Theme

Attack Path Techniques

As part of a typical attack, adversaries leverage different tools and techniques to accomplish their objectives. Usually, a hacker attains an initial foothold over the network, whether by a phishing attack or exploiting a publicly exposed vulnerability. Hackers may then seem to maintain access over the machine (Persistence), elevate their privileges, and laterally pivot between network devices (Lateral Movement). Last, the hacker tries to complete their objective, for example, a denial of service of critical infrastructure, exfiltration of sensitive information, or distraction of existing services. This event is known as Attack Path. An attack path contains one or more Attack Techniques, allowing the hacker to accomplish his objective.

RSS Feeds

All Techniques

Search

ID	Name	Platform	Family	Framework
T1049_Windows	System Network Connections Discovery (Windows)	Windows	Discovery	MITRE ATT&CK
T1537_AWS	Transfer Data to Cloud Account	AWS	Exfiltration	MITRE ATT&CK
T1619_AWS	Cloud Storage Object Discovery (AWS)	AWS	Discovery	MITRE ATT&CK
T1133_AWS	External Remote Services	Windows	Initial Access , Persistence	MITRE ATT&CK
T1530_AWS	Data from Cloud Storage Object (AWS)	AWS	Collection	MITRE ATT&CK
T1069.003_AWS	Permission Groups Discovery: Cloud Groups (AWS)	AWS	Discovery	MITRE ATT&CK
T1136.003_AWS	Create Account: Cloud Account	AWS	Persistence	MITRE ATT&CK
T1204_AWS	User Execution	AWS	Execution	MITRE ATT&CK
T1528_AWS	Steal Application Access Token (AWS)	AWS	Collection	MITRE ATT&CK
T1204.002_AWS	User Execution: Malicious File (AWS)	AWS	Execution	MITRE ATT&CK
T1087.004_AWS	Account Discovery: Cloud Account (AWS)	AWS	Discovery	MITRE ATT&CK
T1098.003_AWS	Account Manipulation: Additional Cloud Roles (AWS)	AWS	Collection	MITRE ATT&CK
T1133_Windows	External Remote Services (Windows)	Windows	Persistence , Initial Access	MITRE ATT&CK
T1611_AWS	Escape to Host (AWS)	AWS	Discovery	MITRE ATT&CK
T1048.002_Windows	Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (Windows)	Windows	Exfiltration	MITRE ATT&CK
T1048.003_Windows	Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows)	Windows	Exfiltration	MITRE ATT&CK
T1048.001_Windows	Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol (Windows)	Windows	Exfiltration	MITRE ATT&CK
T1021.002_Windows	Remote Services: SMB/Windows Admin Shares	Windows	Lateral Movement	MITRE ATT&CK
T1047_Windows	Windows Management Instrumentation	Windows	Execution	MITRE ATT&CK
T1110.001_Windows	Brute Force: Password Guessing (Windows)	Windows	Credential Access	MITRE ATT&CK
T1110.003_Windows	Brute Force: Password Spraying (Windows)	Windows	Credential Access	MITRE ATT&CK
T1211_Windows	Exploitation for Defense Evasion (Windows)	Windows	Defense Evasion	MITRE ATT&CK
T1203_Windows	Exploitation for Client Execution (Windows)	Windows	Execution	MITRE ATT&CK
T1558.004_Windows	Steal or Forge Kerberos Tickets: AS-REP Roasting	Windows	Credential Access	MITRE ATT&CK
T1574.011_Windows	Hijack Execution Flow: Services Registry Permissions Weakness	Windows	Persistence , Privilege Escalation , Defense Evasion	MITRE ATT&CK
T1212_Windows	Exploitation for Credential Access (Windows)	Windows	Credential Access	MITRE ATT&CK
T1548_Windows	Abuse Elevation Control Mechanism	Windows	Privilege Escalation , Defense Evasion	MITRE ATT&CK
T1003.006_Windows	OS Credential Dumping: DCSync	Windows	Credential Access	MITRE ATT&CK
T1021.001_Windows	Remote Services: Remote Desktop Protocol	Windows	Lateral Movement	MITRE ATT&CK
T1021.006_Windows	Remote Services: Windows Remote Management	Windows	Lateral Movement	MITRE ATT&CK
T1068_Windows	Exploitation for Privilege Escalation (Windows)	Windows	Privilege Escalation	MITRE ATT&CK
T1110.002_Windows	Brute Force: Password Cracking (Windows)	Windows	Credential Access	MITRE ATT&CK
T1210_Windows	Exploitation of Remote Services (Windows)	Windows	Lateral Movement	MITRE ATT&CK
T1003.001_Windows	OS Credential Dumping: LSASS Memory	Windows	Credential Access	MITRE ATT&CK
T1003.002_Windows	OS Credential Dumping: Security Account Manager	Windows	Credential Access	MITRE ATT&CK
T1135_Windows	Network Share Discovery (Windows)	Windows	Discovery	MITRE ATT&CK
T1482_Windows	Domain Trust Discovery	Windows	Discovery	MITRE ATT&CK
T1059.001_Windows	Command and Scripting Interpreter: PowerShell (Windows)	Windows	Execution	MITRE ATT&CK
T1547.002_Windows	Boot or Logon Autostart Execution: Authentication Package	Windows	Persistence , Privilege Escalation	MITRE ATT&CK
T1547.005_Windows	Boot or Logon Autostart Execution: Security Support Provider	Windows	Persistence , Privilege Escalation	MITRE ATT&CK
T1557.001_Windows	Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay	Windows	Credential Access , Collection	MITRE ATT&CK
T1003.003_Windows	OS Credential Dumping: NTDS	Windows	Credential Access	MITRE ATT&CK
T1012_Windows	Query Registry	Windows	Discovery	MITRE ATT&CK
T1078.002_Windows	Valid Accounts: Domain Accounts	Windows	Defense Evasion , Persistence , Privilege Escalation , Initial Access	MITRE ATT&CK
T1078.003_Windows	Valid Accounts: Local Accounts	Windows	Defense Evasion , Persistence , Privilege Escalation , Initial Access	MITRE ATT&CK
T1495_Windows	Firmware Corruption	Windows	Impact	MITRE ATT&CK
T1134.005_Windows	Access Token Manipulation: SID-History Injection	Windows	Defense Evasion , Privilege Escalation	MITRE ATT&CK
T1069.001_Windows	Permission Groups Discovery: Local Groups	Windows	Discovery	MITRE ATT&CK
T1195.002_Windows	Supply Chain Compromise: Compromise Software Supply Chain	Windows	Initial Access	MITRE ATT&CK
T1518.001_Windows	Software Discovery: Security Software Discovery	Windows	Discovery	MITRE ATT&CK