VERIS action.hacking Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1047 Windows Management Instrumentation
action.hacking.vector.Command shell Remote shell related-to T1047 Windows Management Instrumentation
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053 Scheduled Task/Job
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1053 Scheduled Task/Job
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.001 Scheduled Task/Job: At (Linux)
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.002 Scheduled Task/Job: At (Windows)
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.003 Scheduled Task/Job: Cron
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.004 Scheduled Task/Job: Launchd
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.005 Scheduled Task/Job: Scheduled Task
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.006 Scheduled Task/Job: Systemd Timers
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.007 Scheduled Task/Job: Container Orchestration Job
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059 Command and Scripting Interpreter
action.hacking.vector.Command shell Remote shell related-to T1059 Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.001 Command and Scripting Interpreter: PowerShell
action.hacking.vector.Command shell Remote shell related-to T1059.001 Command and Scripting Interpreter: PowerShell
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.002 Command and Scripting Interpreter: AppleScript
action.hacking.vector.Command shell Remote shell related-to T1059.002 Command and Scripting Interpreter: AppleScript
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.003 Command and Scripting Interpreter: Windows Command Shell
action.hacking.vector.Command shell Remote shell related-to T1059.003 Command and Scripting Interpreter: Windows Command Shell
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.004 Command and Scripting Interpreter: Unix Shell
action.hacking.vector.Command shell Remote shell related-to T1059.004 Command and Scripting Interpreter: Unix Shell
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.005 Command and Scripting Interpreter: Visual Basic
action.hacking.vector.Command shell Remote shell related-to T1059.005 Command and Scripting Interpreter: Visual Basic
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.006 Command and Scripting Interpreter: Python
action.hacking.vector.Command shell Remote shell related-to T1059.006 Command and Scripting Interpreter: Python
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.007 Command and Scripting Interpreter: JavaScript
action.hacking.vector.Command shell Remote shell related-to T1059.007 Command and Scripting Interpreter: JavaScript
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1059.008 Command and Scripting Interpreter: Network Device CLI
action.hacking.vector.Command shell Remote shell related-to T1059.008 Command and Scripting Interpreter: Network Device CLI
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1072 Software Deployment Tools
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1106 Native API
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1112 Modify Registry
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1127 Trusted Developer Utilities Proxy Execution
action.hacking.variety.Unknown Unknown related-to T1127 Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1127.001 Tursted Developer Utilities Proxy Execution: MSBuild
action.hacking.variety.Unknown Unknown related-to T1127.001 Tursted Developer Utilities Proxy Execution: MSBuild
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1129 Shared Modules
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1137 Office Application Startup
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1137 Office Application Startup
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1137.001 Office Application Startup: Office Template Macros
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1137.002 Office Application Startup: Office Test
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1137.003 Office Application Startup: Outlook Forms
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1137.004 Office Application Startup: Outlook Home Page
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1137.005 Office Application Startup: Outlook Rules
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1187 Forced Authentication
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. related-to T1187 Forced Authentication
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1202 Indirect Command Execution
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1216 Signed Script Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1216.001 Signed Script Proxy Execution: PubPrn
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218 Signed Binary Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.001 Signed Binary Proxy Execution: Compiled HTML File
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.002 Signed Binary Proxy Execution: Control Panel
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.003 Signed Binary Proxy Execution: CMSTP
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.004 Signed Binary Proxy Execution: InstallUtil
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.005 Signed Binary Proxy Execution: Mshta
