As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
ID | Name | Platform | Family | Framework |
---|---|---|---|---|
T1110.002_Windows | Brute Force: Password Cracking (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
T1210_Windows | Exploitation of Remote Services (Windows) | Windows | Lateral Movement | MITRE ATT&CK |
T1003.001_Windows | OS Credential Dumping: LSASS Memory | Windows | Credential Access | MITRE ATT&CK |
T1003.002_Windows | OS Credential Dumping: Security Account Manager | Windows | Credential Access | MITRE ATT&CK |
T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
T1059.001_Windows | Command and Scripting Interpreter: PowerShell (Windows) | Windows | Execution | MITRE ATT&CK |
T1135_Windows | Network Share Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |
T1547.002_Windows | Boot or Logon Autostart Execution: Authentication Package | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1557.001_Windows | Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay | Windows | Credential Access, Collection | MITRE ATT&CK |
WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
WAS.113162 | MySQLjs SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
T1012_Windows | Query Registry | Windows | Discovery | MITRE ATT&CK |
T1078.002_Windows | Valid Accounts: Domain Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1078.003_Windows | Valid Accounts: Local Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1134.005_Windows | Access Token Manipulation: SID-History Injection | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1495_Windows | Firmware Corruption | Windows | Impact | MITRE ATT&CK |
WAS.113069 | SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.113309 | XPath Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.98114 | XPath Injection | Web Application | Injection | OWASP |
WAS.98123 | Operating System Command Injection | Web Application | Injection | OWASP |
T1007_Windows | System Service Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1037.003_Windows | Boot or Logon Initialization Scripts: Network Logon Script (Windows) | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1040_Windows | Network Sniffing (Windows) | Windows | Credential Access, Discovery | MITRE ATT&CK |
T1069.001_Windows | Permission Groups Discovery: Local Groups | Windows | Discovery | MITRE ATT&CK |
T1069.002_Windows | Permission Groups Discovery: Domain Groups | Windows | Discovery | MITRE ATT&CK |
T1195.002_Windows | Supply Chain Compromise: Compromise Software Supply Chain | Windows | Initial Access | MITRE ATT&CK |
T1484.001_Windows | Domain Policy Modification: Group Policy Modification | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1518.001_Windows | Software Discovery: Security Software Discovery | Windows | Discovery | MITRE ATT&CK |
WAS.98113 | XML External Entity | Web Application | Injection | OWASP |
WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |
WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |
T1114.002_Windows | Remote Email Collection | Windows | Collection | MITRE ATT&CK |
T1134.001_Windows | Access Token Manipulation: Token Impersonation/Theft (Windows) | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1207_Windows | Rogue Domain Controller | Windows | Defense Evasion | MITRE ATT&CK |
T1558.003_Windows | Steal or Forge Kerberos Tickets: Kerberoasting | Windows | Credential Access | MITRE ATT&CK |
T1574.007_Windows | Path Interception by PATH Environment Variable | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
WAS.113337 | NoSQL Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.113634 | Server-Side Inclusion Injection | Web Application | Injection | OWASP |
WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
T1003.004_Windows | OS Credential Dumping: LSA Secrets | Windows | Credential Access | MITRE ATT&CK |
T1059.006_Windows | Command and Scripting Interpreter: Python (Windows) | Windows | Execution | MITRE ATT&CK |
T1134.002_Windows | Access Token Manipulation: Create Process with Token | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |