Supply Chain Compromise: Compromise Software Supply Chain


Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanSMBList of SoftwarePlugin ID: 20811
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesUnauthenticated or Authenticated ScanAnyVulnerabilities


Microsoft Windows Installed Software Enumeration

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Initial Access

Platform: Windows

Tenable Release Date: 2022 Q2