TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Making Sense of Alphabet Soup: 16 Security Terms and Acronyms You Should Know | Huntress

2024-09-18 · Read original ↗

ATT&CK techniques detected

70 predictions
T1056.001Keylogging
100%
"the window of vulnerability and minimizes the risk of unauthorized access or misuse of elevated privileges. k using cryptography, kerberos is an authentication protocol that verifies the identity of users and hosts. keylogger a keylogger is a software that an attacker uses to rec…"
T1486Data Encrypted for Impact
99%
"often used by cybercriminals to target point - of - sale ( pos ) systems, particularly in retail and hospitality settings. ransomware is malicious software that encrypts data and demands payment, usually in the form of cryptocurrency, for its release. ransomware recovery ransomwa…"
T1219Remote Access Tools
97%
"a group of internal or external it experts who simulate the actions of adversarial malicious attacks on a network as an exercise. remote access as the name implies, remote access refers to accessing network resources from a geographical distance through a network connection. remo…"
T1654Log Enumeration
96%
"and creating new ones. log streaming log streaming is the real - time process of continuously capturing and transmitting log data from applications and systems to external monitoring, analytics, or storage platforms for immediate analysis and alerting. logging level logging level…"
T1560.001Archive via Utility
93%
"##mpression bomb ” or “ zip of death, ” is a type of malicious archive file designed to overwhelm a system ’ s resources when decompressed. unlike most malware, which corrupts or steals data, zip bombs create chaos by exhausting a system ’ s cpu, ram, and storage capacity. zombie…"
T1556.006Multi-Factor Authentication
93%
"disrupt your life. mobile threat defense mobile threat defense ( mtd ) is a cybersecurity solution that protects smartphones, tablets, and other mobile devices from cyber threats using advanced detection technologies like machine learning, behavioral analysis, and real - time mon…"
T1059Command and Scripting Interpreter
91%
"by attackers. remote shell remote shells operate through a client - server model. when you initiate a remote shell session, your local machine ( the client ) establishes a connection to a target system ( the server ) using any number of network protocols. once connected, you can …"
T1557.001Name Resolution Poisoning and SMB Relay
88%
"a malicious dynamic link library ( dll ) instead of the legitimate one. essentially, it ’ s a sneaky way to bypass security measures and run harmful code. dlp antivirus dlp antivirus, or data loss prevention antivirus, is a cybersecurity solution aimed at detecting and preventing…"
T1027.003Steganography
86%
"code without executing the program to identify potential security vulnerabilities early in the software development process. sast acts as a proactive security measure, scanning code for weaknesses like sql injection, cross - site scripting, and buffer overflows before application…"
T1588.006Vulnerabilities
86%
"huntress ctf, is our our yearly month - long competition of daily challenges designed for experts and enthusiasts alike. cve - common vulnerabilities and exposures cve, or common vulnerabilities and exposures, is a standardized list of publicly disclosed cybersecurity vulnerabili…"
T1014Rootkit
85%
"digital equivalent of having master keys to every door in a building. rootkit a rootkit is a type of malware that gives attackers hidden control over a computer system, allowing unauthorized access while staying concealed, making it one of the trickiest cyber threats to detect an…"
T1550.002Pass the Hash
85%
"wireless delivery of software updates, configurations, and data to connected devices without requiring physical access or manual intervention. this technology enables remote updates to everything from smartphones to smart cars, using cellular, wi - fi, or other wireless networks.…"
T1190Exploit Public-Facing Application
84%
"networks within a cloud - based computing environment. ingress controller an ingress controller is a kubernetes ( commonly referred to as k8s ) component that manages external access to services within a cluster, acting as a traffic director that routes incoming requests to the r…"
T1486Data Encrypted for Impact
84%
"and email interactions, to find deviations from typical patterns and examining the system itself for anomalies like unexpected resource consumption, unusual network traffic, or unexpected software changes. big game hunting big game hunting ( bgh ) is a term used to describe sophi…"
T1566.002Spearphishing Link
81%
"sensitive information through deceptive emails or links. learn more about phishing through our guide, what is phishing ( and how does it affect your business )? phishing - as - a - service ( phaas ) phishing - as - a - service ( phaas ) is a cybercrime business model in which att…"
T1542.003Bootkit
79%
"does not involve taking control of the device or accessing its data. bluesnarfing bluesnarfing is a cyberattack where an attacker exploits bluetooth vulnerabilities to secretly access and steal sensitive data — such as contacts, messages, call logs, and files — from a device with…"
T1071.001Web Protocols
77%
", like metrics, logs, and traces. on - prem on - premises is a physical infrastructural setup deployed, running, and maintained within the confines of an organization typically in a datacenter or colo ( colocation facility ). one - time password a one - time password ( otp ) is a…"
T1598Phishing for Information
74%
"sensitive information through deceptive emails or links. learn more about phishing through our guide, what is phishing ( and how does it affect your business )? phishing - as - a - service ( phaas ) phishing - as - a - service ( phaas ) is a cybercrime business model in which att…"
T1557.001Name Resolution Poisoning and SMB Relay
73%
"intended recipient. also referred to as arp poisoning. address space layout randomization ( aslr ) address space layout randomization ( aslr ) is a cybersecurity technique that randomizes the memory locations used by key system components, making it tougher for attackers to predi…"
T1556.006Multi-Factor Authentication
70%
"point for digital media within organizations or homes. mfa token mfa token is a security mechanism used in multi - factor authentication that provides a one - time code or cryptographic key to verify a user ’ s identity as a second authentication factor. typically generated by a …"
T1525Implant Internal Image
69%
"is not shared with the public, allowing the owner to maintain exclusive control over its development and distribution. cloud access security broker ( casb ) a security checkpoint between cloud users and applications, casb manages and enforces data security policies including auth…"
T1542.001System Firmware
68%
"##ible firmware interface ( uefi ) is a modern replacement for the legacy bios ( basic input / output system ) that handles the critical first steps of your computer ' s boot process. unauthorized or unwanted access occurs when a person or entity gains access without permission t…"
T1486Data Encrypted for Impact
67%
"##as lowers the barrier to entry for attackers and enables the rapid spread of ransomware campaigns. rc5 algorithm rc5 is a symmetric - key block cipher designed by ron rivest in 1994, notable for its simplicity, flexibility, and efficiency. it features variable parameters includ…"
T1566.002Spearphishing Link
67%
"between security concerns and business objectives. click fraud click fraud is a growing threat that costs businesses billions annually. it inflates your ad spend, skews your analytics, and makes it nearly impossible to measure the true effectiveness of your marketing campaigns. c…"
T1027Obfuscated Files or Information
65%
". cryptographer a cryptographer protects data through encryption, ensuring that private information stays that way. using mathematics and computer science, cryptographers create algorithms and security protocols that encrypt sensitive data, making it accessible only to authorized…"
T1572Protocol Tunneling
65%
"transmits the stolen data to attackers, often leading to privacy violations, identity theft, or financial loss. sql injection ( sqli ) a cyberattack that injects malicious sql code into an application to view or modify a database. ssh ssh, or secure shell, is a cryptographic prot…"
T1588.006Vulnerabilities
63%
"##attackers exploit this vulnerability to inject malicious code into a site, often exposing sensitive data or enabling unauthorized actions. dark ai dark ai refers to the misuse of artificial intelligence technologies for unethical or malicious purposes, particularly in the realm…"
T1584.005Botnet
62%
"conversation. in cybersecurity, bots can be used for various purposes, from threat detection to responding to customer inquiries. bot mitigation bot mitigation is the practice of spotting and preventing malicious bots from acting before they wreak havoc on your website, app, or n…"
T1204.002Malicious File
60%
"host system or network. this represents a critical security failure where containment boundaries are bypassed, allowing threats to execute on the actual machine rather than remaining trapped in their designated sandbox. sandboxing sandboxing is a cybersecurity technique used to t…"
T1090.004Domain Fronting
56%
"dns sinkholing as setting up a fake address that leads nowhere. when a device on your network tries to connect to a malicious website, instead of getting the real ip address, it receives a bogus one that either goes nowhere or leads to a server you control. doc doc is the file ex…"
T1548.002Bypass User Account Control
54%
"protocol based on tls that provides encryption, integrity, and authentication for real - time, delay - sensitive applications like voip and gaming that use the fast but " unreliable " user datagram protocol ( udp ). dump data dump data is a complete copy of information from a dat…"
T1587.004Exploits
53%
"##rity professional who creates code or tools that take advantage of vulnerabilities in software, systems, or networks to trigger unintended behavior or gain unauthorized access. their work is used both for ethical security research — helping identify and fix weaknesses — and for…"
T1087.002Domain Account
52%
"current version is 1 ). 5 : the identifier authority ( 5 = nt authority ). 21 : sub - authority indicating the domain identifier size. 3632462615 - 3141105534 - 30830830 : the domain or local computer identifier. 1115 : the relative identifier ( rid ) that pinpoints the specific …"
T1657Financial Theft
51%
") is a phishing scam where threat actors impersonate a trusted source to convince others to give them sensitive information or take specific action. c named after the songbirds, ransomware canaries describe the physical or virtual devices that mimic other devices to lure attacker…"
T1498Network Denial of Service
50%
"while data security encompasses all measures to guard against unauthorized access to digital data. data sovereignty data sovereignty is the legal principle that digital data is subject to the laws and governance of the specific country or jurisdiction in which it is physically lo…"
