As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
ID | Name | Platform | Family | Framework |
---|---|---|---|---|
T1133_Azure | Exploit Public-Facing Application (Azure) | Azure | Initial Access, Persistence | MITRE ATT&CK |
T1053.005_Windows | Scheduled Task/Job: Scheduled Task | Windows | Execution, Persistence, Privilege Escalation | MITRE ATT&CK |
T1580_AWS | Cloud Infrastructure Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
T1110.004_Windows | Brute Force: Credential Stuffing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1098.001_AWS | Account Manipulation: Additional Cloud Credentials | AWS | Persistence | MITRE ATT&CK |
T1619_AWS | Cloud Storage Object Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
T1530_AWS | Data from Cloud Storage Object (AWS) | AWS | Collection | MITRE ATT&CK |
T1648_AWS | Serverless Execution | AWS | Execution | MITRE ATT&CK |
T1049_Windows | System Network Connections Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1537_AWS | Transfer Data to Cloud Account | AWS | Exfiltration | MITRE ATT&CK |
T1133_AWS | External Remote Services | Windows | Initial Access, Persistence | MITRE ATT&CK |
T1069.003_AWS | Permission Groups Discovery: Cloud Groups (AWS) | AWS | Discovery | MITRE ATT&CK |
T1136.003_AWS | Create Account: Cloud Account | AWS | Persistence | MITRE ATT&CK |
T1204_AWS | User Execution | AWS | Execution | MITRE ATT&CK |
T1528_AWS | Steal Application Access Token (AWS) | AWS | Collection | MITRE ATT&CK |
T1087.004_AWS | Account Discovery: Cloud Account (AWS) | AWS | Discovery | MITRE ATT&CK |
T1098.003_AWS | Account Manipulation: Additional Cloud Roles (AWS) | AWS | Collection | MITRE ATT&CK |
T1611_AWS | Escape to Host (AWS) | AWS | Discovery | MITRE ATT&CK |
T1133_Windows | External Remote Services (Windows) | Windows | Persistence, Initial Access | MITRE ATT&CK |
T1204.002_AWS | User Execution: Malicious File (AWS) | AWS | Execution | MITRE ATT&CK |
T1048.002_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1048.003_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1048.001_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1047_Windows | Windows Management Instrumentation | Windows | Execution | MITRE ATT&CK |
T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1211_Windows | Exploitation for Defense Evasion (Windows) | Windows | Defense Evasion | MITRE ATT&CK |
T1021.002_Windows | Remote Services: SMB/Windows Admin Shares | Windows | Lateral Movement | MITRE ATT&CK |
T1203_Windows | Exploitation for Client Execution (Windows) | Windows | Execution | MITRE ATT&CK |
T1558.004_Windows | Steal or Forge Kerberos Tickets: AS-REP Roasting | Windows | Credential Access | MITRE ATT&CK |
T1574.011_Windows | Hijack Execution Flow: Services Registry Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1212_Windows | Exploitation for Credential Access (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1003.006_Windows | OS Credential Dumping: DCSync | Windows | Credential Access | MITRE ATT&CK |
T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
T1110.002_Windows | Brute Force: Password Cracking (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1548_Windows | Abuse Elevation Control Mechanism | Windows | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1210_Windows | Exploitation of Remote Services (Windows) | Windows | Lateral Movement | MITRE ATT&CK |
T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
T1003.001_Windows | OS Credential Dumping: LSASS Memory | Windows | Credential Access | MITRE ATT&CK |
T1003.002_Windows | OS Credential Dumping: Security Account Manager | Windows | Credential Access | MITRE ATT&CK |
T1135_Windows | Network Share Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |
T1059.001_Windows | Command and Scripting Interpreter: PowerShell (Windows) | Windows | Execution | MITRE ATT&CK |
T1547.002_Windows | Boot or Logon Autostart Execution: Authentication Package | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |