Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.


T1574.007_WindowsPath Interception by PATH Environment VariableWindowsPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
WAS.98117Blind SQL Injection (differential analysis)Web ApplicationInjectionOWASP
WAS.98118Blind SQL Injection (timing attack)Web ApplicationInjectionOWASP
WAS.98127LDAP Injection Authentication BypassWeb ApplicationInjectionOWASP
T1134.001_WindowsAccess Token Manipulation: Token Impersonation/Theft (Windows)WindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
WAS.113337NoSQL Injection Authentication BypassWeb ApplicationInjectionOWASP
T1558.003_WindowsSteal or Forge Kerberos Tickets: KerberoastingWindowsCredential AccessMITRE ATT&CK
WAS.113634Server-Side Inclusion InjectionWeb ApplicationInjectionOWASP
T1059.006_WindowsCommand and Scripting Interpreter: Python (Windows)WindowsExecutionMITRE ATT&CK
T1574.009_WindowsPath Interception by Unquoted PathWindowsPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
WAS.98115SQL InjectionWeb ApplicationInjectionOWASP
WAS.98116NoSQL InjectionWeb ApplicationInjectionOWASP
WAS.98120Code InjectionWeb ApplicationInjectionOWASP
T1134.002_WindowsAccess Token Manipulation: Create Process with TokenWindowsDefense Evasion, Privilege EscalationMITRE ATT&CK
WAS.113331LDAP Injection Authentication BypassWeb ApplicationInjectionOWASP
T1003.004_WindowsOS Credential Dumping: LSA SecretsWindowsCredential AccessMITRE ATT&CK
T1558.001_WindowsSteal or Forge Kerberos Tickets: Golden TicketWindowsCredential AccessMITRE ATT&CK
WAS.113317Expression Language InjectionWeb ApplicationInjectionOWASP