T1190Exploit Public-Facing Application
50%
"for voice over internet protocol, which means voice data is sent and received using internet protocols. vpn a vpn ( virtual private network ) is a service that creates an encrypted tunnel between a device and the internet, masking the user ' s ip address and protecting transmitte…"
T1204.002Malicious File
50%
"ups, which includes securing development environments, sticking to pre - vetted components, using built - in security features, and double - checking that your configurations and access controls are correct. m mac flooding mac flooding is a network attack in which a switch is int…"
T1018Remote System Discovery
49%
"misconfiguration a security misconfiguration is a vulnerability that happens when the settings on your applications, systems, or cloud services aren ’ t properly secured, creating gaps that attackers can exploit. security operations center ( soc ) a centralized unit that deals wi…"
T1071.001Web Protocols
49%
", automate detection, and take action before things get messy. tls encryption tls ( transport layer security ) encryption is a technology that secures data while it ’ s being transmitted online, ensuring it ’ s safe from eavesdropping or tampering. it ’ s the backbone of secure c…"
T1078.004Cloud Accounts
48%
"##rberos to gain unauthorized access to windows active directory controls, requiring initial system access. google cloud platform ( gcp ) google cloud platform ( gcp ) is a suite of cloud computing services provided by google that allows organizations to build, deploy, and scale …"
T1204.002Malicious File
47%
"##ta software, and newsletter software supermailer. these applications may appear harmless but can be exploited for malicious activities like phishing, data exfiltration, and financial fraud. transparency, consent, & control ( tcc ) a database stored locally on macos computers de…"
T1110.003Password Spraying
46%
"##ing attack where adversaries steal authenticated browser cookies to impersonate a user — bypassing multi - factor authentication entirely. the password is irrelevant. the cookie is the key. password management tool a password management tool is software that stores and protects…"
T1059.003Windows Command Shell
45%
"a comprehensive set of tools, services, and best practices designed to protect data, applications, and infrastructure hosted on amazon web services. it operates on a shared responsibility model where aws secures the cloud infrastructure while customers secure their data and appli…"
T1557Adversary-in-the-Middle
44%
"##oofing ( also called arp poisoning ) is a cyberattack where a hacker sends fake arp ( address resolution protocol ) messages within a local network. this tricks devices into associating the attacker ’ s mac address with legitimate ip addresses, enabling them to intercept, modif…"
T1558.003Kerberoasting
44%
"to identify, deter, and stop fraudulent activities before they can cause financial or reputational damage to an organization. full disk access ( fda ) a macos tcc permission that allows software to access sensitive user information. g general data protection regulation ( gdpr ) t…"
T1555.003Credentials from Web Browsers
43%
"device ( byod ) a byod policy allowing employees to use personal devices for work, which can introduce security risks if not properly managed. browser extension a browser extension is a small software module that adds functionality to your web browser. examples include ad blocker…"
T1491.002External Defacement
41%
"##ment website defacement is when someone gains unauthorized access to your website and swaps your pages or messages with their own. it ’ s digital graffiti, but the stakes are much higher for your business, reputation, and trust. website defacement website defacement is a cybera…"
T1557.001Name Resolution Poisoning and SMB Relay
40%
") a virtual computer image that behaves like an actual computer, a virtual machine can run its own separate computing environment, typically inside of a server. virtual private network ( vpn ) a vpn, or virtual private network, is a service that creates a secure, encrypted connec…"
T1185Browser Session Hijacking
40%
"based, with additional expenses coming from subscription fees, managed services, and the specific security features required. firewall costs the cost of a firewall can range from as little as $ 5 per month for basic software solutions to tens of thousands of dollars for enterpris…"
T1496Resource Hijacking
39%
"to implement during cloud adoption to protect against cyberattacks. cloud security frameworks cloud security frameworks a structured sets of guidelines and best practices designed to help organizations secure their cloud environments and ensure compliance with regulatory standard…"
T1204.002Malicious File
39%
"onto the recipient ' s device. malvertising malvertising is a cyberattack method where criminals inject malicious code into legitimate online advertisements to distribute malware or redirect users to dangerous websites. malware malware is malicious software designed to harm a com…"
T1212Exploitation for Credential Access
38%
"##rity professional who creates code or tools that take advantage of vulnerabilities in software, systems, or networks to trigger unintended behavior or gain unauthorized access. their work is used both for ethical security research — helping identify and fix weaknesses — and for…"
T1654Log Enumeration
38%
