ryuki's blog

Tag Index

Found 392 total tags.

command-injection

6 items with this tag.

ctf

38 items with this tag. Showing first 10 tags.

dcsync

5 items with this tag.

easy

23 items with this tag. Showing first 10 tags.

gitea

7 items with this tag.

hackthebox

61 items with this tag. Showing first 10 tags.

hard

17 items with this tag. Showing first 10 tags.

insane

7 items with this tag.

linux

42 items with this tag. Showing first 10 tags.

medium

17 items with this tag. Showing first 10 tags.

password-spray

5 items with this tag.

path-traversal

8 items with this tag.

sql-injection

5 items with this tag.

T1003

Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password.

Tactics
TA0006

Sub-techniques
T1003.001 T1003.002 T1003.003 T1003.004 T1003.005 T1003.006 T1003.007 T1003.008

See: MITRE ATT&CK

9 items with this tag.

T1003.001

Adversaries may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS).

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

1 item with this tag.

T1003.002

Adversaries may attempt to extract credential material from the Security Account Manager (SAM) database either through in-memory techniques or through the Windows Registry where the SAM database is stored.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

5 items with this tag.

T1003.003

Adversaries may attempt to access or create a copy of the Active Directory domain database in order to steal credential information, as well as obtain other information about domain members such as devices, users, and access rights.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

2 items with this tag.

T1003.006

Adversaries may attempt to access credentials and other sensitive information by abusing a Windows Domain Controller’s application programming interface (API)(Citation: Microsoft DRSR Dec 2017) (Citation: Microsoft GetNCCChanges) (Citation: Samba DRSUAPI) (Citation: Wine API samlib.

Tactics
TA0006

Sub-technique of
T1003

See: MITRE ATT&CK

6 items with this tag.

T1005

Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.

Tactics
TA0009

See: MITRE ATT&CK

1 item with this tag.

T1036

Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.

Tactics
TA0005

Sub-techniques
T1036.001 T1036.002 T1036.003 T1036.004 T1036.005 T1036.006 T1036.007 T1036.008 T1036.009

See: MITRE ATT&CK

1 item with this tag.

T1036.003

Adversaries may rename legitimate system utilities to try to evade security mechanisms concerning the usage of those utilities.

Tactics
TA0005

Sub-technique of
T1036

See: MITRE ATT&CK

1 item with this tag.

T1053.005

Adversaries may abuse the Windows Task Scheduler to perform task scheduling for initial or recurring execution of malicious code.

Tactics
TA0002 TA0003 TA0004

Sub-technique of
T1053

See: MITRE ATT&CK

1 item with this tag.

T1056

Adversaries may use methods of capturing user input to obtain credentials or collect information.

Tactics
TA0006 TA0009

Sub-techniques
T1056.001 T1056.002 T1056.003 T1056.004

See: MITRE ATT&CK

1 item with this tag.

T1056.001

Adversaries may log user keystrokes to intercept credentials as the user types them.

Tactics
TA0006 TA0009

Sub-technique of
T1056

See: MITRE ATT&CK

1 item with this tag.

T1059

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

Tactics
TA0002

Sub-techniques
T1059.001 T1059.002 T1059.003 T1059.004 T1059.005 T1059.006 T1059.007 T1059.008 T1059.009 T1059.010

See: MITRE ATT&CK

6 items with this tag.

T1059.003

Adversaries may abuse the Windows command shell for execution.

Tactics
TA0002

Sub-technique of
T1059

See: MITRE ATT&CK

1 item with this tag.

T1059.006

Adversaries may abuse Python commands and scripts for execution.

Tactics
TA0002

Sub-technique of
T1059

See: MITRE ATT&CK

1 item with this tag.

T1059.007

Adversaries may abuse various implementations of JavaScript for execution.

Tactics
TA0002

Sub-technique of
T1059

See: MITRE ATT&CK

1 item with this tag.

T1068

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Tactics
TA0004

See: MITRE ATT&CK

19 items with this tag. Showing first 10 tags.

T1072

Adversaries may gain access to and use centralized software suites installed within an enterprise to execute commands and move laterally through the network.

Tactics
TA0002 TA0008

See: MITRE ATT&CK

2 items with this tag.

T1078

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

Tactics
TA0001 TA0003 TA0004 TA0005

Sub-techniques
T1078.001 T1078.002 T1078.003 T1078.004

See: MITRE ATT&CK

49 items with this tag. Showing first 10 tags.

T1078.002

Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

Tactics
TA0001 TA0003 TA0004 TA0005

Sub-technique of
T1078

See: MITRE ATT&CK

17 items with this tag. Showing first 10 tags.

T1078.003

Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

Tactics
TA0001 TA0003 TA0004 TA0005

Sub-technique of
T1078

See: MITRE ATT&CK

27 items with this tag. Showing first 10 tags.

T1087

Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment.

Tactics
TA0007

Sub-techniques
T1087.001 T1087.002 T1087.003 T1087.004

See: MITRE ATT&CK

1 item with this tag.

T1098

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.

Tactics
TA0003 TA0004

Sub-techniques
T1098.001 T1098.002 T1098.003 T1098.004 T1098.005 T1098.006

See: MITRE ATT&CK

14 items with this tag. Showing first 10 tags.

T1098.007

5 items with this tag.

T1110

Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.

Tactics
TA0006

Sub-techniques
T1110.001 T1110.002 T1110.003 T1110.004

See: MITRE ATT&CK

34 items with this tag. Showing first 10 tags.

T1110.002

Adversaries may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained.

Tactics
TA0006

Sub-technique of
T1110

See: MITRE ATT&CK

24 items with this tag. Showing first 10 tags.

T1110.003

Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials.

Tactics
TA0006

Sub-technique of
T1110

See: MITRE ATT&CK

6 items with this tag.

T1110.004

Adversaries may use credentials obtained from breach dumps of unrelated accounts to gain access to target accounts through credential overlap.

Tactics
TA0006

Sub-technique of
T1110

See: MITRE ATT&CK

1 item with this tag.

T1133

Adversaries may leverage external-facing remote services to initially access and/or persist within a network.

Tactics
TA0001 TA0003

See: MITRE ATT&CK

2 items with this tag.

T1187

Adversaries may gather credential material by invoking or forcing a user to automatically provide authentication information through a mechanism in which they can intercept.

Tactics
TA0006

See: MITRE ATT&CK

1 item with this tag.

T1189

Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.

Tactics
TA0001

See: MITRE ATT&CK

1 item with this tag.

T1190

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Tactics
TA0001

See: MITRE ATT&CK

44 items with this tag. Showing first 10 tags.

T1204.001

An adversary may rely upon a user clicking a malicious link in order to gain execution.

Tactics
TA0002

Sub-technique of
T1204

See: MITRE ATT&CK

1 item with this tag.

T1204.002

An adversary may rely upon a user opening a malicious file in order to gain execution.

Tactics
TA0002

Sub-technique of
T1204

See: MITRE ATT&CK

1 item with this tag.

T1213

Adversaries may leverage information repositories to mine valuable information.

Tactics
TA0009

Sub-techniques
T1213.001 T1213.002 T1213.003

See: MITRE ATT&CK

1 item with this tag.

T1213.003

Adversaries may leverage code repositories to collect valuable information.

Tactics
TA0009

Sub-technique of
T1213

See: MITRE ATT&CK

1 item with this tag.

T1484

Adversaries may modify the configuration settings of a domain or identity tenant to evade defenses and/or escalate privileges in centrally managed environments.

Tactics
TA0004 TA0005

Sub-techniques
T1484.001 T1484.002

See: MITRE ATT&CK

1 item with this tag.

T1484.001

Adversaries may modify Group Policy Objects (GPOs) to subvert the intended discretionary access controls for a domain, usually with the intention of escalating privileges on the domain.

Tactics
TA0004 TA0005

Sub-technique of
T1484

See: MITRE ATT&CK

1 item with this tag.

T1528

Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.

Tactics
TA0006

See: MITRE ATT&CK

1 item with this tag.

T1534

After they already have access to accounts or systems within the environment, adversaries may use internal spearphishing to gain access to additional information or compromise other users within the same organization.

Tactics
TA0008

See: MITRE ATT&CK

1 item with this tag.

T1539

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

Tactics
TA0006

See: MITRE ATT&CK

4 items with this tag.

T1548

Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions.

Tactics
TA0004 TA0005

Sub-techniques
T1548.001 T1548.002 T1548.003 T1548.004 T1548.005 T1548.006

See: MITRE ATT&CK

1 item with this tag.

T1548.003

Adversaries may perform sudo caching and/or use the sudoers file to elevate privileges.

Tactics
TA0004 TA0005

Sub-technique of
T1548

See: MITRE ATT&CK

1 item with this tag.

T1550

Adversaries may use alternate authentication material, such as password hashes, Kerberos tickets, and application access tokens, in order to move laterally within an environment and bypass normal system access controls.

Tactics
TA0005 TA0008

Sub-techniques
T1550.001 T1550.002 T1550.003 T1550.004

See: MITRE ATT&CK

3 items with this tag.

T1550.002

Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls.

Tactics
TA0005 TA0008

Sub-technique of
T1550

See: MITRE ATT&CK

2 items with this tag.

T1552

Adversaries may search compromised systems to find and obtain insecurely stored credentials.

Tactics
TA0006

Sub-techniques
T1552.001 T1552.002 T1552.003 T1552.004 T1552.005 T1552.006 T1552.007 T1552.008

See: MITRE ATT&CK

33 items with this tag. Showing first 10 tags.

T1552.001

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

Tactics
TA0006

Sub-technique of
T1552

See: MITRE ATT&CK

26 items with this tag. Showing first 10 tags.

T1552.004

Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.

Tactics
TA0006

Sub-technique of
T1552

See: MITRE ATT&CK

1 item with this tag.

T1552.008

Adversaries may directly collect unsecured credentials stored or passed through user communication services.

Tactics
TA0006

Sub-technique of
T1552

See: MITRE ATT&CK

1 item with this tag.

T1555

Adversaries may search for common password storage locations to obtain user credentials.

Tactics
TA0006

Sub-techniques
T1555.001 T1555.002 T1555.003 T1555.004 T1555.005 T1555.006

See: MITRE ATT&CK

11 items with this tag. Showing first 10 tags.

T1555.005

Adversaries may acquire user credentials from third-party password managers.

Tactics
TA0006

Sub-technique of
T1555

See: MITRE ATT&CK

4 items with this tag.

T1555.006

Adversaries may acquire credentials from cloud-native secret management solutions such as AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, and Terraform Vault.

Tactics
TA0006

Sub-technique of
T1555

See: MITRE ATT&CK

1 item with this tag.

T1557

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

Tactics
TA0006 TA0009

Sub-techniques
T1557.001 T1557.002 T1557.003

See: MITRE ATT&CK

1 item with this tag.

T1558

Adversaries may attempt to subvert Kerberos authentication by stealing or forging Kerberos tickets to enable [Pass the Ticket](https://attack.

Tactics
TA0006

Sub-techniques
T1558.001 T1558.002 T1558.003 T1558.004

See: MITRE ATT&CK

4 items with this tag.

T1558.003

Adversaries may abuse a valid Kerberos ticket-granting ticket (TGT) or sniff network traffic to obtain a ticket-granting service (TGS) ticket that may be vulnerable to [Brute Force](https://attack.

Tactics
TA0006

Sub-technique of
T1558

See: MITRE ATT&CK

2 items with this tag.

T1559

Adversaries may abuse inter-process communication (IPC) mechanisms for local code or command execution.

Tactics
TA0002

Sub-techniques
T1559.001 T1559.002 T1559.003

See: MITRE ATT&CK

1 item with this tag.

T1562.001

Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities.

Tactics
TA0005

Sub-technique of
T1562

See: MITRE ATT&CK

1 item with this tag.

T1566.001

Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.

Tactics
TA0001

Sub-technique of
T1566

See: MITRE ATT&CK

1 item with this tag.

T1566.002

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

Tactics
TA0001

Sub-technique of
T1566

See: MITRE ATT&CK

1 item with this tag.

T1574.008

Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.

Tactics
TA0003 TA0004 TA0005

Sub-technique of
T1574

See: MITRE ATT&CK

1 item with this tag.

T1589

Adversaries may gather information about the victim’s identity that can be used during targeting.

Tactics
TA0043

Sub-techniques
T1589.001 T1589.002 T1589.003

See: MITRE ATT&CK

1 item with this tag.

T1599

Adversaries may bridge network boundaries by compromising perimeter network devices or internal devices responsible for network segmentation.

Tactics
TA0005

Sub-techniques
T1599.001

See: MITRE ATT&CK

2 items with this tag.

T1606

Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.

Tactics
TA0006

Sub-techniques
T1606.001 T1606.002

See: MITRE ATT&CK

6 items with this tag.

T1606.001

Adversaries may forge web cookies that can be used to gain access to web applications or Internet services.

Tactics
TA0006

Sub-technique of
T1606

See: MITRE ATT&CK

4 items with this tag.

T1606.002

An adversary may forge SAML tokens with any permissions claims and lifetimes if they possess a valid SAML token-signing certificate.

Tactics
TA0006

Sub-technique of
T1606

See: MITRE ATT&CK

1 item with this tag.

T1610

Adversaries may deploy a container into an environment to facilitate execution or evade defenses.

Tactics
TA0002 TA0005

See: MITRE ATT&CK

1 item with this tag.

T1611

Adversaries may break out of a container to gain access to the underlying host.

Tactics
TA0004

See: MITRE ATT&CK

5 items with this tag.

T1649

Adversaries may steal or forge certificates used for authentication to access remote systems or resources.

Tactics
TA0006

See: MITRE ATT&CK

1 item with this tag.

windows

23 items with this tag. Showing first 10 tags.

xss

11 items with this tag. Showing first 10 tags.

Recent ...