Exploit Public-Facing Application

Description

Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management and VNC can also be used externally.

Products, Sensors, and Dependencies

Product	Data source	Access required	Protocol	Data Collected
Tenable Web App Scanning	Web Applications	Read-only	Any	Injection OR XXE Vulnerabilities
Tenable Vulnerability Management	Cloud instances	Read-only	Any	Vulnerabilities
Tenable Cloud Security	IaaS	Read-only	Any	Security Groups
Tenable Vulnerability Management	Computers	Read-only	Any	Vulnerabilities
Tenable Attack Surface Management	External Assets	Read-only	Any	External Assets
Tenable Web App Scanning	Web Applications	Read-only	Any	Injection OR XXE Vulnerabilities
Tenable Cloud Security	IaaS	Read-only	Any	Cloud Network data
Tenable Web App Scanning	Web Applications	Read-only	Any	Injection OR XXE Vulnerabilities
Tenable Cloud Security	IaaS	Read-only	Any	Cloud Network data

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Initial Access, Persistence

Technique: Exploit Public-Facing Application

Products Required: Tenable Vulnerability Management or Tenable Cloud Security or Tenable Web App Scanning or Tenable Attack Surface Management

Detections

Analytics

Exploit Public-Facing Application

Description

Products, Sensors, and Dependencies

Attack Path Technique Details