WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |
WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |
T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
WAS.113317 | Expression Language Injection | Web Application | Injection | OWASP |
WAS.98115 | SQL Injection | Web Application | Injection | OWASP |
WAS.98116 | NoSQL Injection | Web Application | Injection | OWASP |
WAS.98120 | Code Injection | Web Application | Injection | OWASP |
1078.001 | Valid Accounts: Default Accounts | Azure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
T1059.004_Linux | Command and Scripting Interpreter: Unix Shell | Linux | Execution | MITRE ATT&CK |
T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
T1499.004 | Endpoint Denial of Service: Application or System Exploitation | Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Impact | MITRE ATT&CK |
T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
T1555.004_Windows | Credentials from Password Stores: Windows Credential Manager | Windows | Credential Access | MITRE ATT&CK |
T1574.007_Windows | Path Interception by PATH Environment Variable | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1595.001_PRE | Active Scanning: Scanning IP Blocks | PRE | Reconnaissance | MITRE ATT&CK |
WAS.112439 | Server-Side Request Forgery | Web Application | Server-Side Request Forgery (SSRF) | OWASP |
WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
WAS.113162 | My SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
T1592.002_PRE | Gather Victim Host Information: Software | PRE | Reconnaissance | MITRE ATT&CK |
WAS.112684 | Client Side Template Injection | Web Application | Injection | OWASP |
WAS.113634 | Server-Side Includes (SSI) Injection | Web Application | Injection | OWASP |
WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |