This page is experimental and may change significantly in future
releases.
Digital Information
Access Control Configuration
Access Control Group
Access Control List
Access Mediator
Access Process
Access Token
Activity Dependency
Address Space
Administrative Network Traffic
Alias
Allocate Memory
Application
Application Configuration
Application Configuration Database
Application Configuration Database Record
Application Configuration File
Application Installer
Application Inventory Sensor
Application Layer Firewall
Application Layer Link
Application Process
Application Process Configuration
Application Rule
Application Shim
Archive File
Artifact Server
Asymmetric Key
Audio Input Device
Authenticate User
Authentication
Authentication Function
Authentication Log
Authentication Server
Authentication Service
Authorization
Authorization Log
Authorization Service
Barcode Scanner Input Device
Binary Large Object
Binary Segment
Block Device
Boot Loader
Boot Record
Boot Sector
Browser
Browser Extension
Build Tool
Business Communication Platform Client
CA Certificate File
Processor Cache Memory
Call Stack
Central Processing Unit
Certificate
Certificate File
Certificate Trust Store
Chatroom Client
Child Process
Client Application
Client Computer
Clipboard
Cloud Configuration
Cloud Instance Metadata
Cloud Service Authentication
Cloud Service Authorization
Cloud Service Sensor
Cloud Storage
Cloud User Account
Code Analyzer
Code Repository
Collaborative Software
Network Agent
Command
Command History Log
Command History Log File
Command Line Interface
Compiler
Compiler Configuration File
Computer Network Node
Computer Platform
Computing Server
Configuration Database
Configuration Database Record
Configuration File
Configuration Management Database
Configuration Resource
Connect Socket
Console Output Function
Container Build Tool
Container Image
Container Orchestration Software
Container Process
Container Runtime
Copy Memory Function
Copy Token
Create File
Create Process
Create Socket
Create Thread
Credential
Credential Management System
Cryptographic Key
Custom Archive File
Cyber Sensor
DHCP Network Traffic
DHCP Server
DNS Lookup
DNS Network Traffic
DNS Record
DNS Server
Data Artifact Server
Data Dependency
Data Link Link
Database
Database File
Database Query
Database Server
Decoy Artifact
Default User Account
Delete File
Dependency
Deserialization Function
Desktop Computer
Developer Application
Dial Up Modem
Digital Artifact
Digital Fingerprint
Digital Information
Digital Information Bearer
Digital System
Directory
Directory Service
Display Adapter
Display Device Driver
Display Server
Document File
Domain Name
Domain Registration
Domain User Account
Dynamic Analysis Tool
Email
Email Attachment
Email Rule
Embedded Computer
Enclave
Encrypted Credential
Encrypted Password
Endpoint Sensor
Eval Function
Event Log
Exception Handler
Exec
Executable Binary
Executable File
Executable Script
External Content Inclusion Function
Fast Symbolic Link
File
File Hash
File Path Open Function
File Section
File Server
File Share Service
File System
File System Link
File System Metadata
File System Sensor
File Transfer Network Traffic
Finger Print Scanner Input Device
Firewall
Firmware
Firmware Sensor
First-stage Boot Loader
Flash Memory
Forward Proxy Server
Free Memory
Get Open Sockets
Get Open Windows
Get Running Processes
Get Screen Capture
Get System Config Value
Get System Network Config Value
Get System Time
Get Thread Context
Global User Account
Graphical User Interface
Graphics Card Firmware
Graphics Processing Unit
Group Policy
HTML File
Hard Disk Firmware
Hard Link
Hardware Device
Hardware Driver
Heap Segment
Host
Host-based Firewall
Host Configuration Sensor
Host Group
Hostname
Human Input Device Firmware
IP Address
IPC Network Traffic
IP Phone
Identifier
Image Code Segment
Image Data Segment
Image Scanner Input Device
Image Segment
Impersonate User
Import Library Function
In-memory Password Store
Inbound Internet DNS Response Traffic
Inbound Internet Mail Traffic
Inbound Internet Network Traffic
Inbound Network Traffic
Init Script
Input Device
Input Function
Instant Messaging Client
Integration Test Execution Tool
Internet DNS Lookup
Internet File Transfer Traffic
Internet Network
Internet Network Traffic
Interprocess Communication
Intranet Administrative Network Traffic
Intranet DNS Lookup
Intranet File Transfer Traffic
Intranet IPC Network Traffic
Intranet Multicast Network Traffic
Intranet Network
Intranet Network Traffic
Intranet RPC Network Traffic
Intranet Web Network Traffic
Intrusion Detection System
Intrusion Prevention System
Java Archive
JavaScript Blob
Job Schedule
Job Scheduler Software
Kerberos Ticket
Kerberos Ticket Granting Service Ticket
Kerberos Ticket Granting Ticket
Kerberos Ticket Granting Ticket Account
Kernel
Kernel API Sensor
Kernel Module
Kernel Process Table
Keyboard Input Device
Kiosk Computer
Laptop Computer
Legacy System
Link
Linux Clone
Linux Clone3
Linux Clone3 Argument CLONE_THREAD
Linux Clone Argument CLONE_THREAD
Linux Connect
Linux Creat
Linux Delete Module
Linux Execve
Linux Execveat
Linux Fork
Linux Init Module
Linux Kill Argument SIGKILL
Linux Mmap
Linux Mmap2
Linux Munmap
Linux Open Argument O_CREAT
Linux Open Argument O_RDONLY, O_WRONLY, O_RDWR
Linux OpenAt2 Argument O_CREAT
Linux OpenAt2 Argument O_RDONLY, O_WRONLY, O_RDWR
Linux OpenAt Argument O_CREAT
Linux OpenAt Argument O_RDONLY, O_WRONLY, O_RDWR
Linux Pause Process
Linux Pause Thread
Linux Ptrace Argument PTRACE_ATTACH
Linux Ptrace Argument PTRACE_CONT
Linux Ptrace Argument PTRACE_GETREGS
Linux Ptrace Argument PTRACE_INTERRUPT
Linux Ptrace Argument PTRACE_PEEKTEXT
Linux Ptrace Argument PTRACE_POKETEXT
Linux Ptrace Argument PTRACE_SETREGS
Linux Ptrace Argument PTRACE_DETACH
Linux Ptrace Argument PTRACE_TRACEME
Linux Read
Linux Readv
Linux Rename
Linux Renameat
Linux Renameat2
Linux Socket
Linux Socketcall Argument SYS_CONNECT
Linux Socketcall Argument SYS_SOCKET
Linux Time
Linux Unlink
Linux Unlinkat
Linux Vfork
Linux Write
Linux Writev
Linux _Exit
Load Module
Local Area Network
Local Area Network Traffic
Local Authentication Service
Local Authorization Service
Local Resource
Local Resource Access
Local User Account
Log
Log File
Log Message Function
Logical Link
Login Session
Logon User
MacOS Keychain
Mail Network Traffic
Mail Server
Mail Service
Mathematical Function
Media Server
Memory Address
Memory Address Space
Memory Allocation Function
Memory Block
Memory Extent
Memory Free Function
Memory Management Unit
Memory Management Unit Component
Memory Pool
Memory Protection Unit
Memory Word
Message Transfer Agent
Metadata
Microcode
Microsoft HTML Application
Mobile Phone
Modem
Mouse Input Device
Move File
Multimedia Document File
NTFS Hard Link
NTFS Junction Point
NTFS Link
NTFS Symbolic Link
Network
Network Card Firmware
Network Directory Resource
Network File Resource
Network File Share Resource
Network Flow
Network Flow Sensor
Network Init Script File Resource
Network Link
Network Node
Network Packet
Network Printer
Network Protocol Analyzer
Network Resource
Network Resource Access
Network Sensor
Network Service
Network Session
Network Time Server
Network Traffic
Network Traffic Analysis Software
OS API Access Process
OS API Allocate Memory
OS API Connect Socket
OS API Copy Token
OS API Create File
OS API Create Process
OS API Create Socket
OS API Create Thread
OS API Delete File
OS API Exec
OS API Free Memory
OS API Function
OS API Get System Time
OS API Get Thread Context
OS API Load Module
OS API Move File
OS API Open File
OS API Read File
OS API Read Memory
OS API Resume Process
OS API Resume Thread
OS API Save Registers
OS API Set Registers
OS API Set Thread Context
OS API Suspend Process
OS API Suspend Thread
OS API System Function
OS API Terminate Process
OS API Trace Process
OS API Trace Thread
OS API Unload Module
OS API Write File
OS API Write Memory
Object File
Office Application
Office Application File
Open File
Operating System
Operating System Configuration
Operating System Configuration Component
Operating System Configuration File
Operating System Executable File
Operating System File
Operating System Log File
Operating System Packaging Tool
Operating System Process
Operating System Shared Library File
Operations Center Computer
Optical Modem
Orchestration Controller
Orchestration Server
Orchestration Worker
Outbound Internet DNS Lookup Traffic
Outbound Internet Encrypted Remote Terminal Traffic
Outbound Internet Encrypted Traffic
Outbound Internet Encrypted Web Traffic
Outbound Internet File Transfer Traffic
Outbound Internet Mail Traffic
Outbound Internet Network Traffic
Outbound Internet RPC Traffic
Outbound Internet Web Traffic
Outbound Network Traffic
Output Device
POSIX Symbolic Link
Packet Log
Page
Page Frame
Page Table
Parent Process
Partition
Partition Table
Password
Password Database
Password File
Password Manager
Password Store
Peripheral Firmware
Peripheral Hub Firmware
Personal Computer
Physical Address
Physical Link
Pipe
Pointer
Pointer Dereferencing Function
PowerShell Profile Script
Primary Storage
Print Server
Private Key
Privileged User Account
Process
Process Code Segment
Process Data Segment
Process Environment Variable
Process Image
Process Segment
Process Start Function
Process Tree
Processor
Processor Component
Processor Register
Property List File
Proxy Server
Public Key
Python Package
Python Script File
RAM
RDP Session
RF Node
RF Receiver
RF Transceiver
RF Transmitter
ROM
RPC Network Traffic
Radio Modem
Raw Memory Access Function
Read File
Read Memory
Record
Remote Authentication Service
Remote Authorization Service
Remote Command
Remote Database Query
Remote Procedure Call
Remote Resource
Remote Session
Remote Terminal Session
Removable Media Device
Resource
Resource Access
Resource Fork
Resume Process
Resume Thread
Reverse Proxy Server
Router
SSH Session
Save Registers
Saved Instruction Pointer
Scheduled Job
Script Application Process
Second-stage Boot Loader
Secondary Storage
Security Token
Sensor
Serialization Function
Server
Service Account
Service Application
Service Application Process
Service Dependency
Session
Session Cookie
Set Registers
Set System Config Value
Set Thread Context
Shadow Stack
Shared Computer
Shared Library File
Shared Resource Access Function
Shim
Shim Database
Shortcut File
Slow Symbolic Link
Software
Software Artifact Server
Software Deployment Tool
Software Library
Software Library File
Software Package
Software Packaging Tool
Software Patch
Source Code Analyzer Tool
Stack Component
Stack Frame
Stack Frame Canary
Stack Segment
Startup Directory
Static Analysis Tool
Storage
Stored Procedure
String Format Function
Subroutine
Suspend Process
Suspend Thread
Switch
Symbolic Link
Symmetric Key
System Call
System Config System Call
System Configuration Database
System Configuration Database Record
System Configuration Init Database Record
System Configuration Init Resource
System Dependency
System Firewall Configuration
System Firmware
System Init Configuration
System Init Process
System Init Script
System Password Database
System Service Software
System Software
System Startup Directory
System Time Application
System Utilization Record
TFTP Network Traffic
TFTP Server
Tablet Computer
Terminate Process
Tertiary Storage
Test Execution Tool
Thin Client Computer
Thread
Thread Start Function
Ticket Granting Ticket
Trace Process
Trace Thread
Transducer Sensor
Translation Lookaside Buffer
Transport Link
Trust Store
URL
Unit Test Execution Tool
Unix Hard Link
Unix Link
User
User Account
User Action
User Application
User Behavior
User Group
User Init Configuration File
User Init Script
User Input Function
User Interface
User Logon Init Resource
User Process
User Startup Directory
User Startup Script File
User to User Message
Utility Software
VPN Server
Version Control Tool
Video Input Device
Virtual Address
Virtual Memory Space
Virtualization Software
Volume
Volume Boot Record
Web API Resource
Web Application Firewall
Web Application Server
Web Authentication
Web File Resource
Web Network Traffic
Web Resource
Web Resource Access
Web Script File
Web Server
Web Server Application
Wide Area Network
Windows OpenFile
Windows CreateFileA
Windows CreateProcessA
Windows CreateRemoteThread
Windows CreateThread
Windows DeleteFile
Windows DuplicateToken
Windows GetThreadContext
Windows NtGetThreadContext
Windows NtAllocateVirtualMemory
Windows NtAllocateVirtualMemoryEx
Windows NtCreateFile
Windows NtCreateMailslotFile
Windows NtCreateNamedPipeFile
Windows NtCreatePagingFile
Windows NtCreateProcess
Windows NtCreateProcessEx
Windows NtCreateThread
Windows NtCreateThreadEx
Windows NtDeleteFile
Windows NtDuplicateToken
Windows NtFlushInstructionCache
Windows NtFreeVirtualMemory
Windows NtOpenFile
Windows NtOpenProcess
Windows NtOpenThread
Windows NtProtectVirtualMemory
Windows NtQuerySystemTime
Windows NtReadFile
Windows NtReadFileScatter
Windows NtResumeThread
Windows NtSetInformationFile Argument FileDispositionInformation
Windows NtSetThreadContext
Windows NtSuspendProcess
Windows NtSuspendThread
Windows NtTerminateProcess
Windows NtWriteFile
Windows NtWriteFileGather
Windows NtWriteVirtualMemory
Windows OpenProcess
Windows OpenThread
Windows QueryPerformanceCounter
Windows ReadFile
Windows Registry
Windows Registry Key
Windows Registry Value
Windows ResumeThread
Windows SetThreadContext
Windows Shortcut File
Windows SuspendThread
Windows TerminateProcess
Windows VirtualAllocEx
Windows VirtualFree
Windows VirtualProtectEx
Windows WriteFile
Windows WriteProcessMemory
Wireless Access Point
Wireless Router
Write File
Write Memory
Zero Client Computer
Properties
- name
- Digital Information
Neighbors
DigitalInformation
has no direct neighbors in this release.Inferred Relationships
Hierarchy
(filtered)
Related Countermeasure Techniques
graph LR; BootloaderAuthentication["Bootloader Authentication"] --> | authenticates | BootLoader["Boot Loader"]; class BootloaderAuthentication DefensiveTechniqueNode; class BootLoader ArtifactNode; click BootloaderAuthentication href "/technique/d3f:BootloaderAuthentication"; click BootLoader href "/dao/artifact/d3f:BootLoader";DatabaseQueryStringAnalysis["Database Query String Analysis"] --> | analyzes | DatabaseQuery["Database Query"]; class DatabaseQueryStringAnalysis DefensiveTechniqueNode; class DatabaseQuery ArtifactNode; click DatabaseQueryStringAnalysis href "/technique/d3f:DatabaseQueryStringAnalysis"; click DatabaseQuery href "/dao/artifact/d3f:DatabaseQuery";DomainNameReputationAnalysis["Domain Name Reputation Analysis"] --> | analyzes | DomainName["Domain Name"]; class DomainNameReputationAnalysis DefensiveTechniqueNode; class DomainName ArtifactNode; click DomainNameReputationAnalysis href "/technique/d3f:DomainNameReputationAnalysis"; click DomainName href "/dao/artifact/d3f:DomainName";DomainRegistrationTakedown["Domain Registration Takedown"] --> | deletes | DomainRegistration["Domain Registration"]; class DomainRegistrationTakedown DefensiveTechniqueNode; class DomainRegistration ArtifactNode; click DomainRegistrationTakedown href "/technique/d3f:DomainRegistrationTakedown"; click DomainRegistration href "/dao/artifact/d3f:DomainRegistration";FileHashReputationAnalysis["File Hash Reputation Analysis"] --> | analyzes | FileHash["File Hash"]; class FileHashReputationAnalysis DefensiveTechniqueNode; class FileHash ArtifactNode; click FileHashReputationAnalysis href "/technique/d3f:FileHashReputationAnalysis"; click FileHash href "/dao/artifact/d3f:FileHash";FirmwareEmbeddedMonitoringCode["Firmware Embedded Monitoring Code"] --> | analyzes | Firmware["Firmware"]; class FirmwareEmbeddedMonitoringCode DefensiveTechniqueNode; class Firmware ArtifactNode; click FirmwareEmbeddedMonitoringCode href "/technique/d3f:FirmwareEmbeddedMonitoringCode"; click Firmware href "/dao/artifact/d3f:Firmware";FirmwareBehaviorAnalysis["Firmware Behavior Analysis"] --> | analyzes | Firmware["Firmware"]; class FirmwareBehaviorAnalysis DefensiveTechniqueNode; class Firmware ArtifactNode; click FirmwareBehaviorAnalysis href "/technique/d3f:FirmwareBehaviorAnalysis"; click Firmware href "/dao/artifact/d3f:Firmware";FirmwareVerification["Firmware Verification"] --> | verifies | Firmware["Firmware"]; class FirmwareVerification DefensiveTechniqueNode; class Firmware ArtifactNode; click FirmwareVerification href "/technique/d3f:FirmwareVerification"; click Firmware href "/dao/artifact/d3f:Firmware";IPReputationAnalysis["IP Reputation Analysis"] --> | analyzes | IPAddress["IP Address"]; class IPReputationAnalysis DefensiveTechniqueNode; class IPAddress ArtifactNode; click IPReputationAnalysis href "/technique/d3f:IPReputationAnalysis"; click IPAddress href "/dao/artifact/d3f:IPAddress";IdentifierActivityAnalysis["Identifier Activity Analysis"] --> | analyzes | Identifier["Identifier"]; class IdentifierActivityAnalysis DefensiveTechniqueNode; class Identifier ArtifactNode; click IdentifierActivityAnalysis href "/technique/d3f:IdentifierActivityAnalysis"; click Identifier href "/dao/artifact/d3f:Identifier";ScheduledJobAnalysis["Scheduled Job Analysis"] --> | analyzes | JobSchedule["Job Schedule"]; class ScheduledJobAnalysis DefensiveTechniqueNode; class JobSchedule ArtifactNode; click ScheduledJobAnalysis href "/technique/d3f:ScheduledJobAnalysis"; click JobSchedule href "/dao/artifact/d3f:JobSchedule";PeripheralFirmwareVerification["Peripheral Firmware Verification"] --> | verifies | PeripheralFirmware["Peripheral Firmware"]; class PeripheralFirmwareVerification DefensiveTechniqueNode; class PeripheralFirmware ArtifactNode; click PeripheralFirmwareVerification href "/technique/d3f:PeripheralFirmwareVerification"; click PeripheralFirmware href "/dao/artifact/d3f:PeripheralFirmware";PointerAuthentication["Pointer Authentication"] --> | authenticates | Pointer["Pointer"]; class PointerAuthentication DefensiveTechniqueNode; class Pointer ArtifactNode; click PointerAuthentication href "/technique/d3f:PointerAuthentication"; click Pointer href "/dao/artifact/d3f:Pointer";ExceptionHandlerPointerValidation["Exception Handler Pointer Validation"] --> | validates | Pointer["Pointer"]; class ExceptionHandlerPointerValidation DefensiveTechniqueNode; class Pointer ArtifactNode; click ExceptionHandlerPointerValidation href "/technique/d3f:ExceptionHandlerPointerValidation"; click Pointer href "/dao/artifact/d3f:Pointer";CertificatePinning["Certificate Pinning"] --> | authenticates | PublicKey["Public Key"]; class CertificatePinning DefensiveTechniqueNode; class PublicKey ArtifactNode; click CertificatePinning href "/technique/d3f:CertificatePinning"; click PublicKey href "/dao/artifact/d3f:PublicKey";ServiceBinaryVerification["Service Binary Verification"] --> | verifies | ServiceApplication["Service Application"]; class ServiceBinaryVerification DefensiveTechniqueNode; class ServiceApplication ArtifactNode; click ServiceBinaryVerification href "/technique/d3f:ServiceBinaryVerification"; click ServiceApplication href "/dao/artifact/d3f:ServiceApplication";RestoreSoftware["Restore Software"] --> | restores | Software["Software"]; class RestoreSoftware DefensiveTechniqueNode; class Software ArtifactNode; click RestoreSoftware href "/technique/d3f:RestoreSoftware"; click Software href "/dao/artifact/d3f:Software";SoftwareUpdate["Software Update"] --> | updates | Software["Software"]; class SoftwareUpdate DefensiveTechniqueNode; class Software ArtifactNode; click SoftwareUpdate href "/technique/d3f:SoftwareUpdate"; click Software href "/dao/artifact/d3f:Software";SystemFirmwareVerification["System Firmware Verification"] --> | verifies | SystemFirmware["System Firmware"]; class SystemFirmwareVerification DefensiveTechniqueNode; class SystemFirmware ArtifactNode; click SystemFirmwareVerification href "/technique/d3f:SystemFirmwareVerification"; click SystemFirmware href "/dao/artifact/d3f:SystemFirmware";URLReputationAnalysis["URL Reputation Analysis"] --> | analyzes | URL["URL"]; class URLReputationAnalysis DefensiveTechniqueNode; class URL ArtifactNode; click URLReputationAnalysis href "/technique/d3f:URLReputationAnalysis"; click URL href "/dao/artifact/d3f:URL";URLAnalysis["URL Analysis"] --> | analyzes | URL["URL"]; class URLAnalysis DefensiveTechniqueNode; class URL ArtifactNode; click URLAnalysis href "/technique/d3f:URLAnalysis"; click URL href "/dao/artifact/d3f:URL";HomoglyphDetection["Homoglyph Detection"] --> | analyzes | URL["URL"]; class HomoglyphDetection DefensiveTechniqueNode; class URL ArtifactNode; click HomoglyphDetection href "/technique/d3f:HomoglyphDetection"; click URL href "/dao/artifact/d3f:URL";
Related Weaknesses
