As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
ID | Name | Platform | Family | Framework |
---|---|---|---|---|
T1048.002_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1048.003_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1048.001_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1211_Windows | Exploitation for Defense Evasion (Windows) | Windows | Defense Evasion | MITRE ATT&CK |
T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1047_Windows | Windows Management Instrumentation | Windows | Execution | MITRE ATT&CK |
T1021.002_Windows | Remote Services: SMB/Windows Admin Shares | Windows | Lateral Movement | MITRE ATT&CK |
T1203_Windows | Exploitation for Client Execution (Windows) | Windows | Execution | MITRE ATT&CK |
T1558.004_Windows | Steal or Forge Kerberos Tickets: AS-REP Roasting | Windows | Credential Access | MITRE ATT&CK |
T1574.011_Windows | Hijack Execution Flow: Services Registry Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1212_Windows | Exploitation for Credential Access (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
T1003.006_Windows | OS Credential Dumping: DCSync | Windows | Credential Access | MITRE ATT&CK |
T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
T1548_Windows | Abuse Elevation Control Mechanism | Windows | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
T1210_Windows | Exploitation of Remote Services (Windows) | Windows | Lateral Movement | MITRE ATT&CK |
T1003.002_Windows | OS Credential Dumping: Security Account Manager | Windows | Credential Access | MITRE ATT&CK |
T1059.001_Windows | Command and Scripting Interpreter: PowerShell (Windows) | Windows | Execution | MITRE ATT&CK |
T1135_Windows | Network Share Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1547.002_Windows | Boot or Logon Autostart Execution: Authentication Package | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
WAS.113162 | My SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |
T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
T1557.001_Windows | Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay | Windows | Credential Access, Collection | MITRE ATT&CK |
WAS.112439 | Server-Side Request Forgery | Web Application | Server-Side Request Forgery (SSRF) | OWASP |
T1003.001_Windows | OS Credential Dumping: LSASS Memory | Windows | Credential Access | MITRE ATT&CK |
WAS.113069 | SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.98114 | XPath Injection | Web Application | Injection | OWASP |
T1134.005_Windows | Access Token Manipulation: SID-History Injection | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1012_Windows | Query Registry | Windows | Discovery | MITRE ATT&CK |
T1078.003_Windows | Valid Accounts: Local Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1495_Windows | Firmware Corruption | Windows | Impact | MITRE ATT&CK |
WAS.98123 | Operating System Command Injection | Web Application | Injection | OWASP |
WAS.113309 | XPath Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.98623 | Host Header Injection | Web Application | Injection | OWASP |
T1078.002_Windows | Valid Accounts: Domain Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1007_Windows | System Service Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1040_Windows | Network Sniffing (Windows) | Windows | Credential Access, Discovery | MITRE ATT&CK |
T1069.001_Windows | Permission Groups Discovery: Local Groups | Windows | Discovery | MITRE ATT&CK |
T1195.002_Windows | Supply Chain Compromise: Compromise Software Supply Chain | Windows | Initial Access | MITRE ATT&CK |
T1518.001_Windows | Software Discovery: Security Software Discovery | Windows | Discovery | MITRE ATT&CK |
WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |