ryuki's blog

Tag Index

Found 306 total tags.

ctf

37 items with this tag. Showing first 10 tags.

easy

13 items with this tag. Showing first 10 tags.

hackthebox

42 items with this tag. Showing first 10 tags.

hard

11 items with this tag. Showing first 10 tags.

insane

5 items with this tag.

linux

28 items with this tag. Showing first 10 tags.

medium

12 items with this tag. Showing first 10 tags.

T1003

Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password.

Tactics
TA0006

Sub-techniques
T1003.001 T1003.002 T1003.003 T1003.004 T1003.005 T1003.006 T1003.007 T1003.008

See: MITRE ATT&CK

5 items with this tag.

T1003.001

Adversaries may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS).

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

1 item with this tag.

T1003.002

Adversaries may attempt to extract credential material from the Security Account Manager (SAM) database either through in-memory techniques or through the Windows Registry where the SAM database is stored.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

3 items with this tag.

T1003.003

Adversaries may attempt to access or create a copy of the Active Directory domain database in order to steal credential information, as well as obtain other information about domain members such as devices, users, and access rights.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

1 item with this tag.

T1003.004

Adversaries with SYSTEM access to a host may attempt to access Local Security Authority (LSA) secrets, which can contain a variety of different credential materials, such as credentials for service accounts.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

1 item with this tag.

T1003.006

Adversaries may attempt to access credentials and other sensitive information by abusing a Windows Domain Controller’s application programming interface (API)(Citation: Microsoft DRSR Dec 2017) (Citation: Microsoft GetNCCChanges) (Citation: Samba DRSUAPI) (Citation: Wine API samlib.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

3 items with this tag.

T1005

Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.

Tactics
TA0009

See: MITRE ATT&CK

1 item with this tag.

T1053.005

Adversaries may abuse the Windows Task Scheduler to perform task scheduling for initial or recurring execution of malicious code.

Tactics
TA0002 TA0003 TA0004

Sub-technique of
T1053

See: MITRE ATT&CK

1 item with this tag.

T1056

Adversaries may use methods of capturing user input to obtain credentials or collect information.

Tactics
TA0006 TA0009

Sub-techniques
T1056.001 T1056.002 T1056.003 T1056.004

See: MITRE ATT&CK

1 item with this tag.

T1056.001

Adversaries may log user keystrokes to intercept credentials as the user types them.

Tactics
TA0006 TA0009

Sub-technique of
T1056

See: MITRE ATT&CK

1 item with this tag.

T1059.007

Adversaries may abuse various implementations of JavaScript for execution.

Tactics
TA0002

Sub-technique of
T1059

See: MITRE ATT&CK

1 item with this tag.

T1068

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Tactics
TA0004

See: MITRE ATT&CK

12 items with this tag. Showing first 10 tags.

T1072

Adversaries may gain access to and use centralized software suites installed within an enterprise to execute commands and move laterally through the network.

Tactics
TA0002 TA0008

See: MITRE ATT&CK

1 item with this tag.

T1078

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

Tactics
TA0001 TA0003 TA0004 TA0005

Sub-techniques
T1078.001 T1078.002 T1078.003 T1078.004

See: MITRE ATT&CK

26 items with this tag. Showing first 10 tags.

T1078.002

Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

Tactics
TA0001 TA0003 TA0004 TA0005

Sub-technique of
T1078

See: MITRE ATT&CK

9 items with this tag.

T1078.003

Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

Tactics
TA0001 TA0003 TA0004 TA0005

Sub-technique of
T1078

See: MITRE ATT&CK

11 items with this tag. Showing first 10 tags.

T1098

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.

Tactics
TA0003 TA0004

Sub-techniques
T1098.001 T1098.002 T1098.003 T1098.004 T1098.005 T1098.006

See: MITRE ATT&CK

8 items with this tag.

T1110

Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.

Tactics
TA0006

Sub-techniques
T1110.001 T1110.002 T1110.003 T1110.004

See: MITRE ATT&CK

21 items with this tag. Showing first 10 tags.

T1110.001

Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts.

Tactics
TA0006

Sub-technique of
T1110

See: MITRE ATT&CK

1 item with this tag.

T1110.002

Adversaries may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained.

Tactics
TA0006

Sub-technique of
T1110

See: MITRE ATT&CK

14 items with this tag. Showing first 10 tags.

T1110.003

Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials.

Tactics
TA0006

Sub-technique of
T1110

See: MITRE ATT&CK

1 item with this tag.

T1110.004

Adversaries may use credentials obtained from breach dumps of unrelated accounts to gain access to target accounts through credential overlap.

Tactics
TA0006

Sub-technique of
T1110

See: MITRE ATT&CK

1 item with this tag.

T1133

Adversaries may leverage external-facing remote services to initially access and/or persist within a network.

Tactics
TA0001 TA0003

See: MITRE ATT&CK

2 items with this tag.

T1187

Adversaries may gather credential material by invoking or forcing a user to automatically provide authentication information through a mechanism in which they can intercept.

Tactics
TA0006

See: MITRE ATT&CK

1 item with this tag.

T1189

Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.

Tactics
TA0001

See: MITRE ATT&CK

1 item with this tag.

T1190

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Tactics
TA0001

See: MITRE ATT&CK

31 items with this tag. Showing first 10 tags.

T1204

An adversary may rely upon specific actions by a user in order to gain execution.

Tactics
TA0002

Sub-techniques
T1204.001 T1204.002 T1204.003

See: MITRE ATT&CK

1 item with this tag.

T1204.001

An adversary may rely upon a user clicking a malicious link in order to gain execution.

Tactics
TA0002

Sub-technique of
T1204

See: MITRE ATT&CK

1 item with this tag.

T1213

Adversaries may leverage information repositories to mine valuable information.

Tactics
TA0009

Sub-techniques
T1213.001 T1213.002 T1213.003

See: MITRE ATT&CK

1 item with this tag.

T1213.003

Adversaries may leverage code repositories to collect valuable information.

Tactics
TA0009

Sub-technique of
T1213

See: MITRE ATT&CK

1 item with this tag.

T1484

Adversaries may modify the configuration settings of a domain or identity tenant to evade defenses and/or escalate privileges in centrally managed environments.

Tactics
TA0004 TA0005

Sub-techniques
T1484.001 T1484.002

See: MITRE ATT&CK

1 item with this tag.

T1484.001

Adversaries may modify Group Policy Objects (GPOs) to subvert the intended discretionary access controls for a domain, usually with the intention of escalating privileges on the domain.

Tactics
TA0004 TA0005

Sub-technique of
T1484

See: MITRE ATT&CK

1 item with this tag.

T1528

Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.

Tactics
TA0006

See: MITRE ATT&CK

1 item with this tag.

T1539

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

Tactics
TA0006

See: MITRE ATT&CK

4 items with this tag.

T1548

Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions.

Tactics
TA0004 TA0005

Sub-techniques
T1548.001 T1548.002 T1548.003 T1548.004 T1548.005 T1548.006

See: MITRE ATT&CK

1 item with this tag.

T1548.003

Adversaries may perform sudo caching and/or use the sudoers file to elevate privileges.

Tactics
TA0004 TA0005

Sub-technique of
T1548

See: MITRE ATT&CK

1 item with this tag.

T1550

Adversaries may use alternate authentication material, such as password hashes, Kerberos tickets, and application access tokens, in order to move laterally within an environment and bypass normal system access controls.

Tactics
TA0005 TA0008

Sub-techniques
T1550.001 T1550.002 T1550.003 T1550.004

See: MITRE ATT&CK

1 item with this tag.

T1552

Adversaries may search compromised systems to find and obtain insecurely stored credentials.