graph LR; d3f:CWE-119["Improper Restriction of Operations within the Bounds of a Memory Buffer"] --> | weakness-of | d3f:RawMemoryAccessFunction["Raw Memory Access Function"]; class d3f:CWE-119 inbound_node; style d3f:CWE-119 fill:#f9d999; class d3f:RawMemoryAccessFunction RootArtifactNode; style d3f:RawMemoryAccessFunction fill:#fff4dd; click d3f:CWE-119 href "/weakness/cwe/CWE-119"; click d3f:RawMemoryAccessFunction href "/dao/artifact/d3f:RawMemoryAccessFunction";d3f:CWE-125["Out-of-bounds Read"] --> | weakness-of | d3f:RawMemoryAccessFunction["Raw Memory Access Function"]; class d3f:CWE-125 inbound_node; style d3f:CWE-125 fill:#f9d999; class d3f:RawMemoryAccessFunction RootArtifactNode; style d3f:RawMemoryAccessFunction fill:#fff4dd; click d3f:CWE-125 href "/weakness/cwe/CWE-125"; click d3f:RawMemoryAccessFunction href "/dao/artifact/d3f:RawMemoryAccessFunction";d3f:CWE-190["Integer Overflow or Wraparound"] --> | weakness-of | d3f:MathematicalFunction["Mathematical Function"]; class d3f:CWE-190 inbound_node; style d3f:CWE-190 fill:#f9d999; class d3f:MathematicalFunction RootArtifactNode; style d3f:MathematicalFunction fill:#fff4dd; click d3f:CWE-190 href "/weakness/cwe/CWE-190"; click d3f:MathematicalFunction href "/dao/artifact/d3f:MathematicalFunction";d3f:CWE-20["Improper Input Validation"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-20 inbound_node; style d3f:CWE-20 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-20 href "/weakness/cwe/CWE-20"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-22["Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-22 inbound_node; style d3f:CWE-22 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-22 href "/weakness/cwe/CWE-22"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-276["Incorrect Default Permissions"] --> | weakness-of | d3f:ApplicationInstaller["Application Installer"]; class d3f:CWE-276 inbound_node; style d3f:CWE-276 fill:#f9d999; class d3f:ApplicationInstaller RootArtifactNode; style d3f:ApplicationInstaller fill:#fff4dd; click d3f:CWE-276 href "/weakness/cwe/CWE-276"; click d3f:ApplicationInstaller href "/dao/artifact/d3f:ApplicationInstaller";d3f:CWE-287["Improper Authentication"] --> | weakness-of | d3f:AuthenticationFunction["Authentication Function"]; class d3f:CWE-287 inbound_node; style d3f:CWE-287 fill:#f9d999; class d3f:AuthenticationFunction RootArtifactNode; style d3f:AuthenticationFunction fill:#fff4dd; click d3f:CWE-287 href "/weakness/cwe/CWE-287"; click d3f:AuthenticationFunction href "/dao/artifact/d3f:AuthenticationFunction";d3f:CWE-352["Cross-Site Request Forgery (CSRF)"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-352 inbound_node; style d3f:CWE-352 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-352 href "/weakness/cwe/CWE-352"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-362["Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"] --> | weakness-of | d3f:SharedResourceAccessFunction["Shared Resource Access Function"]; class d3f:CWE-362 inbound_node; style d3f:CWE-362 fill:#f9d999; class d3f:SharedResourceAccessFunction RootArtifactNode; style d3f:SharedResourceAccessFunction fill:#fff4dd; click d3f:CWE-362 href "/weakness/cwe/CWE-362"; click d3f:SharedResourceAccessFunction href "/dao/artifact/d3f:SharedResourceAccessFunction";d3f:CWE-434["Unrestricted Upload of File with Dangerous Type"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-434 inbound_node; style d3f:CWE-434 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-434 href "/weakness/cwe/CWE-434"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-476["NULL Pointer Dereference"] --> | weakness-of | d3f:PointerDereferencingFunction["Pointer Dereferencing Function"]; class d3f:CWE-476 inbound_node; style d3f:CWE-476 fill:#f9d999; class d3f:PointerDereferencingFunction RootArtifactNode; style d3f:PointerDereferencingFunction fill:#fff4dd; click d3f:CWE-476 href "/weakness/cwe/CWE-476"; click d3f:PointerDereferencingFunction href "/dao/artifact/d3f:PointerDereferencingFunction";d3f:CWE-502["Deserialization of Untrusted Data"] --> | weakness-of | d3f:DeserializationFunction["Deserialization Function"]; class d3f:CWE-502 inbound_node; style d3f:CWE-502 fill:#f9d999; class d3f:DeserializationFunction RootArtifactNode; style d3f:DeserializationFunction fill:#fff4dd; click d3f:CWE-502 href "/weakness/cwe/CWE-502"; click d3f:DeserializationFunction href "/dao/artifact/d3f:DeserializationFunction";d3f:CWE-502["Deserialization of Untrusted Data"] --> | may-be-weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-502 inbound_node; style d3f:CWE-502 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-502 href "/weakness/cwe/CWE-502"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-611["Improper Restriction of XML External Entity Reference"] --> | weakness-of | d3f:ExternalContentInclusionFunction["External Content Inclusion Function"]; class d3f:CWE-611 inbound_node; style d3f:CWE-611 fill:#f9d999; class d3f:ExternalContentInclusionFunction RootArtifactNode; style d3f:ExternalContentInclusionFunction fill:#fff4dd; click d3f:CWE-611 href "/weakness/cwe/CWE-611"; click d3f:ExternalContentInclusionFunction href "/dao/artifact/d3f:ExternalContentInclusionFunction";d3f:CWE-77["Improper Neutralization of Special Elements used in a Command ('Command Injection')"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-77 inbound_node; style d3f:CWE-77 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-77 href "/weakness/cwe/CWE-77"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-78["Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"] --> | may-be-weakness-of | d3f:EvalFunction["Eval Function"]; class d3f:CWE-78 inbound_node; style d3f:CWE-78 fill:#f9d999; class d3f:EvalFunction RootArtifactNode; style d3f:EvalFunction fill:#fff4dd; click d3f:CWE-78 href "/weakness/cwe/CWE-78"; click d3f:EvalFunction href "/dao/artifact/d3f:EvalFunction";d3f:CWE-78["Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"] --> | may-be-weakness-of | d3f:ProcessStartFunction["Process Start Function"]; class d3f:CWE-78 inbound_node; style d3f:CWE-78 fill:#f9d999; class d3f:ProcessStartFunction RootArtifactNode; style d3f:ProcessStartFunction fill:#fff4dd; click d3f:CWE-78 href "/weakness/cwe/CWE-78"; click d3f:ProcessStartFunction href "/dao/artifact/d3f:ProcessStartFunction";d3f:CWE-78["Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"] --> | may-be-weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-78 inbound_node; style d3f:CWE-78 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-78 href "/weakness/cwe/CWE-78"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-787["Out-of-bounds Write"] --> | weakness-of | d3f:RawMemoryAccessFunction["Raw Memory Access Function"]; class d3f:CWE-787 inbound_node; style d3f:CWE-787 fill:#f9d999; class d3f:RawMemoryAccessFunction RootArtifactNode; style d3f:RawMemoryAccessFunction fill:#fff4dd; click d3f:CWE-787 href "/weakness/cwe/CWE-787"; click d3f:RawMemoryAccessFunction href "/dao/artifact/d3f:RawMemoryAccessFunction";d3f:CWE-79["Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-79 inbound_node; style d3f:CWE-79 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-79 href "/weakness/cwe/CWE-79"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-798["Use of Hard-coded Credentials"] --> | weakness-of | d3f:AuthenticationFunction["Authentication Function"]; class d3f:CWE-798 inbound_node; style d3f:CWE-798 fill:#f9d999; class d3f:AuthenticationFunction RootArtifactNode; style d3f:AuthenticationFunction fill:#fff4dd; click d3f:CWE-798 href "/weakness/cwe/CWE-798"; click d3f:AuthenticationFunction href "/dao/artifact/d3f:AuthenticationFunction";d3f:CWE-89["Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-89 inbound_node; style d3f:CWE-89 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-89 href "/weakness/cwe/CWE-89"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-918["Server-Side Request Forgery (SSRF)"] --> | weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-918 inbound_node; style d3f:CWE-918 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-918 href "/weakness/cwe/CWE-918"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";d3f:CWE-94["Improper Control of Generation of Code ('Code Injection')"] --> | may-be-weakness-of | d3f:EvalFunction["Eval Function"]; class d3f:CWE-94 inbound_node; style d3f:CWE-94 fill:#f9d999; class d3f:EvalFunction RootArtifactNode; style d3f:EvalFunction fill:#fff4dd; click d3f:CWE-94 href "/weakness/cwe/CWE-94"; click d3f:EvalFunction href "/dao/artifact/d3f:EvalFunction";d3f:CWE-94["Improper Control of Generation of Code ('Code Injection')"] --> | may-be-weakness-of | d3f:UserInputFunction["User Input Function"]; class d3f:CWE-94 inbound_node; style d3f:CWE-94 fill:#f9d999; class d3f:UserInputFunction RootArtifactNode; style d3f:UserInputFunction fill:#fff4dd; click d3f:CWE-94 href "/weakness/cwe/CWE-94"; click d3f:UserInputFunction href "/dao/artifact/d3f:UserInputFunction";
Related Offensive Techniques
graph LR; T1542003["Bootkit"] --> |may-modify| BootLoader["Boot Loader"]; class T1542003 OffensiveTechniqueNode; class BootLoader ArtifactNode; click T1542003 href "/offensive-technique/attack/T1542.003/"; click BootLoader href "/dao/artifact/d3f:BootLoader";T1176["Browser Extensions"] --> |modifies| BrowserExtension["Browser Extension"]; class T1176 OffensiveTechniqueNode; class BrowserExtension ArtifactNode; click T1176 href "/offensive-technique/attack/T1176/"; click BrowserExtension href "/dao/artifact/d3f:BrowserExtension";T1554["Compromise Host Software Binary"] --> |modifies| ClientApplication["Client Application"]; class T1554 OffensiveTechniqueNode; class ClientApplication ArtifactNode; click T1554 href "/offensive-technique/attack/T1554/"; click ClientApplication href "/dao/artifact/d3f:ClientApplication";T1546005["Trap"] --> |executes| Command["Command"]; class T1546005 OffensiveTechniqueNode; class Command ArtifactNode; click T1546005 href "/offensive-technique/attack/T1546.005/"; click Command href "/dao/artifact/d3f:Command";T1218014["MMC"] --> |executes| Command["Command"]; class T1218014 OffensiveTechniqueNode; class Command ArtifactNode; click T1218014 href "/offensive-technique/attack/T1218.014/"; click Command href "/dao/artifact/d3f:Command";T1127001["MSBuild"] --> |runs| Compiler["Compiler"]; class T1127001 OffensiveTechniqueNode; class Compiler ArtifactNode; click T1127001 href "/offensive-technique/attack/T1127.001/"; click Compiler href "/dao/artifact/d3f:Compiler";T1212["Exploitation