T1211 Exploitation for Defense Evasion Mappings

Adversaries may exploit a system or application vulnerability to bypass security features. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Vulnerabilities may exist in defensive security software that can be used to disable or circumvent them.

Adversaries may have prior knowledge through reconnaissance that security software exists within an environment or they may perform checks during or shortly after the system is compromised for Security Software Discovery. The security software will likely be targeted directly for exploitation. There are examples of antivirus software being targeted by persistent threat groups to avoid detection.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
artifact_registry Artifact Registry technique_scores T1211 Exploitation for Defense Evasion
vmmanager VMManager technique_scores T1211 Exploitation for Defense Evasion