Tactics
TA0006

Sub-techniques
T1552.001 T1552.002 T1552.003 T1552.004 T1552.005 T1552.006 T1552.007 T1552.008

See: MITRE ATT&CK

20 items with this tag. Showing first 10 tags.

T1552.001

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

Tactics
TA0006

Sub-technique of
T1552

See: MITRE ATT&CK

15 items with this tag. Showing first 10 tags.

T1552.003

Adversaries may search the bash command history on compromised systems for insecurely stored credentials.

Tactics
TA0006

Sub-technique of
T1552

See: MITRE ATT&CK

1 item with this tag.

T1552.004

Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.

Tactics
TA0006

Sub-technique of
T1552

See: MITRE ATT&CK

1 item with this tag.

T1552.008

Adversaries may directly collect unsecured credentials stored or passed through user communication services.

Tactics
TA0006

Sub-technique of
T1552

See: MITRE ATT&CK

1 item with this tag.

T1555

Adversaries may search for common password storage locations to obtain user credentials.

Tactics
TA0006

Sub-techniques
T1555.001 T1555.002 T1555.003 T1555.004 T1555.005 T1555.006

See: MITRE ATT&CK

6 items with this tag.

T1555.006

Adversaries may acquire credentials from cloud-native secret management solutions such as AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, and Terraform Vault.

Tactics
TA0006

Sub-technique of
T1555

See: MITRE ATT&CK

1 item with this tag.

T1558

Adversaries may attempt to subvert Kerberos authentication by stealing or forging Kerberos tickets to enable [Pass the Ticket](https://attack.

Tactics
TA0006

Sub-techniques
T1558.001 T1558.002 T1558.003 T1558.004

See: MITRE ATT&CK

4 items with this tag.

T1558.003

Adversaries may abuse a valid Kerberos ticket-granting ticket (TGT) or sniff network traffic to obtain a ticket-granting service (TGS) ticket that may be vulnerable to [Brute Force](https://attack.

Tactics
TA0006

Sub-technique of
T1558

See: MITRE ATT&CK

2 items with this tag.

T1562.001

Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities.

Tactics
TA0005

Sub-technique of
T1562

See: MITRE ATT&CK

1 item with this tag.

T1566.001

Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.

Tactics
TA0001

Sub-technique of
T1566

See: MITRE ATT&CK

1 item with this tag.

T1566.002

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

Tactics
TA0001

Sub-technique of
T1566

See: MITRE ATT&CK

1 item with this tag.

T1574.008

Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.

Tactics
TA0003 TA0004 TA0005

Sub-technique of
T1574

See: MITRE ATT&CK

1 item with this tag.

T1589

Adversaries may gather information about the victim’s identity that can be used during targeting.

Tactics
TA0043

Sub-techniques
T1589.001 T1589.002 T1589.003

See: MITRE ATT&CK

1 item with this tag.

T1599

Adversaries may bridge network boundaries by compromising perimeter network devices or internal devices responsible for network segmentation.

Tactics
TA0005

Sub-techniques
T1599.001

See: MITRE ATT&CK

2 items with this tag.

T1606

Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.

Tactics
TA0006

Sub-techniques
T1606.001 T1606.002

See: MITRE ATT&CK

5 items with this tag.

T1606.002

An adversary may forge SAML tokens with any permissions claims and lifetimes if they possess a valid SAML token-signing certificate.

Tactics
TA0006

Sub-technique of
T1606

See: MITRE ATT&CK

1 item with this tag.

T1610

Adversaries may deploy a container into an environment to facilitate execution or evade defenses.

Tactics
TA0002 TA0005

See: MITRE ATT&CK

1 item with this tag.

T1611

Adversaries may break out of a container to gain access to the underlying host.

Tactics
TA0004

See: MITRE ATT&CK

5 items with this tag.

windows

14 items with this tag. Showing first 10 tags.

xss

10 items with this tag.

Recent ...