for Credential Access"] --> |may-access| CredentialManagementSystem["Credential Management System"]; class T1212 OffensiveTechniqueNode; class CredentialManagementSystem ArtifactNode; click T1212 href "/offensive-technique/attack/T1212/"; click CredentialManagementSystem href "/dao/artifact/d3f:CredentialManagementSystem";T1190["Exploit Public-Facing Application"] --> |injects| DatabaseQuery["Database Query"]; class T1190 OffensiveTechniqueNode; class DatabaseQuery ArtifactNode; click T1190 href "/offensive-technique/attack/T1190/"; click DatabaseQuery href "/dao/artifact/d3f:DatabaseQuery";T1518001["Security Software Discovery"] --> |may-access| FileSystemMetadata["File System Metadata"]; class T1518001 OffensiveTechniqueNode; class FileSystemMetadata ArtifactNode; click T1518001 href "/offensive-technique/attack/T1518.001/"; click FileSystemMetadata href "/dao/artifact/d3f:FileSystemMetadata";T1036002["Right-to-Left Override"] --> |modifies| FileSystemMetadata["File System Metadata"]; class T1036002 OffensiveTechniqueNode; class FileSystemMetadata ArtifactNode; click T1036002 href "/offensive-technique/attack/T1036.002/"; click FileSystemMetadata href "/dao/artifact/d3f:FileSystemMetadata";T1036007["Double File Extension"] --> |modifies| FileSystemMetadata["File System Metadata"]; class T1036007 OffensiveTechniqueNode; class FileSystemMetadata ArtifactNode; click T1036007 href "/offensive-technique/attack/T1036.007/"; click FileSystemMetadata href "/dao/artifact/d3f:FileSystemMetadata";T1070006["Timestomp"] --> |forges| FileSystemMetadata["File System Metadata"]; class T1070006 OffensiveTechniqueNode; class FileSystemMetadata ArtifactNode; click T1070006 href "/offensive-technique/attack/T1070.006/"; click FileSystemMetadata href "/dao/artifact/d3f:FileSystemMetadata";T1553001["Gatekeeper Bypass"] --> |modifies| FileSystemMetadata["File System Metadata"]; class T1553001 OffensiveTechniqueNode; class FileSystemMetadata ArtifactNode; click T1553001 href "/offensive-technique/attack/T1553.001/"; click FileSystemMetadata href "/dao/artifact/d3f:FileSystemMetadata";T1564001["Hidden Files and Directories"] --> |modifies| FileSystemMetadata["File System Metadata"]; class T1564001 OffensiveTechniqueNode; class FileSystemMetadata ArtifactNode; click T1564001 href "/offensive-technique/attack/T1564.001/"; click FileSystemMetadata href "/dao/artifact/d3f:FileSystemMetadata";T1564004["NTFS File Attributes"] --> |modifies| FileSystemMetadata["File System Metadata"]; class T1564004 OffensiveTechniqueNode; class FileSystemMetadata ArtifactNode; click T1564004 href "/offensive-technique/attack/T1564.004/"; click FileSystemMetadata href "/dao/artifact/d3f:FileSystemMetadata";T1542002["Component Firmware"] --> |modifies| Firmware["Firmware"]; class T1542002 OffensiveTechniqueNode; class Firmware ArtifactNode; click T1542002 href "/offensive-technique/attack/T1542.002/"; click Firmware href "/dao/artifact/d3f:Firmware";T1014["Rootkit"] --> |may-modify| Firmware["Firmware"]; class T1014 OffensiveTechniqueNode; class Firmware ArtifactNode; click T1014 href "/offensive-technique/attack/T1014/"; click Firmware href "/dao/artifact/d3f:Firmware";T1053["Scheduled Task/Job"] --> |modifies| JobSchedule["Job Schedule"]; class T1053 OffensiveTechniqueNode; class JobSchedule ArtifactNode; click T1053 href "/offensive-technique/attack/T1053/"; click JobSchedule href "/dao/artifact/d3f:JobSchedule";T1036004["Masquerade Task or Service"] --> |modifies| JobSchedule["Job Schedule"]; class T1036004 OffensiveTechniqueNode; class JobSchedule ArtifactNode; click T1036004 href "/offensive-technique/attack/T1036.004/"; click JobSchedule href "/dao/artifact/d3f:JobSchedule";T1014["Rootkit"] --> |may-modify| Kernel["Kernel"]; class T1014 OffensiveTechniqueNode; class Kernel ArtifactNode; click T1014 href "/offensive-technique/attack/T1014/"; click Kernel href "/dao/artifact/d3f:Kernel";T1137006["Add-ins"] --> |modifies| OfficeApplication["Office Application"]; class T1137006 OffensiveTechniqueNode; class OfficeApplication ArtifactNode; click T1137006 href "/offensive-technique/attack/T1137.006/"; click OfficeApplication href "/dao/artifact/d3f:OfficeApplication";T1552004["Private Keys"] --> |accesses| PrivateKey["Private Key"]; class T1552004 OffensiveTechniqueNode; class PrivateKey ArtifactNode; click T1552004 href "/offensive-technique/attack/T1552.004/"; click PrivateKey href "/dao/artifact/d3f:PrivateKey";T1574005["Executable Installer File Permissions Weakness"] --> |modifies| ServiceApplication["Service Application"]; class T1574005 OffensiveTechniqueNode; class ServiceApplication ArtifactNode; click T1574005 href "/offensive-technique/attack/T1574.005/"; click ServiceApplication href "/dao/artifact/d3f:ServiceApplication";T1574010["Services File Permissions Weakness"] --> |modifies| ServiceApplication["Service Application"]; class T1574010 OffensiveTechniqueNode; class ServiceApplication ArtifactNode; click T1574010 href "/offensive-technique/attack/T1574.010/"; click ServiceApplication href "/dao/artifact/d3f:ServiceApplication";T1546011["Application Shimming"] --> |creates| Shim["Shim"]; class T1546011 OffensiveTechniqueNode; class