Proxy Execution: MsiexecWindowsDefense EvasionMITRE ATT&CK
T1219_WindowsRemote Access SoftwareWindowsCommand and ControlMITRE ATT&CK
T1003.008_WindowsOS Credential Dumping: /etc/passwd and /etc/shadowLinuxCredential AccessMITRE ATT&CK
T1552.002_WindowsUnsecured Credentials: Credentials in Registry WindowsCredential AccessMITRE ATT&CK
T1574.010_WindowsHijack Execution Flow: Services File Permissions WeaknessWindowsPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
T1053.005_WindowsScheduled Task/Job: Scheduled TaskWindowsExecution, Persistence, Privilege EscalationMITRE ATT&CK
T1059.003_WindowsCommand and Scripting Interpreter: Windows Command ShellWindowsExecutionMITRE ATT&CK
T1550.001_WindowsMaterial: Application Access TokenWindowsLateral Movement, Defense EvasionMITRE ATT&CK
T1580_AWSCloud Infrastructure Discovery(AWS)AWSDiscoveryMITRE ATT&CK
T1552.005_AWSCloud Instance Metadata APIAWSCredential AccessMITRE ATT&CK
T1555.004_WindowsCredentials from Password Stores: Windows Credential ManagerWindowsCredential AccessMITRE ATT&CK
T1059.005_WindowsCommand and Scripting Interpreter: Visual BasicWindowsExecutionMITRE ATT&CK
T1110.004_WindowsBrute Force: Credential Stuffing (Windows)WindowsCredential AccessMITRE ATT&CK
T1619_AWSCloud Storage Object Discovery(AWS)AWSDiscoveryMITRE ATT&CK
T1098.001_AWSAccount Manipulation: Additional Cloud CredentialsAWSPersistenceMITRE ATT&CK
T1530_AWSData from Cloud Storage Object (AWS)AWSCollectionMITRE ATT&CK
T1648_AWSServerless ExecutionAWSExecutionMITRE ATT&CK
T1049_WindowsSystem Network Connections Discovery (Windows)WindowsDiscoveryMITRE ATT&CK
T1537_AWSTransfer Data to Cloud AccountAWSExfiltrationMITRE ATT&CK
T1133_AWSExternal Remote ServicesWindowsInitial Access, PersistenceMITRE ATT&CK
T1136.003_AWSCreate Account: Cloud AccountAWSPersistenceMITRE ATT&CK
T1204_AWSUser ExecutionAWSExecutionMITRE ATT&CK
T1528_AWSSteal Application Access Token (AWS)AWSCollectionMITRE ATT&CK
T1069.003_AWSPermission Groups Discovery: Cloud Groups (AWS)AWSDiscoveryMITRE ATT&CK