"immediate and often irreversible, victims may have little recourse once a scam is successful. centralized logging centralized logging is the practice of collecting log data from across your organization ’ s digital ecosystem and storing it in one central platform or repository fo…"
T1588.006Vulnerabilities
37%
"web security vulnerability where attackers inject malicious scripts into trusted websites, which then execute in victims ' browsers to steal credentials or hijack sessions. crud operations crud stands for create, read, update, delete. these four operations are the backbone of mos…"
T1566.002Spearphishing Link
36%
"##p is an internet community focused on understanding web technologies and exploitations, also known as the owasp top 10. open worldwide application security project ( owasp ) owasp is a global nonprofit organization that improves software security by providing free resources, to…"
T1204.002Malicious File
36%
"in cybersecurity refers to the infrastructure used by cybercriminals to communicate and control compromised devices in targeted networks. once malware infects a device, attackers use this server to issue commands, extract stolen data, and maintain control. common cash app scams c…"
T1539Steal Web Session Cookie
36%
"##ing attack where adversaries steal authenticated browser cookies to impersonate a user — bypassing multi - factor authentication entirely. the password is irrelevant. the cookie is the key. password management tool a password management tool is software that stores and protects…"
T1204.001Malicious Link
35%
"between security concerns and business objectives. click fraud click fraud is a growing threat that costs businesses billions annually. it inflates your ad spend, skews your analytics, and makes it nearly impossible to measure the true effectiveness of your marketing campaigns. c…"
T1539Steal Web Session Cookie
34%
"the practice of constantly keeping tabs on your it systems for any suspicious or malicious activity. cookie cookie is a small text file stored on a user ’ s browser by a website to remember information such as login details, preferences, and browsing activity. cookies enable webs…"
T1588.002Tool
33%
"hacker a hacker is someone who uses their technical know - how of computers, programming, or networking for unauthorized access to systems or networks. hacktivism hacktivism is the use of computer hacking techniques to promote or push ideological, political, or social agendas. un…"
T1588.006Vulnerabilities
33%
"##rity professional who creates code or tools that take advantage of vulnerabilities in software, systems, or networks to trigger unintended behavior or gain unauthorized access. their work is used both for ethical security research — helping identify and fix weaknesses — and for…"
T1071.001Web Protocols
33%
"traffic refers to data transferred between a user ’ s browser and a website over a secured connection enabled by ssl ( secure sockets layer ) or its successor, tls ( transport layer security ). ssl vpn an ssl vpn ( secure sockets layer virtual private network ) is a type of vpn t…"
T1566Phishing
32%
"code phishing ) quishing is a type of phishing attack that uses malicious qr codes to trick people into visiting dangerous websites, downloading malware, or giving up sensitive information like passwords and credit card numbers. the term combines qr code + phishing. r race condit…"
T1518.001Security Software Discovery
32%
"specialized software designed to detect, prevent, and remove spyware from devices. antivirus is a type of software that is designed to prevent, search for, detect and remove viruses and other malware from a computer. av software is typically installed on the endpoint to block mal…"
T1608.006SEO Poisoning
32%
"us, the gap between a poc and a full - blown attack? it ’ s way smaller than you want it to be. seo poisoning seo poisoning is a technique where cybercriminals manipulate search engine optimization tactics to make malicious websites rank highly in search results, tricking users i…"
T1110.003Password Spraying
32%
"us federal law established in 1996, hipaa mandates the protection and confidential handling of people ’ s medical information. heap spraying heap spraying is a specialized cyberattack technique where an attacker floods a system ' s memory " heap " with malicious code to increase …"
T1486Data Encrypted for Impact
31%
"spread across networks without needing any input from you. conditional access conditional access ( ca ) is a security process that decides who gets access to your organization ’ s resources, under what conditions, and based on real - time contexts. container a lightweight package…"
T1078Valid Accounts
31%
"an insider threat is a cybersecurity risk that originates from within an organization, typically involving current or former employees, contractors, or business partners who have authorized access to company systems and data, but misuse that access either intentionally or uninten…"
T1078.002Domain Accounts
31%
"##o, is an attack that occurs when a threat actor gains unauthorized access to a user ’ s account credentials and takes over the account to commit malicious activity, such as fraud or data theft. active directory active directory is a microsoft windows directory service that help…"
T1557.001Name Resolution Poisoning and SMB Relay
30%
"security means designing, developing, and maintaining software so that it resists attacks or accidental failures. its main goal is to keep software safe from being misused, altered, or broken — even when hackers or mistakes try to take it down. software - as - a - service ( saas …"

Summary

Read up on the key cybersecurity terms and acronyms every security professional should know and understand.