Detections
Analytics

Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

RSS Feeds

Search

IDNamePlatformFamilyFramework
T1648Serverless ExecutionExecutionMITRE ATT&CK
WAS.98114XPath InjectionInjectionOWASP
WAS.98123Operating System Command InjectionInjectionOWASP
WAS.98623Host Header InjectionInjectionOWASP
T0843Program DownloadLateral MovementMITRE ATT&CK
T1003.001LSASS MemoryCredential AccessMITRE ATT&CK
T1003.002Security Account ManagerCredential AccessMITRE ATT&CK
T1007System Service DiscoveryDiscoveryMITRE ATT&CK
T1021.001Remote Desktop ProtocolLateral MovementMITRE ATT&CK
T1021.006Windows Remote ManagementLateral MovementMITRE ATT&CK
T1053.005Scheduled TaskExecution, Persistence, Privilege EscalationMITRE ATT&CK
T1059.004Unix ShellExecutionMITRE ATT&CK
T1059.006PythonExecutionMITRE ATT&CK
T1069.001Local GroupsDiscoveryMITRE ATT&CK
T1078.004Cloud AccountsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1082System Information DiscoveryDiscoveryMITRE ATT&CK
T1098.003Additional Cloud RolesPersistence, Privilege EscalationMITRE ATT&CK
T1114.002Remote Email CollectionCollectionMITRE ATT&CK
T1203Exploitation for Client ExecutionExecutionMITRE ATT&CK
T1518.001Security Software DiscoveryDiscoveryMITRE ATT&CK
T1547.002Authentication PackagePersistence, Privilege EscalationMITRE ATT&CK
T1552.005Cloud Instance Metadata APICredential AccessMITRE ATT&CK
WAS.113212Content InjectionInjectionOWASP
WAS.98113XML External EntitySecurity MisconfigurationOWASP
WAS.98119Blind NoSQL Injection (differential analysis)InjectionOWASP
WAS.98121Code Injection (Php--input WrapperInjectionOWASP
WAS.98124Operating System Command Injection (Timing Attack)InjectionOWASP
T0846Remote System DiscoveryDiscoveryMITRE ATT&CK
T0866Exploitation of Remote ServicesInitial Access, Lateral MovementMITRE ATT&CK
T1003.003NTDSCredential AccessMITRE ATT&CK
T1003.008/etc/passwd and /etc/shadowCredential AccessMITRE ATT&CK
T1021.007Cloud ServicesLateral MovementMITRE ATT&CK
T1059.001PowershellExecutionMITRE ATT&CK
T1098.004SSH Authorized KeysPrivilege Escalation, PersistenceMITRE ATT&CK
T1133External Remote ServicesPersistence, Initial AccessMITRE ATT&CK
T1499.004Application or System ExploitationImpactMITRE ATT&CK
T1526Cloud Service DiscoveryDiscoveryMITRE ATT&CK
T1550.001Application Access TokenLateral Movement, Defense EvasionMITRE ATT&CK
T1555.004Windows Credential ManagerCredential AccessMITRE ATT&CK
T1558.003KerberoastingCredential AccessMITRE ATT&CK
T1592.002SoftwareReconnaissanceMITRE ATT&CK
WAS.113634Server-Side Inclusion InjectionInjectionOWASP
WAS.98117Blind SQL Injection (differential analysis)InjectionOWASP
WAS.98118Blind SQL Injection (timing attack)InjectionOWASP
WAS.98127LDAP InjectionInjectionOWASP
T0814Denial of ServiceInhibit Response FunctionMITRE ATT&CK
T0891Hardcoded CredentialsLateral Movement, PersistenceMITRE ATT&CK
T1003.004LSA SecretsCredential AccessMITRE ATT&CK
T1021.003Distributed Component Object ModelLateral MovementMITRE ATT&CK
T1040Network SniffingCredential Access, DiscoveryMITRE ATT&CK