Home
ATT&CK Techniques
T1211 Exploitation for Defense Evasion

T1211 Exploitation for Defense Evasion Mappings

Adversaries may exploit a system or application vulnerability to bypass security features. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Vulnerabilities may exist in defensive security software that can be used to disable or circumvent them.

Adversaries may have prior knowledge through reconnaissance that security software exists within an environment or they may perform checks during or shortly after the system is compromised for Security Software Discovery. The security software will likely be targeted directly for exploitation. There are examples of antivirus software being targeted by persistent threat groups to avoid detection.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-4	Information Flow Enforcement	Protects	T1211	Exploitation for Defense Evasion
AC-6	Least Privilege	Protects	T1211	Exploitation for Defense Evasion
CA-7	Continuous Monitoring	Protects	T1211	Exploitation for Defense Evasion
CA-8	Penetration Testing	Protects	T1211	Exploitation for Defense Evasion
CM-2	Baseline Configuration	Protects	T1211	Exploitation for Defense Evasion
CM-6	Configuration Settings	Protects	T1211	Exploitation for Defense Evasion
CM-8	System Component Inventory	Protects	T1211	Exploitation for Defense Evasion
RA-10	Threat Hunting	Protects	T1211	Exploitation for Defense Evasion
RA-5	Vulnerability Monitoring and Scanning	Protects	T1211	Exploitation for Defense Evasion
SC-18	Mobile Code	Protects	T1211	Exploitation for Defense Evasion
SC-2	Separation of System and User Functionality	Protects	T1211	Exploitation for Defense Evasion
SC-26	Decoys	Protects	T1211	Exploitation for Defense Evasion
SC-29	Heterogeneity	Protects	T1211	Exploitation for Defense Evasion
SC-3	Security Function Isolation	Protects	T1211	Exploitation for Defense Evasion
SC-30	Concealment and Misdirection	Protects	T1211	Exploitation for Defense Evasion
SC-35	External Malicious Code Identification	Protects	T1211	Exploitation for Defense Evasion
SC-39	Process Isolation	Protects	T1211	Exploitation for Defense Evasion
SC-7	Boundary Protection	Protects	T1211	Exploitation for Defense Evasion
SI-2	Flaw Remediation	Protects	T1211	Exploitation for Defense Evasion
SI-3	Malicious Code Protection	Protects	T1211	Exploitation for Defense Evasion
SI-4	System Monitoring	Protects	T1211	Exploitation for Defense Evasion
SI-5	Security Alerts, Advisories, and Directives	Protects	T1211	Exploitation for Defense Evasion
SI-7	Software, Firmware, and Information Integrity	Protects	T1211	Exploitation for Defense Evasion