As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.
ID | Name | Platform | Family | Framework |
---|---|---|---|---|
T1133_Azure | Exploit Public-Facing Application (Azure) | Azure | Initial Access, Persistence | MITRE ATT&CK |
T1059.004_Linux | Command and Scripting Interpreter: Unix Shell | Linux | Execution | MITRE ATT&CK |
T1592.002_PRE | Gather Victim Host Information: Software | PRE | Reconnaissance | MITRE ATT&CK |
T1218.007_Windows | System Binary Proxy Execution: Msiexec | Windows | Defense Evasion | MITRE ATT&CK |
T1219_Windows | Remote Access Software | Windows | Command and Control | MITRE ATT&CK |
T1003.008_Windows | OS Credential Dumping: /etc/passwd and /etc/shadow | Linux | Credential Access | MITRE ATT&CK |
T1552.002_Windows | Unsecured Credentials: Credentials in Registry | Windows | Credential Access | MITRE ATT&CK |
T1574.010_Windows | Hijack Execution Flow: Services File Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1053.005_Windows | Scheduled Task/Job: Scheduled Task | Windows | Execution, Persistence, Privilege Escalation | MITRE ATT&CK |
T1059.003_Windows | Command and Scripting Interpreter: Windows Command Shell | Windows | Execution | MITRE ATT&CK |
T1550.001_Windows | Material: Application Access Token | Windows | Lateral Movement, Defense Evasion | MITRE ATT&CK |
T1580_AWS | Cloud Infrastructure Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
T1555.004_Windows | Credentials from Password Stores: Windows Credential Manager | Windows | Credential Access | MITRE ATT&CK |
T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
T1059.005_Windows | Command and Scripting Interpreter: Visual Basic | Windows | Execution | MITRE ATT&CK |
T1110.004_Windows | Brute Force: Credential Stuffing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1098.001_AWS | Account Manipulation: Additional Cloud Credentials | AWS | Persistence | MITRE ATT&CK |
T1619_AWS | Cloud Storage Object Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
T1530_AWS | Data from Cloud Storage Object (AWS) | AWS | Collection | MITRE ATT&CK |
T1648_AWS | Serverless Execution | AWS | Execution | MITRE ATT&CK |
T1537_AWS | Transfer Data to Cloud Account | AWS | Exfiltration | MITRE ATT&CK |
T1049_Windows | System Network Connections Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
T1133_AWS | External Remote Services | Windows | Initial Access, Persistence | MITRE ATT&CK |
T1069.003_AWS | Permission Groups Discovery: Cloud Groups (AWS) | AWS | Discovery | MITRE ATT&CK |
T1136.003_AWS | Create Account: Cloud Account | AWS | Persistence | MITRE ATT&CK |
T1204_AWS | User Execution | AWS | Execution | MITRE ATT&CK |
T1528_AWS | Steal Application Access Token (AWS) | AWS | Collection | MITRE ATT&CK |
T1133_Windows | External Remote Services (Windows) | Windows | Persistence, Initial Access | MITRE ATT&CK |
T1087.004_AWS | Account Discovery: Cloud Account (AWS) | AWS | Discovery | MITRE ATT&CK |
T1098.003_AWS | Account Manipulation: Additional Cloud Roles (AWS) | AWS | Collection | MITRE ATT&CK |
T1204.002_AWS | User Execution: Malicious File (AWS) | AWS | Execution | MITRE ATT&CK |
T1048.002_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1048.003_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1048.001_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1211_Windows | Exploitation for Defense Evasion (Windows) | Windows | Defense Evasion | MITRE ATT&CK |
T1021.002_Windows | Remote Services: SMB/Windows Admin Shares | Windows | Lateral Movement | MITRE ATT&CK |
T1047_Windows | Windows Management Instrumentation | Windows | Execution | MITRE ATT&CK |
T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1574.011_Windows | Hijack Execution Flow: Services Registry Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1203_Windows | Exploitation for Client Execution (Windows) | Windows | Execution | MITRE ATT&CK |
T1558.004_Windows | Steal or Forge Kerberos Tickets: AS-REP Roasting | Windows | Credential Access | MITRE ATT&CK |
T1212_Windows | Exploitation for Credential Access (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
T1003.006_Windows | OS Credential Dumping: DCSync | Windows | Credential Access | MITRE ATT&CK |
T1548_Windows | Abuse Elevation Control Mechanism | Windows | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
T1210_Windows | Exploitation of Remote Services (Windows) | Windows | Lateral Movement | MITRE ATT&CK |