Detections
Analytics
Attack Path Techniques
As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
RSS Feeds
Search
| ID | Name | Platform | Family | Framework |
|---|---|---|---|---|
| T1114.002_Windows | Remote Email Collection | Windows | Collection | MITRE ATT&CK |
| T1495_Windows | Firmware Corruption | Windows | Impact | MITRE ATT&CK |
| T1518.001_Windows | Software Discovery: Security Software Discovery | Windows | Discovery | MITRE ATT&CK |
| T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1574.009_Windows | Path Interception by Unquoted Path | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T0820 | Exploitation for Evasion | Evasion | MITRE ATT&CK | |
| T0843 | Program Download | Lateral Movement | MITRE ATT&CK | |
| T0866 | Exploitation of Remote Services | Initial Access, Lateral Movement | MITRE ATT&CK | |
| T1003.002 | Security Account Manager | Credential Access | MITRE ATT&CK | |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access | MITRE ATT&CK | |
| T1021.003 | Distributed Component Object Model | Lateral Movement | MITRE ATT&CK | |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration | MITRE ATT&CK | |
| T1048.003 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Exfiltration | MITRE ATT&CK | |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation | MITRE ATT&CK | |
| T1069.003 | Cloud Groups | Discovery | MITRE ATT&CK | |
| T1078.001 | Default Accounts | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK | |
| T1078.004 | Cloud Accounts | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK | |
| T1110.003 | Password Spraying | Credential Access | MITRE ATT&CK | |
| T1110.004 | Credential Stuffing | Credential Access | MITRE ATT&CK | |
| T1195.002 | Compromise Software Supply Chain | Initial Access | MITRE ATT&CK | |
| T1555.004 | Windows Credential Manager | Credential Access | MITRE ATT&CK | |
| T1555.006 | Cloud Secrets Management Stores | Credential Access | MITRE ATT&CK | |
| T1565.003 | Runtime Data Manipulation | Impact | MITRE ATT&CK | |
| T1574.007 | Path Interception by PATH Environment Variable | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK | |
| T1592.002 | Software | Reconnaissance | MITRE ATT&CK | |
| T1595.001 | Scanning IP Blocks | Reconnaissance | MITRE ATT&CK | |
| WAS.112439 | Server Side Request Forgery | Server-Side Request Forgery (SSRF) | OWASP | |
| WAS.113212 | Content Injection | Injection | OWASP | |
| WAS.98120 | Code Injection | Injection | OWASP | |
| WAS.98124 | Operating System Command Injection (Timing Attack) | Injection | OWASP | |
| T1037.003 | Network Logon Script | Persistence, Privilege Escalation | MITRE ATT&CK | |
| T1040 | Network Sniffing | Credential Access, Discovery | MITRE ATT&CK | |
| T1069.002 | Domain Groups | Discovery | MITRE ATT&CK | |
| T1203 | Exploitation for Client Execution | Execution | MITRE ATT&CK | |
| T1528 | Steal Application Access Token | Collection | MITRE ATT&CK | |
| T1547.005 | Security Support Provider | Persistence, Privilege Escalation | MITRE ATT&CK | |
| T1548 | Abuse Elevation Control Mechanism | Privilege Escalation, Defense Evasion | MITRE ATT&CK | |
| T1550.003 | Pass the Ticket | Defense Evasion, Lateral Movement | MITRE ATT&CK | |
| T1552.005 | Cloud Instance Metadata API | Credential Access | MITRE ATT&CK | |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence | MITRE ATT&CK | |
| T1606.002 | SAML Tokens | Credential Access | MITRE ATT&CK | |
| WAS.112614 | Server-Side Template Injection | Injection | OWASP | |
| WAS.98114 | XPath Injection | Injection | OWASP | |
| WAS.98117 | Blind SQL Injection (differential analysis) | Injection | OWASP | |
| WAS.98118 | Blind SQL Injection (timing attack) | Injection | OWASP | |
| WAS.98623 | Host Header Injection | Injection | OWASP | |
| T0812 | Default Credentials | Lateral Movement | MITRE ATT&CK | |
| T0846 | Remote System Discovery | Discovery | MITRE ATT&CK | |
| T0891 | Hardcoded Credentials | Lateral Movement, Persistence | MITRE ATT&CK | |
| T1003.003 | NTDS | Credential Access | MITRE ATT&CK |