Detections
Analytics

Attack Path Techniques Search

IDNamePlatformFamilyFramework
T0891_ICSHardcoded CredentialsOTLateral Movement, PersistenceMITRE ATT&CK
T1078.002_WindowsValid Accounts: Domain AccountsWindowsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1133_AWSExternal Remote ServicesWindowsInitial Access, PersistenceMITRE ATT&CK
T0812_ICSDefault CredentialsOTLateral MovementMITRE ATT&CK
T0843_ICSProgram DownloadOTLateral MovementMITRE ATT&CK
T0866_ICSExploitation of Remote ServicesOTInitial Access, Lateral MovementMITRE ATT&CK
T1069.002_WindowsPermission Groups Discovery: Domain GroupsWindowsDiscoveryMITRE ATT&CK
T1528_AWSSteal Application Access Token (AWS)AWSCollectionMITRE ATT&CK
T1550.001_WindowsMaterial: Application Access TokenWindowsLateral Movement, Defense EvasionMITRE ATT&CK
T1003.003_WindowsOS Credential Dumping: NTDSWindowsCredential AccessMITRE ATT&CK
T1484.002_AzureDomain Policy Modification: Trust Modification(Azure)Entra IDDefense Evasion, Privilege EscalationMITRE ATT&CK
T1557.001_WindowsAdversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB RelayWindowsCredential Access, CollectionMITRE ATT&CK
T0820_ICSExploitation for EvasionOTEvasionMITRE ATT&CK
T0845_ICSProgram UploadOTCollectionMITRE ATT&CK
T1133_AzureExternal Remote ServicesWindowsInitial Access, PersistenceMITRE ATT&CK
T1592.002_PREGather Victim Host Information: SoftwarePREReconnaissanceMITRE ATT&CK
T1595.001_PREActive Scanning: Scanning IP BlocksPREReconnaissanceMITRE ATT&CK
T1078.004_AzureValid Accounts: Cloud AccountsEntra IDDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1098.001_AzureAccount Manipulation: Additional Cloud CredentialsEntra IDPersistenceMITRE ATT&CK
T1021.007_AzureRemote Services: Cloud ServicesAzureLateral MovementMITRE ATT&CK
T1059.009_AzureCommand and Scripting Interpreter: Cloud APIEntra IDExecutionMITRE ATT&CK
T1087.004_AzureAccount Discovery:Cloud Account(Azure)Entra IDDiscoveryMITRE ATT&CK
T1110.004_WindowsBrute Force: Credential Stuffing (Windows)WindowsCredential AccessMITRE ATT&CK
T1556.007Modify Authentication Process: Hybrid IdentityEntra IDCredential Access, Defense Evasion, PersistenceMITRE ATT&CK
T1558.001_WindowsSteal or Forge Kerberos Tickets: Golden TicketWindowsCredential AccessMITRE ATT&CK
T0846_ICSRemote System DiscoveryOTDiscoveryMITRE ATT&CK
T1069.003_AzurePermission Groups Discovery:Cloud Groups(Azure)Entra IDDiscoveryMITRE ATT&CK
T1134.005_WindowsAccess Token Manipulation: SID-History InjectionWindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
T1530_AWSData from Cloud Storage Object (AWS)AWSCollectionMITRE ATT&CK
T1537Transfer Data to Cloud AccountCloudExfiltrationMITRE ATT&CK
T1555.006Cloud Secrets Management StoresCloudCredential AccessMITRE ATT&CK
T1558.004_WindowsSteal or Forge Kerberos Tickets: AS-REP RoastingWindowsCredential AccessMITRE ATT&CK
T1037.003_WindowsBoot or Logon Initialization Scripts: Network Logon Script (Windows)WindowsPersistence, Privilege EscalationMITRE ATT&CK
T1069.003_AWSPermission Groups Discovery: Cloud Groups (AWS)AWSDiscoveryMITRE ATT&CK
T1082System Information DiscoveryCLOUD, WindowsDiscoveryMITRE ATT&CK
T1484.001_WindowsDomain Policy Modification: Group Policy ModificationWindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
T1580_AWSCloud Infrastructure Discovery(AWS)AWSDiscoveryMITRE ATT&CK
T1615_WindowsGroup Policy DiscoveryWindowsDiscoveryMITRE ATT&CK
T1098.001_AWSAccount Manipulation: Additional Cloud CredentialsAWSPersistenceMITRE ATT&CK
T1098.003_AzureAccount Manipulation: Additional Cloud Roles (Azure)Entra IDPersistence, Privilege EscalationMITRE ATT&CK
T1190_WASExploit Public-Facing ApplicationWeb ApplicationInitial AccessMITRE ATT&CK
WAS.113317Expression Language InjectionWeb ApplicationInjectionOWASP
WAS.98115SQL InjectionWeb ApplicationInjectionOWASP
WAS.98116NoSQL InjectionWeb ApplicationInjectionOWASP
WAS.98120Code InjectionWeb ApplicationInjectionOWASP
WAS.113069SQL Injection Authentication BypassWeb ApplicationInjectionOWASP
WAS.98114XPath InjectionWeb ApplicationInjectionOWASP
WAS.98123Operating System Command InjectionWeb ApplicationInjectionOWASP
WAS.98623Host Header InjectionWeb ApplicationInjectionOWASP
T1526Cloud Service DiscoveryEntra IDDiscoveryMITRE ATT&CK