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.007 Signed Binary Proxy Execution: Msiexec
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.008 Signed Binary Proxy Execution: Odbcconf
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.009 Signed Binary Proxy Execution: Regsvcs/Regasm
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.010 Signed Binary Proxy Execution: Regsvr32
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.011 Signed Binary Proxy Execution: Rundll32
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.012 Signed Binary Proxy Execution: Verclsid
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1220 XSL Script Processing
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1505.001 Server Software Component: SQL Stored Procedures
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1505.001 Server Software Component: SQL Stored Procedures
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1505.001 Server Software Component: SQL Stored Procedures
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1505.002 Server Software Component: Transport Agent
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1505.002 Server Software Component: Transport Agent
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1505.002 Server Software Component: Transport Agent
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1529 System Shutdown/Reboot
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1543 Create or Modify System Process
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1543 Create or Modify System Process
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1543 Create or Modify System Process
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1543.001 Create or Modify System Process: Launch Agent
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1543.002 Create or Modify System Process: Systemd Service
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1543.003 Create or Modify System Process: Windows Service
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1543.004 Create or Modify System Process: Launch Daemon
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1547 Boot or Logon Autostart Execution
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1547 Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1548 Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1548.001 Abuse Elevation Control Mechanism: Setuid and Setgid
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1548.002 Abuse Elevation Control Mechanism: Bypass User Account Control
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1548.002 Abuse Elevation Control Mechanism: Bypass User Account Control
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1548.003 Abuse Elevation Control Mechanism: Sudo and Sudo Caching
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1548.003 Abuse Elevation Control Mechanism: Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1548.004 Abuse Elevation Control Mechanism: Elevated Execution with Prompt
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1548.004 Abuse Elevation Control Mechanism: Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1559 Inter-Process Communication
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1559.001 Inter-Process Communication: Component Object Model
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1559.002 Inter-Process Communication: Dynamic Data Exchange
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1563 Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1563.001 Remote Service Session Hijacking: SSH Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1563.002 Remote Service Session Hijacking: RDP Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564 Hide Artifacts
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564.001 Hide Artifacts: Hidden Files and Directories
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564.002 Hide Artifacts: Hidden Users
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564.003 Hide Artifacts: Hidden Window
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564.004 Hide Artifacts: NTFS File Attributes
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564.005 Hide Artifacts: Hidden File System
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564.006 Hide Artifacts: Run Virtual Instance
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1564.007 Hide Artifacts: VBA Stomping
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1569 System Services
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1569.001 System Services: Launchctl
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1569.002 System Services: Service Execution
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1578 Modify Cloud Computer Infrastructure
action.hacking.vector.Hypervisor Hypervisor break-out attack related-to T1578 Modify Cloud Computer Infrastructure
action.hacking.vector.Inter-tenant Penetration of another VM or web site on shared device or infrastructure related-to T1578 Modify Cloud Computer Infrastructure
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1578.001 Modify Cloud Computer Infrastructure: Create Snapshot
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1578.002 Modify Cloud Computer Infrastructure: Create Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1578.003 Modify Cloud Computer Infrastructure: Delete Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1578.004 Modify Cloud Computer Infrastructure: Revert Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1609 Container Administration Command
action.hacking.variety.Brute force Brute force or password guessing attacks related-to T1110 Brute Force
action.hacking.variety.Brute force Brute force or password guessing attacks related-to T1110.001 Brute Force: Password Guessing
action.hacking.variety.Brute force Brute force or password guessing attacks related-to T1110.002 Brute Force: Password Cracking
action.hacking.variety.Offline cracking Offline password or key cracking (e.g., rainbow tables, Hashcat, JtR) related-to T1110.002 Brute Force: Password Cracking
action.hacking.variety.Brute force Brute force or password guessing attacks related-to T1110.003 Brute Force: Password Spraying
action.hacking.variety.Brute force Brute force or password guessing attacks related-to T1110.004 Brute Force: Credential Stuffing
action.hacking.variety.Buffer overflow Buffer overflow. Child of 'Exploit vuln'. related-to T1203 Exploitation for Client Execution
action.hacking.variety.HTTP Response Splitting HTTP Response Splitting. Child of 'Exploit vuln'. related-to T1203 Exploitation for Client Execution
action.hacking.variety.HTTP request smuggling HTTP request smuggling. Child of 'Exploit vuln'. related-to T1203 Exploitation for Client Execution
action.hacking.variety.HTTP request splitting HTTP request splitting. Child of 'Exploit vuln'. related-to T1203 Exploitation for Client Execution
action.hacking.variety.HTTP response smuggling HTTP response smuggling. Child of 'Exploit vuln'. related-to T1203 Exploitation for Client Execution
action.hacking.variety.Cryptanalysis Cryptanalysis. Child of 'Exploit vuln'. related-to T1600 Weaken Encryption
action.hacking.variety.DoS Denial of service related-to T1498 Network Denial of Service
action.hacking.variety.DoS Denial of service related-to T1498.001 Network Denial of Service: Direct Network Flood
action.hacking.variety.DoS Denial of service related-to T1498.002 Network Denial of Service: Reflection Amplification
action.hacking.variety.DoS Denial of service related-to T1499 Endpoint Denial of Service
action.hacking.variety.Soap array abuse Soap array abuse. Child of 'Exploit vuln'. related-to T1499 Endpoint Denial of Service
action.hacking.variety.XML attribute blowup XML attribute blowup. Child of 'Exploit vuln'. related-to T1499 Endpoint Denial of Service
action.hacking.variety.XML entity expansion XML entity expansion. Child of 'Exploit vuln'. related-to T1499 Endpoint Denial of Service
action.hacking.variety.XML external entities XML external entities. Child of 'Exploit vuln'. related-to T1499 Endpoint Denial of Service
action.hacking.variety.DoS Denial of service related-to T1499.001 Endpoint Denial of Service: OS Exhaustion Flood
action.hacking.variety.DoS Denial of service related-to T1499.002 Endpoint Denial of Service: Service Exhaustion Flood
action.hacking.variety.DoS Denial of service related-to T1499.003 Endpoint Denial of Service: Application Exhaustion Flood
action.hacking.variety.DoS Denial of service related-to T1499.004 Endpoint Denial of Service: Application or System Exploitation
action.hacking.variety.DoS Denial of service related-to T1583.005 Acquire Infrastructure: Botnet
action.hacking.variety.Unknown Unknown related-to T1583.005 Acquire Infrastructure: Botnet
action.hacking.variety.DoS Denial of service related-to T1584.005 Compromise Infrastructure: Botnet
action.hacking.variety.Unknown Unknown related-to T1584.005 Compromise Infrastructure: Botnet
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1068 Exploitation for Privilege Escalation
action.hacking.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other hacking enumerations, (such as XSS when an XSS vuln exists.). Parent of many hacking varieties. related-to T1068 Exploitation for Privilege Escalation
action.hacking.variety.Format string attack Format string attack. Child of 'Exploit vuln'. related-to T1068 Exploitation for Privilege Escalation
action.hacking.variety.Fuzz testing Fuzz testing. Child of 'Exploit vuln'. related-to T1068 Exploitation for Privilege Escalation
action.hacking.variety.Insecure deserialization iterating over sequential or obvious values. https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization. Child of 'Exploit vuln'. related-to T1068 Exploitation for Privilege Escalation
action.hacking.variety.Integer overflows Integer overflows. Child of 'Exploit vuln'. related-to T1068 Exploitation for Privilege Escalation
action.hacking.variety.LDAP injection LDAP injection. Child of 'Exploit vuln'. related-to T1068 Exploitation for Privilege Escalation
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1190 Exploit Public-Facing Application
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1210 Exploitation of Remote Services
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1212 Exploitation for Credential Access
action.hacking.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other hacking enumerations, (such as XSS when an XSS vuln exists.). Parent of many hacking varieties. related-to T1212 Exploitation for Credential Access
action.hacking.variety.Session fixation Session fixation. Child of 'Exploit vuln'. related-to T1212 Exploitation for Credential Access
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1558.004 Steal or Forge Kerberos Tickets: AS-REP Roasting
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.004 Steal or Forge Kerberos Tickets: AS-REP Roasting
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1574.001 Hijack Execution Flow: DLL Search Order Hijacking
action.hacking.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other hacking enumerations, (such as XSS when an XSS vuln exists.). Parent of many hacking varieties. related-to T1574.001 Hijack Execution Flow: DLL Search Order Hijacking
action.hacking.variety.Unknown Unknown related-to T1574.001 Hijack Execution Flow: DLL Search Order Hijacking
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1574.002 Hijack Execution Flow: DLL Side-Loading
action.hacking.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other hacking enumerations, (such as XSS when an XSS vuln exists.). Parent of many hacking varieties. related-to T1574.002 Hijack Execution Flow: DLL Side-Loading
action.hacking.variety.Unknown Unknown related-to T1574.002 Hijack Execution Flow: DLL Side-Loading
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1574.005 Hijack Execution Flow: Executable Installer File Permissions Weakness
action.hacking.variety.Unknown Unknown related-to T1574.005 Hijack Execution Flow: Executable Installer File Permissions Weakness
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1574.010 Hijack Execution Flow: Services File Permissions Weakness
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) related-to T1574.011 Hijack Execution Flow: Services Registry Permissions Weakness
action.hacking.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other hacking enumerations, (such as XSS when an XSS vuln exists.). Parent of many hacking varieties. related-to T1574.004 Hijack Execution Flow: Dylib Hijacking
action.hacking.variety.Unknown Unknown related-to T1574.004 Hijack Execution Flow: Dylib Hijacking
action.hacking.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other hacking enumerations, (such as XSS when an XSS vuln exists.). Parent of many hacking varieties. related-to T1595.002 Active Scanning: Vulnerability Scanning
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1007 System Service Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1012 Query Registry
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1057 Process Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1069 Permission Groups Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1069.001 Permission Groups Discovery: Local Groups
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1069.002 Permission Groups Discovery: Domain Groups
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1069.003 Permission Groups Discovery: Cloud Groups
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1082 System Information Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1087 Account Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1087.001 Account Discovery: Local Account
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1087.002 Account Discovery: Domain Account
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1087.003 Account Discovery: Email Account
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1087.004 Account Discovery: Cloud Account
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1119 Automated Collection
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1120 Peripheral Device Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1124 System Time Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1201 Password Policy Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1480 Execution Guardrails
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1480.001 Execution Guardrails: Environmental Keying
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1518 Software Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1518.001 Software Discovery: Security Software Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1526 Cloud Service Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1538 Cloud Service Dashboard
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1580 Cloud Infrastructure Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1589 Gather Victim Identity Information
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1589.001 Gather Victim Identity Information: Credentials
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1589.002 Gather Victim Identity Information: Email Addresses
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1589.003 Gather Victim Identity Information: Employee Names
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1590 Gather Victim Network Information
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1590.001 Gather Victim Network Information: Domain Properties
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1590.002 Gather Victim Network Information: DNS
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1590.003 Gather Victim Network Information: Network Trust Dependencies
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1590.004 Gather Victim Network Information: Network Topology
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1590.005 Gather Victim Network Information: IP Addresses
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1590.006 Gather Victim Network Information: Network Security Appliances
