Detections
Analytics

Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

RSS Feeds

Search

IDNamePlatformFamilyFramework
T1003.004LSA SecretsCredential AccessMITRE ATT&CK
T1007System Service DiscoveryDiscoveryMITRE ATT&CK
T1021.002SMB/Windows Admin SharesLateral MovementMITRE ATT&CK
T1021.006Windows Remote ManagementLateral MovementMITRE ATT&CK
T1047Windows Management InstrumentationExecutionMITRE ATT&CK
T1059.003Windows Command ShellExecutionMITRE ATT&CK
T1059.006PythonExecutionMITRE ATT&CK
T1072Software Deployment ToolsExecution, Lateral MovementMITRE ATT&CK
T1087.004Cloud AccountDiscoveryMITRE ATT&CK
T1110.001Password GuessingCredential AccessMITRE ATT&CK
T1133External Remote ServicesPersistence, Initial AccessMITRE ATT&CK
T1135Network Share DiscoveryDiscoveryMITRE ATT&CK
T1190Exploit Public-Facing ApplicationInitial Access, PersistenceMITRE ATT&CK
T1552.002Credentials in RegistryCredential AccessMITRE ATT&CK
T1580Cloud Infrastructure DiscoveryDiscoveryMITRE ATT&CK
WAS.113317Expression Language InjectionInjectionOWASP
WAS.98119Blind NoSQL Injection (differential analysis)InjectionOWASP
WAS.98121Code Injection (Php--input WrapperInjectionOWASP
T1212Exploitation for Credential AccessCredential AccessMITRE ATT&CK
T1557.001LLMNR/NBT-NS Poisoning and SMB RelayCredential Access, CollectionMITRE ATT&CK
T0814Denial of ServiceInhibit Response FunctionMITRE ATT&CK
T0822External Remote ServicesInitial AccessMITRE ATT&CK
T1012Query RegistryDiscoveryMITRE ATT&CK
T1048.001Exfiltration Over Symmetric Encrypted Non-C2 ProtocolExfiltrationMITRE ATT&CK
T1059.001PowershellExecutionMITRE ATT&CK
T1078.003Local AccountsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1098.001Additional Cloud CredentialsPersistenceMITRE ATT&CK
T1098.003Additional Cloud RolesPersistence, Privilege EscalationMITRE ATT&CK
T1098.004SSH Authorized KeysPrivilege Escalation, PersistenceMITRE ATT&CK
T1218.007MsiexecDefense EvasionMITRE ATT&CK
T1482Domain Trust DiscoveryDiscoveryMITRE ATT&CK
T1495Firmware CorruptionImpactMITRE ATT&CK
T1537Transfer Data to Cloud AccountExfiltrationMITRE ATT&CK
T1556.007Hybrid IdentityCredential Access, Defense Evasion, PersistenceMITRE ATT&CK
T1558.003KerberoastingCredential AccessMITRE ATT&CK
T1574.010Services File Permissions WeaknessPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
T1619Cloud Storage Object DiscoveryDiscoveryMITRE ATT&CK
T1648Serverless ExecutionExecutionMITRE ATT&CK
T1649Steal or Forge Authentication CertificatesCredential AccessMITRE ATT&CK
WAS.113634Server-Side Inclusion InjectionInjectionOWASP
WAS.98127LDAP InjectionInjectionOWASP
T1003.001LSASS MemoryCredential AccessMITRE ATT&CK
T1003.006DCSyncCredential AccessMITRE ATT&CK
T1021.001Remote Desktop ProtocolLateral MovementMITRE ATT&CK
T1021.007Cloud ServicesLateral MovementMITRE ATT&CK
T1059.004Unix ShellExecutionMITRE ATT&CK
T1059.005Windows Command ShellExecutionMITRE ATT&CK
T1068Exploitation for Privilege EscalationPrivilege EscalationMITRE ATT&CK
T1069.001Local GroupsDiscoveryMITRE ATT&CK
T1078.002Domain AccountsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK