Detections
Analytics

Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

RSS Feeds

Search

IDNamePlatformFamilyFramework
T1003.004_WindowsOS Credential Dumping: LSA SecretsWindowsCredential AccessMITRE ATT&CK
T1059.006_WindowsCommand and Scripting Interpreter: Python (Windows)WindowsExecutionMITRE ATT&CK
T1558.001_WindowsSteal or Forge Kerberos Tickets: Golden TicketWindowsCredential AccessMITRE ATT&CK
T1574.009_WindowsPath Interception by Unquoted PathWindowsPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
WAS.98115SQL InjectionWeb ApplicationInjectionOWASP
T0820Exploitation for EvasionEvasionMITRE ATT&CK
T1012Query RegistryDiscoveryMITRE ATT&CK
T1037.003Network Logon ScriptPersistence, Privilege EscalationMITRE ATT&CK
T1048.002Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolExfiltrationMITRE ATT&CK
T1059.003Windows Command ShellExecutionMITRE ATT&CK
T1068Exploitation for Privilege EscalationPrivilege EscalationMITRE ATT&CK
T1078.001Default AccountsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1078.003Local AccountsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1110.004Credential StuffingCredential AccessMITRE ATT&CK
T1134.005SID-History InjectionDefense Evasion, Privilege EscalationMITRE ATT&CK
T1190Exploit Public-Facing ApplicationInitial Access, PersistenceMITRE ATT&CK
T1212Exploitation for Credential AccessCredential AccessMITRE ATT&CK
T1484.002Trust ModificationDefense Evasion, Privilege EscalationMITRE ATT&CK
T1495Firmware CorruptionImpactMITRE ATT&CK
T1528Steal Application Access TokenCollectionMITRE ATT&CK
T1557.001LLMNR/NBT-NS Poisoning and SMB RelayCredential Access, CollectionMITRE ATT&CK
T1558.001Golden TicketCredential AccessMITRE ATT&CK
T1558.004AS-REP RoastingMITRE ATT&CK
T1574.007Path Interception by PATH Environment VariablePersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
T1619Cloud Storage Object DiscoveryDiscoveryMITRE ATT&CK
WAS.112439Server Side Request ForgeryServer-Side Request Forgery (SSRF)OWASP
WAS.112614Server-Side Template InjectionInjectionOWASP
WAS.113162MySQLjs SQL Injection Authentication BypassInjectionOWASP
T1649Steal or Forge Authentication CertificatesCredential AccessMITRE ATT&CK
T0822External Remote ServicesInitial AccessMITRE ATT&CK
T0812Default CredentialsLateral MovementMITRE ATT&CK
T1003.006DCSyncCredential AccessMITRE ATT&CK
T1021.002SMB/Windows Admin SharesLateral MovementMITRE ATT&CK
T1048.001Exfiltration Over Symmetric Encrypted Non-C2 ProtocolExfiltrationMITRE ATT&CK
T1059.009Cloud APIExecutionMITRE ATT&CK
T1069.002Domain GroupsDiscoveryMITRE ATT&CK
T1069.003Cloud GroupsDiscoveryMITRE ATT&CK
T1098.001Additional Cloud CredentialsPersistenceMITRE ATT&CK
T1110.001Password GuessingCredential AccessMITRE ATT&CK
T1110.003Password SprayingCredential AccessMITRE ATT&CK
T1135Network Share DiscoveryDiscoveryMITRE ATT&CK
T1195.002Compromise Software Supply ChainInitial AccessMITRE ATT&CK
T1210Exploitation of Remote ServicesLateral MovementMITRE ATT&CK
T1482Domain Trust DiscoveryDiscoveryMITRE ATT&CK
T1530Data from Cloud StorageCollectionMITRE ATT&CK
T1537Transfer Data to Cloud AccountExfiltrationMITRE ATT&CK
T1548.005Temporary Elevated Cloud AccessDefense Evasion, Privilege EscalationMITRE ATT&CK
T1548Abuse Elevation Control MechanismPrivilege Escalation, Defense EvasionMITRE ATT&CK
T1555.006Cloud Secrets Management StoresCredential AccessMITRE ATT&CK
T1556.001Domain Controller AuthenticationCredential Access, Defense Evasion, PersistenceMITRE ATT&CK