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1591 Gather Victim Org Information
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1591.001 Gather Victim Org Information: Determine Physical Locations
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1591.002 Gather Victim Org Information: Business Relationships
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1591.003 Gather Victim Org Information: Identify Business Tempo
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1591.004 Gather Victim Org Information: Identify Roles
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1592 Gather Victim Host Information
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1592.001 Gather Victim Host Information: Hardware
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1592.002 Gather Victim Host Information: Software
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1592.003 Gather Victim Host Information: Firmware
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1592.004 Gather Victim Host Information: Client Configurations
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1593 Search Open Websites/Domains
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1593.001 Search Open Websites/Domains: Social Media
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1593.002 Search Open Websites/Domains: Search Engines
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1594 Search Victim-Owned Websites
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1596 Search Open Technical Databases
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1596.001 Search Open Technical Databases: DNS/Passive DNS
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1596.002 Search Open Technical Databases: WHOIS
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1596.003 Search Open Technical Databases: Digital Certificates
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1596.004 Search Open Technical Databases: CDNs
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1596.005 Search Open Technical Databases: Scan Databases
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1597 Search Closed Sources
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1597.001 Search Closed Sources: Threat Intel Vendors
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1597.002 Search Closed Sources: Purchase Technical Data
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1602 Data from Configuration Repository
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1602.001 Data from Configuration Repository: SNMP (MIB Dump)
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1602.002 Data from Configuration Repository: Network Device Configuration Dump
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1613 Container and Resource Discovery
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1614 System Location Discovery
action.hacking.variety.Forced browsing Forced browsing or predictable resource location. Child of 'Exploit vuln'. related-to T1539 Steal Web Session Cookie
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. related-to T1539 Steal Web Session Cookie
action.hacking.variety.Forced browsing Forced browsing or predictable resource location. Child of 'Exploit vuln'. related-to T1583.003 Acquire Infrastructure: Virtual Private Server
action.hacking.variety.Unknown Unknown related-to T1583.003 Acquire Infrastructure: Virtual Private Server
action.hacking.variety.Forced browsing Forced browsing or predictable resource location. Child of 'Exploit vuln'. related-to T1583.004 Acquire Infrastructure: Server
action.hacking.variety.Unknown Unknown related-to T1583.004 Acquire Infrastructure: Server
action.hacking.variety.Forced browsing Forced browsing or predictable resource location. Child of 'Exploit vuln'. related-to T1583.006 Acquire Infrastructure: Web Services
action.hacking.variety.Unknown Unknown related-to T1583.006 Acquire Infrastructure: Web Services
action.hacking.variety.HTTP Response Splitting HTTP Response Splitting. Child of 'Exploit vuln'. related-to T1185 Man in the Browser
action.hacking.variety.HTTP request smuggling HTTP request smuggling. Child of 'Exploit vuln'. related-to T1185 Man in the Browser
action.hacking.variety.HTTP request splitting HTTP request splitting. Child of 'Exploit vuln'. related-to T1185 Man in the Browser
action.hacking.variety.HTTP response smuggling HTTP response smuggling. Child of 'Exploit vuln'. related-to T1185 Man in the Browser
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. related-to T1185 Man in the Browser
action.hacking.variety.Session fixation Session fixation. Child of 'Exploit vuln'. related-to T1185 Man in the Browser
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. related-to T1557 Man-in-the-Middle
action.hacking.variety.Routing detour Routing detour. Child of 'Exploit vuln'. related-to T1557 Man-in-the-Middle
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. related-to T1557.001 Man-in-the-Middle: LLMNR/NBT-NS Poisoning and Relay
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. related-to T1557.002 Man-in-the-Middle: ARP Cache Poisoning
action.hacking.variety.Pass-the-hash Pass-the-hash related-to T1550.002 Use Alternate Authentication Material: Pass the Hash
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.002 Use Alternate Authentication Material: Pass the Hash
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1001 Data Obfuscation
