As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
ID | Name | Platform | Family | Framework |
---|---|---|---|---|
T1595.001_PRE | Active Scanning: Scanning IP Blocks | PRE | Reconnaissance | MITRE ATT&CK |
T1059.009_Azure | Command and Scripting Interpreter: Cloud API | Entra ID | Execution | MITRE ATT&CK |
T1556.007 | Modify Authentication Process: Hybrid Identity | Entra ID | Credential Access, Defense Evasion, Persistence | MITRE ATT&CK |
T1098.003_Azure | Account Manipulation: Additional Cloud Roles (Azure) | Entra ID | Persistence, Privilege Escalation | MITRE ATT&CK |
T1484.002_Azure | Domain Policy Modification: Trust Modification(Azure) | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1069.003_Azure | Permission Groups Discovery:Cloud Groups(Azure) | Entra ID | Discovery | MITRE ATT&CK |
T1098.001_Azure | Account Manipulation: Additional Cloud Credentials | Entra ID | Persistence | MITRE ATT&CK |
T0846_ICS | Remote System Discovery | OT | Discovery | MITRE ATT&CK |
T0814_ICS | Denial of Service | OT | Inhibit Response Function | MITRE ATT&CK |
T0891_ICS | Hardcoded Credentials | OT | Lateral Movement, Persistence | MITRE ATT&CK |
T1615_Windows | Group Policy Discovery | Windows | Discovery | MITRE ATT&CK |
T0812_ICS | Default Credentials | OT | Lateral Movement | MITRE ATT&CK |
T0843_ICS | Program Download | OT | Lateral Movement | MITRE ATT&CK |
T0866_ICS | Exploitation of Remote Services | OT | Initial Access, Lateral Movement | MITRE ATT&CK |
T1499.004 | Endpoint Denial of Service: Application or System Exploitation | Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Impact | MITRE ATT&CK |
T1548.005_Azure | Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
1078.001 | Valid Accounts: Default Accounts | Azure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1078.004_Azure | Valid Accounts: Cloud Accounts | Entra ID | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1087.004_Azure | Account Discovery:Cloud Account(Azure) | Entra ID | Discovery | MITRE ATT&CK |
T1606.002_Azure | Forge Web Credentials:SAML Tokens(Azure) | Entra ID | Credential Access | MITRE ATT&CK |
T0820_ICS | Exploitation for Evasion | OT | Evasion | MITRE ATT&CK |
T1078.001_ICS | Valid Accounts: Default Accounts | Azure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1133_Azure | Exploit Public-Facing Application (Azure) | Entra ID | Initial Access, Persistence | MITRE ATT&CK |
T1592.002_PRE | Gather Victim Host Information: Software | PRE | Reconnaissance | MITRE ATT&CK |
T1059.004_Linux | Command and Scripting Interpreter: Unix Shell | Linux | Execution | MITRE ATT&CK |
T1190_Aws | Exploit Public-Facing Application (Aws) | Aws | Initial Access, Persistence | MITRE ATT&CK |
T1218.007_Windows | System Binary Proxy Execution: Msiexec | Windows | Defense Evasion | MITRE ATT&CK |
T1219_Windows | Remote Access Software | Windows | Command and Control | MITRE ATT&CK |
T1003.008_Windows | OS Credential Dumping: /etc/passwd and /etc/shadow | Linux | Credential Access | MITRE ATT&CK |
T1552.002_Windows | Unsecured Credentials: Credentials in Registry | Windows | Credential Access | MITRE ATT&CK |
T1574.010_Windows | Hijack Execution Flow: Services File Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1053.005_Windows | Scheduled Task/Job: Scheduled Task | Windows | Execution, Persistence, Privilege Escalation | MITRE ATT&CK |
T1059.003_Windows | Command and Scripting Interpreter: Windows Command Shell | Windows | Execution | MITRE ATT&CK |
T1550.001_Windows | Material: Application Access Token | Windows | Lateral Movement, Defense Evasion | MITRE ATT&CK |
T1580_AWS | Cloud Infrastructure Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
T1555.004_Windows | Credentials from Password Stores: Windows Credential Manager | Windows | Credential Access | MITRE ATT&CK |
T1059.005_Windows | Command and Scripting Interpreter: Visual Basic | Windows | Execution | MITRE ATT&CK |
T1110.004_Windows | Brute Force: Credential Stuffing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1619_AWS | Cloud Storage Object Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
T1098.001_AWS | Account Manipulation: Additional Cloud Credentials | AWS | Persistence | MITRE ATT&CK |
T1530_AWS | Data from Cloud Storage Object (AWS) | AWS | Collection | MITRE ATT&CK |
T1648_AWS | Serverless Execution | AWS | Execution | MITRE ATT&CK |
T1049_Windows | System Network Connections Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1537_AWS | Transfer Data to Cloud Account | AWS | Exfiltration | MITRE ATT&CK |
T1133_AWS | External Remote Services | Windows | Initial Access, Persistence | MITRE ATT&CK |
T1136.003_AWS | Create Account: Cloud Account | AWS | Persistence | MITRE ATT&CK |
T1204_AWS | User Execution | AWS | Execution | MITRE ATT&CK |
T1528_AWS | Steal Application Access Token (AWS) | AWS | Collection | MITRE ATT&CK |
T1069.003_AWS | Permission Groups Discovery: Cloud Groups (AWS) | AWS | Discovery | MITRE ATT&CK |