T1087.004_AWS | Account Discovery: Cloud Account (AWS) | AWS | Discovery | MITRE ATT&CK |
T1204.002_AWS | User Execution: Malicious File (AWS) | AWS | Execution | MITRE ATT&CK |
T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
T1648_AWS | Serverless Execution | AWS | Execution | MITRE ATT&CK |
T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
T1133_Azure | Exploit Public-Facing Application (Azure) | Azure | Initial Access, Persistence | MITRE ATT&CK |
T1048.003_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1059.003_Windows | Command and Scripting Interpreter: Windows Command Shell | Windows | Execution | MITRE ATT&CK |
T1078.003_Windows | Valid Accounts: Local Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1133_AWS | External Remote Services | Windows | Initial Access, Persistence | MITRE ATT&CK |
T1495_Windows | Firmware Corruption | Windows | Impact | MITRE ATT&CK |
T1203_Windows | Exploitation for Client Execution (Windows) | Windows | Execution | MITRE ATT&CK |
T1530_AWS | Data from Cloud Storage Object (AWS) | AWS | Collection | MITRE ATT&CK |
T1012_Windows | Query Registry | Windows | Discovery | MITRE ATT&CK |
T1574.011_Windows | Hijack Execution Flow: Services Registry Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
WAS.113317 | Expression Language Injection | Web Application | Injection | OWASP |
WAS.98115 | SQL Injection | Web Application | Injection | OWASP |
WAS.98116 | NoSQL Injection | Web Application | Injection | OWASP |
WAS.98120 | Code Injection | Web Application | Injection | OWASP |
T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
T1007_Windows | System Service Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1040_Windows | Network Sniffing (Windows) | Windows | Credential Access, Discovery | MITRE ATT&CK |
T1048.001_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1069.001_Windows | Permission Groups Discovery: Local Groups | Windows | Discovery | MITRE ATT&CK |
T1195.002_Windows | Supply Chain Compromise: Compromise Software Supply Chain | Windows | Initial Access | MITRE ATT&CK |
T1518.001_Windows | Software Discovery: Security Software Discovery | Windows | Discovery | MITRE ATT&CK |
T1550.001_Windows | Material: Application Access Token | Windows | Lateral Movement, Defense Evasion | MITRE ATT&CK |
T1069.003_AWS | Permission Groups Discovery: Cloud Groups (AWS) | AWS | Discovery | MITRE ATT&CK |
T1212_Windows | Exploitation for Credential Access (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1528_AWS | Steal Application Access Token (AWS) | AWS | Collection | MITRE ATT&CK |
T1580_AWS | Cloud Infrastructure Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
WAS.113634 | Server-Side Inclusion Injection | Web Application | Injection | OWASP |
WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
T1592.002_PRE | Gather Victim Host Information: Software | PRE | Reconnaissance | MITRE ATT&CK |
WAS.98114 | XPath Injection | Web Application | Injection | OWASP |
WAS.98123 | Operating System Command Injection | Web Application | Injection | OWASP |
WAS.98113 | XML External Entity | Web Application | Injection | OWASP |
WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |
WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |