Detections
Analytics

Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

RSS Feeds

Search

IDNamePlatformFamilyFramework
T1069.003Cloud GroupsDiscoveryMITRE ATT&CK
T1098.001Additional Cloud CredentialsPersistenceMITRE ATT&CK
T1548.005Temporary Elevated Cloud AccessDefense Evasion, Privilege EscalationMITRE ATT&CK
T1555.006Cloud Secrets Management StoresCredential AccessMITRE ATT&CK
T1574.011Services Registry Permissions WeaknessPersistence, Privilege Escalation, Defense EvasionMITRE ATT&CK
T1648Serverless ExecutionExecutionMITRE ATT&CK
T0843Program DownloadLateral MovementMITRE ATT&CK
T1021.001Remote Desktop ProtocolLateral MovementMITRE ATT&CK
T1053.005Scheduled TaskExecution, Persistence, Privilege EscalationMITRE ATT&CK
T1059.006PythonExecutionMITRE ATT&CK
T1078.004Cloud AccountsDefense Evasion, Persistence, Privilege Escalation, Initial AccessMITRE ATT&CK
T1098.003Additional Cloud RolesPersistence, Privilege EscalationMITRE ATT&CK
T1114.002Remote Email CollectionCollectionMITRE ATT&CK
T1547.002Authentication PackagePersistence, Privilege EscalationMITRE ATT&CK
T1003.001LSASS MemoryCredential AccessMITRE ATT&CK
T1003.002Security Account ManagerCredential AccessMITRE ATT&CK
T1059.004Unix ShellExecutionMITRE ATT&CK
T1069.001Local GroupsDiscoveryMITRE ATT&CK
T1082System Information DiscoveryDiscoveryMITRE ATT&CK
T1203Exploitation for Client ExecutionExecutionMITRE ATT&CK
T1518.001Security Software DiscoveryDiscoveryMITRE ATT&CK
T1552.005Cloud Instance Metadata APICredential AccessMITRE ATT&CK
WAS.113212Content InjectionInjectionOWASP
WAS.98113XML External EntitySecurity MisconfigurationOWASP
WAS.98119Blind NoSQL Injection (differential analysis)InjectionOWASP
WAS.98121Code Injection (Php--input WrapperInjectionOWASP
WAS.98124Operating System Command Injection (Timing Attack)InjectionOWASP
T1007System Service DiscoveryDiscoveryMITRE ATT&CK
T1021.006Windows Remote ManagementLateral MovementMITRE ATT&CK
T0866Exploitation of Remote ServicesInitial Access, Lateral MovementMITRE ATT&CK
T1021.007Cloud ServicesLateral MovementMITRE ATT&CK
T1059.001PowershellExecutionMITRE ATT&CK
T1133External Remote ServicesPersistence, Initial AccessMITRE ATT&CK
T1499.004Application or System ExploitationImpactMITRE ATT&CK
T1526Cloud Service DiscoveryDiscoveryMITRE ATT&CK
T1555.004Windows Credential ManagerCredential AccessMITRE ATT&CK
T1558.003KerberoastingCredential AccessMITRE ATT&CK
WAS.113634Server-Side Inclusion InjectionInjectionOWASP
WAS.98117Blind SQL Injection (differential analysis)InjectionOWASP
WAS.98118Blind SQL Injection (timing attack)InjectionOWASP
WAS.98127LDAP InjectionInjectionOWASP
T0846Remote System DiscoveryDiscoveryMITRE ATT&CK
T1003.003NTDSCredential AccessMITRE ATT&CK
T1003.008/etc/passwd and /etc/shadowCredential AccessMITRE ATT&CK
T1098.004SSH Authorized KeysPrivilege Escalation, PersistenceMITRE ATT&CK
T1550.001Application Access TokenLateral Movement, Defense EvasionMITRE ATT&CK
T1592.002SoftwareReconnaissanceMITRE ATT&CK
T1003.004LSA SecretsCredential AccessMITRE ATT&CK
T1040Network SniffingCredential Access, DiscoveryMITRE ATT&CK
T1047Windows Management InstrumentationExecutionMITRE ATT&CK