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1001 Data Obfuscation
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1008 Fallback Channels
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1008 Fallback Channels
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1071 Application Layer Protocol
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1071 Application Layer Protocol
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1078 Valid Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078 Valid Accounts
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1078 Valid Accounts
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1090 Proxy
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1090 Proxy
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1095 Non-Application Layer Protocol
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1095 Non-Application Layer Protocol
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1102 Web Service
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1102 Web Service
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1104 Multi-Stage Channels
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1104 Multi-Stage Channels
action.hacking.variety.Unknown Unknown related-to T1105 Ingress Tool Transfer
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1105 Ingress Tool Transfer
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1105 Ingress Tool Transfer
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1132 Data Encoding
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1132 Data Encoding
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1133 External Remote Services
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1133 External Remote Services
action.hacking.vector.3rd party desktop 3rd party online desktop sharing (LogMeIn, Go2Assist) related-to T1133 External Remote Services
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1133 External Remote Services
action.hacking.vector.Desktop sharing software Superset of 'Desktop sharing' and '3rd party desktop'. Please use in place of the other two related-to T1133 External Remote Services
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1205 Traffic Signaling
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1205 Traffic Signaling
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1505 Server Software Component
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1505 Server Software Component
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1505.003 Server Software Component: Web Shell
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1505.003 Server Software Component: Web Shell
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1525 Implant Container Image
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1525 Implant Container Image
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1568 Dynamic Resolution
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1568 Dynamic Resolution
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1571 Non-Standard Port
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1571 Non-Standard Port
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1572 Protocol Tunneling
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1572 Protocol Tunneling
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1573 Encrypted Channels
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1573 Encrypted Channels
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1573.001 Encrypted Channels: Symmetric Cryptography
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel related-to T1573.002 Encrypted Channels: Asymmetric Cryptography
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021 Remote Services
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.001 Remote Services: Remote Desktop Protocol
action.hacking.vector.Desktop sharing software Superset of 'Desktop sharing' and '3rd party desktop'. Please use in place of the other two related-to T1021.001 Remote Services: Remote Desktop Protocol
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.002 Remote Services: SMB/Windows Admin Shares
action.hacking.vector.Command shell Remote shell related-to T1021.002 Remote Services: SMB/Windows Admin Shares
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.003 Remote Services: Distributed Component Object Model
action.hacking.vector.Command shell Remote shell related-to T1021.003 Remote Services: Distributed Component Object Model
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.004 Remote Services: SSH
action.hacking.vector.Command shell Remote shell related-to T1021.004 Remote Services: SSH
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.005 Remote Services: VNC
action.hacking.vector.Desktop sharing software Superset of 'Desktop sharing' and '3rd party desktop'. Please use in place of the other two related-to T1021.005 Remote Services: VNC
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1021.006 Remote Services: Windows Remote Management
action.hacking.vector.Command shell Remote shell related-to T1021.006 Remote Services: Windows Remote Management
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.001 Valid Accounts: Default Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.002 Valid Accounts: Domain Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.003 Valid Accounts: Local Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.004 Valid Accounts: Cloud Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134 Access Token Manipulation
