Detections
Analytics

Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

RSS Feeds

Search

IDNamePlatformFamilyFramework
T1110.002_WindowsBrute Force: Password Cracking (Windows)WindowsCredential AccessMITRE ATT&CK
T1190_WASExploit Public-Facing ApplicationWeb ApplicationInitial AccessMITRE ATT&CK
T1210_WindowsExploitation of Remote Services (Windows)WindowsLateral MovementMITRE ATT&CK
T1003.001_WindowsOS Credential Dumping: LSASS MemoryWindowsCredential AccessMITRE ATT&CK
T1003.002_WindowsOS Credential Dumping: Security Account ManagerWindowsCredential AccessMITRE ATT&CK
T1003.003_WindowsOS Credential Dumping: NTDSWindowsCredential AccessMITRE ATT&CK
T1059.001_WindowsCommand and Scripting Interpreter: PowerShell (Windows)WindowsExecutionMITRE ATT&CK
T1135_WindowsNetwork Share Discovery (Windows)WindowsDiscoveryMITRE ATT&CK
T1482_WindowsDomain Trust DiscoveryWindowsDiscoveryMITRE ATT&CK
T1547.002_WindowsBoot or Logon Autostart Execution: Authentication PackageWindowsPersistence, Privilege EscalationMITRE ATT&CK
T1547.005_WindowsBoot or Logon Autostart Execution: Security Support ProviderWindowsPersistence, Privilege EscalationMITRE ATT&CK
T1557.001_WindowsAdversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB RelayWindowsCredential Access, CollectionMITRE ATT&CK
WAS.112614Server-Side Template InjectionWeb ApplicationInjectionOWASP
WAS.113162MySQLjs SQL Injection Authentication BypassWeb ApplicationInjectionOWASP
WAS.113310Blind XPath Injection (differential analysis)Web ApplicationInjectionOWASP
WAS.98122Code Injection (Timing Attack)Web ApplicationInjectionOWASP
T1012_WindowsQuery RegistryWindowsDiscoveryMITRE ATT&CK
T1078.002_WindowsValid Accounts: Domain AccountsWindowsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1078.003_WindowsValid Accounts: Local AccountsWindowsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1134.005_WindowsAccess Token Manipulation: SID-History InjectionWindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
T1495_WindowsFirmware CorruptionWindowsImpactMITRE ATT&CK
WAS.113069SQL Injection Authentication BypassWeb ApplicationInjectionOWASP
WAS.113309XPath Injection Authentication BypassWeb ApplicationInjectionOWASP
WAS.98114XPath InjectionWeb ApplicationInjectionOWASP
WAS.98123Operating System Command InjectionWeb ApplicationInjectionOWASP
T1007_WindowsSystem Service Discovery (Windows)WindowsDiscoveryMITRE ATT&CK
T1037.003_WindowsBoot or Logon Initialization Scripts: Network Logon Script (Windows)WindowsPersistence, Privilege EscalationMITRE ATT&CK
T1040_WindowsNetwork Sniffing (Windows)WindowsCredential Access, DiscoveryMITRE ATT&CK
T1069.001_WindowsPermission Groups Discovery: Local GroupsWindowsDiscoveryMITRE ATT&CK
T1069.002_WindowsPermission Groups Discovery: Domain GroupsWindowsDiscoveryMITRE ATT&CK
T1195.002_WindowsSupply Chain Compromise: Compromise Software Supply ChainWindowsInitial AccessMITRE ATT&CK
T1484.001_WindowsDomain Policy Modification: Group Policy ModificationWindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
T1518.001_WindowsSoftware Discovery: Security Software DiscoveryWindowsDiscoveryMITRE ATT&CK
WAS.98113XML External EntityWeb ApplicationInjectionOWASP
WAS.98119Blind NoSQL Injection (differential analysis)Web ApplicationInjectionOWASP
WAS.98121Code Injection (Php://input Wrapper)Web ApplicationInjectionOWASP
WAS.98124Operating System Command Injection (Timing Attack)Web ApplicationInjectionOWASP
T1114.002_WindowsRemote Email CollectionWindowsCollectionMITRE ATT&CK
T1134.001_WindowsAccess Token Manipulation: Token Impersonation/Theft (Windows)WindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
T1207_WindowsRogue Domain ControllerWindowsDefense EvasionMITRE ATT&CK
T1558.003_WindowsSteal or Forge Kerberos Tickets: KerberoastingWindowsCredential AccessMITRE ATT&CK
T1574.007_WindowsPath Interception by PATH Environment VariableWindowsPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
WAS.113337NoSQL Injection Authentication BypassWeb ApplicationInjectionOWASP
WAS.113634Server-Side Inclusion InjectionWeb ApplicationInjectionOWASP
WAS.98117Blind SQL Injection (differential analysis)Web ApplicationInjectionOWASP
WAS.98118Blind SQL Injection (timing attack)Web ApplicationInjectionOWASP
WAS.98127LDAP Injection Authentication BypassWeb ApplicationInjectionOWASP
T1003.004_WindowsOS Credential Dumping: LSA SecretsWindowsCredential AccessMITRE ATT&CK
T1059.006_WindowsCommand and Scripting Interpreter: Python (Windows)WindowsExecutionMITRE ATT&CK
T1134.002_WindowsAccess Token Manipulation: Create Process with TokenWindowsDefense Evasion, Privilege EscalationMITRE ATT&CK