MITRE ATT&CK Coverage

Techniques observed across 26 engagements

New Scan
6
Techniques Found
5
Tactics Covered
11
Techniques in DB

Tactics Observed

Credential Access / Collection Discovery Execution Initial Access Reconnaissance

Technique Coverage Table

Technique IDNameTacticFindingsSeveritiesMitigation
T1046 Network Service Discovery Discovery 30 LOW M1030 - Network Segmentation; M1031 - Network Intrusion Prevention
T1059.007 Command and Scripting Interpreter: JavaScript Execution 5 HIGH M1038 - Execution Prevention; M1040 - Behavior Prevention on Endpoint
T1189 Drive-by Compromise Initial Access 5 MEDIUM M1048 - Application Isolation and Sandboxing; M1050 - Exploit Protection
T1190 Exploit Public-Facing Application Initial Access 63 CRITICAL HIGH MEDIUM LOW M1048 - Application Isolation and Sandboxing; M1030 - Network Segmentation; M1016 - Vulnerability Scanning
T1557 Adversary-in-the-Middle Credential Access / Collection 13 HIGH LOW M1041 - Encrypt Sensitive Information; M1035 - Limit Access to Resource Over Network
T1592 Gather Victim Host Information Reconnaissance 93 CRITICAL HIGH MEDIUM LOW M1056 - Pre-compromise; minimize public information disclosure

Full Technique Database

All techniques Qpen maps to. Highlighted rows have been observed in your engagements.

IDNameTacticStatusMitigation
T1190 Exploit Public-Facing Application Initial Access OBSERVED M1048 - Application Isolation and Sandboxing; M1030 - Network Segmentation; M1016 - Vulnerability Scanning
T1592 Gather Victim Host Information Reconnaissance OBSERVED M1056 - Pre-compromise; minimize public information disclosure
T1046 Network Service Discovery Discovery OBSERVED M1030 - Network Segmentation; M1031 - Network Intrusion Prevention
T1133 External Remote Services Persistence / Initial Access Not seen M1035 - Limit Access to Resource Over Network; M1032 - Multi-factor Authentication
T1040 Network Sniffing Credential Access / Discovery Not seen M1041 - Encrypt Sensitive Information; M1032 - Multi-factor Authentication
T1557 Adversary-in-the-Middle Credential Access / Collection OBSERVED M1041 - Encrypt Sensitive Information; M1035 - Limit Access to Resource Over Network
T1059.007 Command and Scripting Interpreter: JavaScript Execution OBSERVED M1038 - Execution Prevention; M1040 - Behavior Prevention on Endpoint
T1189 Drive-by Compromise Initial Access OBSERVED M1048 - Application Isolation and Sandboxing; M1050 - Exploit Protection
T1539 Steal Web Session Cookie Credential Access Not seen M1054 - Software Configuration; set Secure, HttpOnly, SameSite flags
T1021.001 Remote Services: Remote Desktop Protocol Lateral Movement Not seen M1032 - Multi-factor Authentication; M1035 - Limit Access to Resource Over Network
T1021.005 Remote Services: VNC Lateral Movement Not seen M1032 - Multi-factor Authentication; M1030 - Network Segmentation