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.001 Access Token Manipulation: Token Impersonation/Theft
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.002 Access Token Manipulation: Create Process with Token
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.003 Access Token Manipulation: Make and Impersonate Token
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.004 Access Token Manipulation: Parent PID Spoofing
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1134.005 Access Token Manipulation: SID-History Injection
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550 Use Alternate Authentication Material
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.001 Use Alternate Authentication Material: Application Access Token
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.003 Use Alternate Authentication Material: Pass the Ticket
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1550.004 Use Alternate Authentication Material: Web Session Cookies
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558 Steal or Forge Kerberos Tickets
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.001 Steal or Forge Kerberos Tickets: Golden Ticket
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.002 Steal or Forge Kerberos Tickets: Silver Ticket
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1558.003 Steal or Forge Kerberos Tickets: Kerberoasting
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1586 Compromise Account
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1586.001 Compromise Account: Social Media Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1586.002 Compromise Account: Email Accounts
action.hacking.variety.Virtual machine escape Virtual machine escape. Child of 'Exploit vuln'. related-to T1611 Escape to Host
action.hacking.variety.XML external entities XML external entities. Child of 'Exploit vuln'. related-to T1213 Data from Information Repository
action.hacking.variety.XML injection XML injection. Child of 'Exploit vuln'. related-to T1546 Event Triggered Execution
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1546 Event Triggered Execution
action.hacking.variety.Unknown Unknown related-to T1574 Hijack Execution Flow
action.hacking.variety.XML injection XML injection. Child of 'Exploit vuln'. related-to T1574 Hijack Execution Flow
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1574 Hijack Execution Flow
action.hacking.variety.XPath injection XPath injection. Child of 'Exploit vuln'. related-to T1010 Application Window Discovery
action.hacking.variety.Unknown Unknown related-to T1111 Two-Factor Authentication Interception
action.hacking.variety.Unknown Unknown related-to T1583 Acquire Infrastructure
action.hacking.variety.Unknown Unknown related-to T1583.001 Acquire Infrastructure: Domains
action.hacking.variety.Unknown Unknown related-to T1583.002 Acquire Infrastructure: DNS Server
action.hacking.variety.Unknown Unknown related-to T1584 Compromise Infrastructure
action.hacking.variety.Unknown Unknown related-to T1584.001 Compromise Infrastructure: Domains
action.hacking.variety.Unknown Unknown related-to T1584.002 Compromise Infrastructure: DNS Server
action.hacking.variety.Unknown Unknown related-to T1584.003 Compromise Infrastructure: Virtual Private Server
action.hacking.variety.Unknown Unknown related-to T1584.004 Compromise Infrastructure: Server
action.hacking.variety.Unknown Unknown related-to T1584.006 Compromise Infrastructure: Web Services
action.hacking.variety.Unknown Unknown related-to T1587 Develop Capabilities
action.hacking.variety.Unknown Unknown related-to T1587.001 Develop Capabilities: Malware
action.hacking.variety.Unknown Unknown related-to T1587.002 Develop Capabilities: Code Signing Certificates
action.hacking.variety.Unknown Unknown related-to T1587.003 Develop Capabilities: Digital Certificates
action.hacking.variety.Unknown Unknown related-to T1587.004 Develop Capabilities: Exploits
action.hacking.variety.Unknown Unknown related-to T1588 Obtain Capabilities
action.hacking.variety.Unknown Unknown related-to T1588.001 Obtain Capabilities: Malware
action.hacking.variety.Unknown Unknown related-to T1588.002 Obtain Capabilities: Tool
action.hacking.variety.Unknown Unknown related-to T1588.003 Obtain Capabilities: Code Signing Certificates
action.hacking.variety.Unknown Unknown related-to T1588.004 Obtain Capabilities: Digital Certificates
action.hacking.variety.Unknown Unknown related-to T1588.005 Obtain Capabilities: Exploits
action.hacking.variety.Unknown Unknown related-to T1588.006 Obtain Capabilities: Vulnerabilities
action.hacking.variety.Unknown Unknown related-to T1599 Network Boundry Bridging
action.hacking.variety.Unknown Unknown related-to T1599.001 Network Boundry Bridging: Network Address Translation Traversal
action.hacking.variety.Unknown Unknown related-to T1606 Forge Web Credentials
action.hacking.variety.Unknown Unknown related-to T1606.001 Forge Web Credentials: Web Cookies
action.hacking.variety.Unknown Unknown related-to T1606.002 Forge Web Credentials: SAML Tokens
action.hacking.variety.Unknown Unknown related-to T1531 Account Access Removal
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1037 Boot or Logon Initialization Script
