As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
ID | Name | Platform | Family | Framework |
---|---|---|---|---|
WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |
WAS.113212 | Content Injection | Web Application | Injection | OWASP |
WAS.98113 | XML External Entity | Web Application | Security Misconfiguration | OWASP |
T1037.003_Windows | Boot or Logon Initialization Scripts: Network Logon Script (Windows) | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1069.002_Windows | Permission Groups Discovery: Domain Groups | Windows | Discovery | MITRE ATT&CK |
T1484.001_Windows | Domain Policy Modification: Group Policy Modification | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1114.002_Windows | Remote Email Collection | Windows | Collection | MITRE ATT&CK |
T1207_Windows | Rogue Domain Controller | Windows | Defense Evasion | MITRE ATT&CK |
WAS.112684 | Client Side Template Injection | Web Application | Injection | OWASP |
T1574.007_Windows | Path Interception by PATH Environment Variable | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
T1134.001_Windows | Access Token Manipulation: Token Impersonation/Theft (Windows) | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
WAS.113337 | NoSQL Injection Authentication Bypass | Web Application | Injection | OWASP |
T1558.003_Windows | Steal or Forge Kerberos Tickets: Kerberoasting | Windows | Credential Access | MITRE ATT&CK |
WAS.113634 | Server-Side Inclusion Injection | Web Application | Injection | OWASP |
T1059.006_Windows | Command and Scripting Interpreter: Python (Windows) | Windows | Execution | MITRE ATT&CK |
T1574.009_Windows | Path Interception by Unquoted Path | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
WAS.98115 | SQL Injection | Web Application | Injection | OWASP |
WAS.98116 | NoSQL Injection | Web Application | Injection | OWASP |
WAS.98120 | Code Injection | Web Application | Injection | OWASP |
T1134.002_Windows | Access Token Manipulation: Create Process with Token | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
WAS.113331 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
T1003.004_Windows | OS Credential Dumping: LSA Secrets | Windows | Credential Access | MITRE ATT&CK |
T1558.001_Windows | Steal or Forge Kerberos Tickets: Golden Ticket | Windows | Credential Access | MITRE ATT&CK |
WAS.113317 | Expression Language Injection | Web Application | Injection | OWASP |