Shim ArtifactNode; click T1546011 href "/offensive-technique/attack/T1546.011/"; click Shim href "/dao/artifact/d3f:Shim";T1505004["IIS Components"] --> |adds| Software["Software"]; class T1505004 OffensiveTechniqueNode; class Software ArtifactNode; click T1505004 href "/offensive-technique/attack/T1505.004/"; click Software href "/dao/artifact/d3f:Software";T1072["Software Deployment Tools"] --> |installs| Software["Software"]; class T1072 OffensiveTechniqueNode; class Software ArtifactNode; click T1072 href "/offensive-technique/attack/T1072/"; click Software href "/dao/artifact/d3f:Software";T1218014["MMC"] --> |may-add| Software["Software"]; class T1218014 OffensiveTechniqueNode; class Software ArtifactNode; click T1218014 href "/offensive-technique/attack/T1218.014/"; click Software href "/dao/artifact/d3f:Software";T1195001["Compromise Software Dependencies and Development Tools"] --> |modifies| Software["Software"]; class T1195001 OffensiveTechniqueNode; class Software ArtifactNode; click T1195001 href "/offensive-technique/attack/T1195.001/"; click Software href "/dao/artifact/d3f:Software";T1195002["Compromise Software Supply Chain"] --> |modifies| Software["Software"]; class T1195002 OffensiveTechniqueNode; class Software ArtifactNode; click T1195002 href "/offensive-technique/attack/T1195.002/"; click Software href "/dao/artifact/d3f:Software";T1137006["Add-ins"] --> |adds| Software["Software"]; class T1137006 OffensiveTechniqueNode; class Software ArtifactNode; click T1137006 href "/offensive-technique/attack/T1137.006/"; click Software href "/dao/artifact/d3f:Software";T1072["Software Deployment Tools"] --> |executes| SoftwareDeploymentTool["Software Deployment Tool"]; class T1072 OffensiveTechniqueNode; class SoftwareDeploymentTool ArtifactNode; click T1072 href "/offensive-technique/attack/T1072/"; click SoftwareDeploymentTool href "/dao/artifact/d3f:SoftwareDeploymentTool";T1505001["SQL Stored Procedures"] --> |creates| StoredProcedure["Stored Procedure"]; class T1505001 OffensiveTechniqueNode; class StoredProcedure ArtifactNode; click T1505001 href "/offensive-technique/attack/T1505.001/"; click StoredProcedure href "/dao/artifact/d3f:StoredProcedure";T1542001["System Firmware"] --> |modifies| SystemFirmware["System Firmware"]; class T1542001 OffensiveTechniqueNode; class SystemFirmware ArtifactNode; click T1542001 href "/offensive-technique/attack/T1542.001/"; click SystemFirmware href "/dao/artifact/d3f:SystemFirmware";T1542004["ROMMONkit"] --> |modifies| SystemFirmware["System Firmware"]; class T1542004 OffensiveTechniqueNode; class SystemFirmware ArtifactNode; click T1542004 href "/offensive-technique/attack/T1542.004/"; click SystemFirmware href "/dao/artifact/d3f:SystemFirmware";T1547008["LSASS Driver"] --> |modifies| SystemServiceSoftware["System Service Software"]; class T1547008 OffensiveTechniqueNode; class SystemServiceSoftware ArtifactNode; click T1547008 href "/offensive-technique/attack/T1547.008/"; click SystemServiceSoftware href "/dao/artifact/d3f:SystemServiceSoftware";T1497003["Time Based Evasion"] --> |may-run| SystemTimeApplication["System Time Application"]; class T1497003 OffensiveTechniqueNode; class SystemTimeApplication ArtifactNode; click T1497003 href "/offensive-technique/attack/T1497.003/"; click SystemTimeApplication href "/dao/artifact/d3f:SystemTimeApplication";T1189["Drive-by Compromise"] --> |produces| URL["URL"]; class T1189 OffensiveTechniqueNode; class URL ArtifactNode; click T1189 href "/offensive-technique/attack/T1189/"; click URL href "/dao/artifact/d3f:URL";T1566002["Spearphishing Link"] --> |produces| URL["URL"]; class T1566002 OffensiveTechniqueNode; class URL ArtifactNode; click T1566002 href "/offensive-technique/attack/T1566.002/"; click URL href "/dao/artifact/d3f:URL";T1566003["Spearphishing via Service"] --> |produces| URL["URL"]; class T1566003 OffensiveTechniqueNode; class URL ArtifactNode; click T1566003 href "/offensive-technique/attack/T1566.003/"; click URL href "/dao/artifact/d3f:URL";T1204001["Malicious Link"] --> |accesses| URL["URL"]; class T1204001 OffensiveTechniqueNode; class URL ArtifactNode; click T1204001 href "/offensive-technique/attack/T1204.001/"; click URL href "/dao/artifact/d3f:URL";T1564006["Run Virtual Instance"] --> |executes| VirtualizationSoftware["Virtualization Software"]; class T1564006 OffensiveTechniqueNode; class VirtualizationSoftware ArtifactNode; click T1564006 href "/offensive-technique/attack/T1564.006/"; click VirtualizationSoftware href "/dao/artifact/d3f:VirtualizationSoftware";T1564006["Run Virtual Instance"] --> |may-add| VirtualizationSoftware["Virtualization Software"]; class T1564006 OffensiveTechniqueNode; class VirtualizationSoftware ArtifactNode; click T1564006 href "/offensive-technique/attack/T1564.006/"; click VirtualizationSoftware href "/dao/artifact/d3f:VirtualizationSoftware";T1056003["Web Portal Capture"] --> |modifies| WebServerApplication["Web Server Application"]; class T1056003 OffensiveTechniqueNode; class WebServerApplication ArtifactNode; click T1056003 href "/offensive-technique/attack/T1056.003/"; click WebServerApplication href "/dao/artifact/d3f:WebServerApplication";