As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
| ID | Name | Platform | Family | Framework |
|---|---|---|---|---|
| T1007 | System Service Discovery | Discovery | MITRE ATT&CK | |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement | MITRE ATT&CK | |
| T1021.006 | Windows Remote Management | Lateral Movement | MITRE ATT&CK | |
| T1047 | Windows Management Instrumentation | Execution | MITRE ATT&CK | |
| T1059.003 | Windows Command Shell | Execution | MITRE ATT&CK | |
| T1059.006 | Python | Execution | MITRE ATT&CK | |
| T1072 | Software Deployment Tools | Execution, Lateral Movement | MITRE ATT&CK | |
| T1087.004 | Cloud Account | Discovery | MITRE ATT&CK | |
| T1110.001 | Password Guessing | Credential Access | MITRE ATT&CK | |
| T1135 | Network Share Discovery | Discovery | MITRE ATT&CK | |
| T1552.002 | Credentials in Registry | Credential Access | MITRE ATT&CK | |
| T1580 | Cloud Infrastructure Discovery | Discovery | MITRE ATT&CK | |
| WAS.113317 | Expression Language Injection | Injection | OWASP | |
| WAS.98119 | Blind NoSQL Injection (differential analysis) | Injection | OWASP | |
| WAS.98121 | Code Injection (Php--input Wrapper | Injection | OWASP | |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Credential Access, Collection | MITRE ATT&CK | |
| T1003.004 | LSA Secrets | Credential Access | MITRE ATT&CK | |
| T0812 | Default Credentials | Lateral Movement | MITRE ATT&CK | |
| T0891 | Hardcoded Credentials | Lateral Movement, Persistence | MITRE ATT&CK | |
| T1133 | External Remote Services | Persistence, Initial Access | MITRE ATT&CK | |
| T1190 | Exploit Public-Facing Application | Initial Access, Persistence | MITRE ATT&CK | |
| T1212 | Exploitation for Credential Access | Credential Access | MITRE ATT&CK | |
| T0822 | External Remote Services | Initial Access | MITRE ATT&CK | |
| T1012 | Query Registry | Discovery | MITRE ATT&CK | |
| T1059.001 | Powershell | Execution | MITRE ATT&CK | |
| T1078.003 | Local Accounts | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK | |
| T1098.001 | Additional Cloud Credentials | Persistence | MITRE ATT&CK | |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation | MITRE ATT&CK | |
| T1098.004 | SSH Authorized Keys | Privilege Escalation, Persistence | MITRE ATT&CK | |
| T1218.007 | Msiexec | Defense Evasion | MITRE ATT&CK | |
| T1482 | Domain Trust Discovery | Discovery | MITRE ATT&CK | |
| T1495 | Firmware Corruption | Impact | MITRE ATT&CK | |
| T1537 | Transfer Data to Cloud Account | Exfiltration | MITRE ATT&CK | |
| T1556.007 | Hybrid Identity | Credential Access, Defense Evasion, Persistence | MITRE ATT&CK | |
| T1558.003 | Kerberoasting | Credential Access | MITRE ATT&CK | |
| T1574.010 | Services File Permissions Weakness | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK | |
| T1619 | Cloud Storage Object Discovery | Discovery | MITRE ATT&CK | |
| T1648 | Serverless Execution | Execution | MITRE ATT&CK | |
| T1649 | Steal or Forge Authentication Certificates | Credential Access | MITRE ATT&CK | |
| WAS.113634 | Server-Side Inclusion Injection | Injection | OWASP | |
| WAS.98127 | LDAP Injection | Injection | OWASP | |
| T1059 | Command and Scripting Interpreter | Execution | MITRE ATT&CK | |
| T0814 | Denial of Service | Inhibit Response Function | MITRE ATT&CK | |
| T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Exfiltration | MITRE ATT&CK | |
| T1003.001 | LSASS Memory | Credential Access | MITRE ATT&CK | |
| T1003.006 | DCSync | Credential Access | MITRE ATT&CK | |
| T1021.001 | Remote Desktop Protocol | Lateral Movement | MITRE ATT&CK | |
| T1021.007 | Cloud Services | Lateral Movement | MITRE ATT&CK | |
| T1059.004 | Unix Shell | Execution | MITRE ATT&CK | |
| T1059.005 | Windows Command Shell | Execution | MITRE ATT&CK |