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1098 Account Manipulation
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1136 Create Account
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1197 BITS Jobs
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1542 Pre-OS Boot
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel related-to T1554 Compromise Client Software Binary
action.hacking.vector.Desktop sharing software Superset of 'Desktop sharing' and '3rd party desktop'. Please use in place of the other two related-to T1219 Remote Access Software
action.hacking.vector.Hypervisor Hypervisor break-out attack related-to T1497 Virtualization/Sandbox Evasion
action.hacking.vector.Inter-tenant Penetration of another VM or web site on shared device or infrastructure related-to T1497 Virtualization/Sandbox Evasion
action.hacking.vector.Partner Partner connection or credential related-to T1199 Trusted Relationship
action.hacking.vector.Partner Partner connection or credential related-to T1195 Supply Chain Compromise
action.hacking.vector.Partner Partner connection or credential related-to T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Tools
action.hacking.vector.Partner Partner connection or credential related-to T1195.002 Supply Chain Compromise: Compromise Software Supply Chain
action.hacking.vector.Partner Partner connection or credential related-to T1195.003 Supply Chain Compromise: Compromise Hardware Supply Chain
action.hacking.vector.Physical access Physical access or connection (i.e., at keyboard or via cable) related-to T1200 Hardware Additions

Capabilities

Capability ID Capability Name Number of Mappings
action.hacking.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) 13
action.hacking.variety.Virtual machine escape Virtual machine escape. Child of 'Exploit vuln'. 1
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) 32
action.hacking.variety.HTTP request smuggling HTTP request smuggling. Child of 'Exploit vuln'. 2
action.hacking.vector.Hypervisor Hypervisor break-out attack 2
action.hacking.variety.Session fixation Session fixation. Child of 'Exploit vuln'. 2
action.hacking.variety.XML external entities XML external entities. Child of 'Exploit vuln'. 2
action.hacking.variety.HTTP request splitting HTTP request splitting. Child of 'Exploit vuln'. 2
action.hacking.variety.Routing detour Routing detour. Child of 'Exploit vuln'. 1
action.hacking.vector.3rd party desktop 3rd party online desktop sharing (LogMeIn, Go2Assist) 1
action.hacking.variety.Fuzz testing Fuzz testing. Child of 'Exploit vuln'. 1
action.hacking.variety.Brute force Brute force or password guessing attacks 5
action.hacking.vector.Inter-tenant Penetration of another VM or web site on shared device or infrastructure 2
action.hacking.variety.Insecure deserialization iterating over sequential or obvious values. https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization. Child of 'Exploit vuln'. 1
action.hacking.variety.Offline cracking Offline password or key cracking (e.g., rainbow tables, Hashcat, JtR) 1
action.hacking.variety.XPath injection XPath injection. Child of 'Exploit vuln'. 1
action.hacking.vector.Partner Partner connection or credential 5
action.hacking.variety.Cryptanalysis Cryptanalysis. Child of 'Exploit vuln'. 1
action.hacking.variety.XML injection XML injection. Child of 'Exploit vuln'. 2
action.hacking.variety.DoS Denial of service 10
action.hacking.variety.XML entity expansion XML entity expansion. Child of 'Exploit vuln'. 1
action.hacking.variety.Forced browsing Forced browsing or predictable resource location. Child of 'Exploit vuln'. 4
action.hacking.vector.Desktop sharing software Superset of 'Desktop sharing' and '3rd party desktop'. Please use in place of the other two 4
action.hacking.variety.Buffer overflow Buffer overflow. Child of 'Exploit vuln'. 1
action.hacking.variety.Pass-the-hash Pass-the-hash 1
action.hacking.variety.HTTP response smuggling HTTP response smuggling. Child of 'Exploit vuln'. 2
action.hacking.variety.Integer overflows Integer overflows. Child of 'Exploit vuln'. 1
action.hacking.variety.LDAP injection LDAP injection. Child of 'Exploit vuln'. 1
action.hacking.variety.Unknown Unknown 41
action.hacking.variety.Exploit vuln Exploit vulnerability in code (vs misconfig or weakness). This can be used with other hacking enumerations, (such as XSS when an XSS vuln exists.). Parent of many hacking varieties. 6
action.hacking.vector.Physical access Physical access or connection (i.e., at keyboard or via cable) 1
action.hacking.variety.Use of backdoor or C2 Use of Backdoor or C2 channel 24
action.hacking.variety.HTTP Response Splitting HTTP Response Splitting. Child of 'Exploit vuln'. 2
action.hacking.vector.Command shell Remote shell 14
action.hacking.variety.XML attribute blowup XML attribute blowup. Child of 'Exploit vuln'. 1
action.hacking.vector.Backdoor or C2 Backdoor or command and control channel 33
action.hacking.variety.Footprinting Footprinting and fingerprinting 63
action.hacking.variety.Abuse of functionality Abuse of functionality 84
action.hacking.variety.Soap array abuse Soap array abuse. Child of 'Exploit vuln'. 1
action.hacking.variety.Format string attack Format string attack. Child of 'Exploit vuln'. 1
action.hacking.variety.MitM Man-in-the-middle attack. Child of 'Exploit vuln'. 6