1. Home
  2. ATT&CK Techniques
  3. T1211 Exploitation for Defense Evasion

T1211 Exploitation for Defense Evasion Mappings

Adversaries may exploit a system or application vulnerability to bypass security features. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Vulnerabilities may exist in defensive security software that can be used to disable or circumvent them.

Adversaries may have prior knowledge through reconnaissance that security software exists within an environment or they may perform checks during or shortly after the system is compromised for Security Software Discovery. The security software will likely be targeted directly for exploitation. There are examples of antivirus software being targeted by persistent threat groups to avoid detection.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1211 Exploitation for Defense Evasion
AC-6 Least Privilege Protects T1211 Exploitation for Defense Evasion
CA-7 Continuous Monitoring Protects T1211 Exploitation for Defense Evasion
CA-8 Penetration Testing Protects T1211 Exploitation for Defense Evasion
CM-2 Baseline Configuration Protects T1211 Exploitation for Defense Evasion
CM-6 Configuration Settings Protects T1211 Exploitation for Defense Evasion
CM-8 System Component Inventory Protects T1211 Exploitation for Defense Evasion
RA-10 Threat Hunting Protects T1211 Exploitation for Defense Evasion
RA-5 Vulnerability Monitoring and Scanning Protects T1211 Exploitation for Defense Evasion
SC-18 Mobile Code Protects T1211 Exploitation for Defense Evasion
SC-2 Separation of System and User Functionality Protects T1211 Exploitation for Defense Evasion
SC-26 Decoys Protects T1211 Exploitation for Defense Evasion
SC-29 Heterogeneity Protects T1211 Exploitation for Defense Evasion
SC-3 Security Function Isolation Protects T1211 Exploitation for Defense Evasion
SC-30 Concealment and Misdirection Protects T1211 Exploitation for Defense Evasion
SC-35 External Malicious Code Identification Protects T1211 Exploitation for Defense Evasion
SC-39 Process Isolation Protects T1211 Exploitation for Defense Evasion
SC-7 Boundary Protection Protects T1211 Exploitation for Defense Evasion
SI-2 Flaw Remediation Protects T1211 Exploitation for Defense Evasion
SI-3 Malicious Code Protection Protects T1211 Exploitation for Defense Evasion
SI-4 System Monitoring Protects T1211 Exploitation for Defense Evasion
SI-5 Security Alerts, Advisories, and Directives Protects T1211 Exploitation for Defense Evasion
SI-7 Software, Firmware, and Information Integrity Protects T1211 Exploitation for Defense Evasion
CVE-2020-3244 Cisco ASR 5000 Series Software primary_impact T1211 Exploitation for Defense Evasion
CVE-2020-11087 FreeRDP secondary_impact T1211 Exploitation for Defense Evasion
CVE-2020-11019 FreeRDP secondary_impact T1211 Exploitation for Defense Evasion
CVE-2020-1141 Windows secondary_impact T1211 Exploitation for Defense Evasion
CVE-2014-4114 n/a uncategorized T1211 Exploitation for Defense Evasion
CVE-2020-10817 n/a uncategorized T1211 Exploitation for Defense Evasion
CVE-2019-5786 Chrome uncategorized T1211 Exploitation for Defense Evasion
CVE-2017-0213 Windows COM uncategorized T1211 Exploitation for Defense Evasion
CVE-2017-6922 Drupal Core uncategorized T1211 Exploitation for Defense Evasion
CVE-2019-11708 Firefox ESR uncategorized T1211 Exploitation for Defense Evasion
CVE-2018-7496 OSIsoft PI Vision uncategorized T1211 Exploitation for Defense Evasion
CVE-2015-1494 n/a uncategorized T1211 Exploitation for Defense Evasion
CVE-2014-0751 n/a uncategorized T1211 Exploitation for Defense Evasion
CVE-2020-8468 Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) uncategorized T1211 Exploitation for Defense Evasion
CVE-2018-6112 Chrome uncategorized T1211 Exploitation for Defense Evasion
CVE-2015-7755 n/a uncategorized T1211 Exploitation for Defense Evasion
CVE-2018-0560 Hatena Bookmark App for iOS uncategorized T1211 Exploitation for Defense Evasion
CVE-2018-8337 Windows 10 uncategorized T1211 Exploitation for Defense Evasion
CVE-2013-7246 n/a uncategorized T1211 Exploitation for Defense Evasion
CVE-2018-16179 Mizuho Direct App for Android uncategorized T1211 Exploitation for Defense Evasion
action.malware.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other malware enumerations, (such as Remote injection when a Remote injection vuln exists.) related-to T1211 Exploitation for Defense Evasion
aws_config AWS Config technique_scores T1211 Exploitation for Defense Evasion
amazon_inspector Amazon Inspector technique_scores T1211 Exploitation for Defense Evasion
aws_security_hub AWS Security Hub technique_scores T1211 Exploitation for Defense Evasion