Show in Graph
Common Information
Type Value
Value 
Exploit Public-Facing Application - T1190
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description The use of software, data, or commands to take advantage of a weakness in an Internet-facing computer system or program in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL) (Citation: NVD CVE-2016-6662), standard services (like SMB (Citation: CIS Multiple SMB Vulnerabilities) or SSH), and any other applications with Internet accessible open sockets, such as web servers and related services. (Citation: NVD CVE-2014-7169) Depending on the flaw being exploited this may include Exploitation for Defense Evasion. For websites and databases, the OWASP top 10 gives a good list of the top 10 most common web-based vulnerabilities. (Citation: OWASP Top 10) Detection: Monitor application logs for abnormal behavior that may indicate attempted or successful exploitation. Use deep packet inspection to look for artifacts of common exploit traffic, such as SQL injection. Web Application Firewalls may detect improper inputs attempting exploitation. Platforms: Linux, Windows, macOS Data Sources: Application logs, Packet capture, Web logs, Web application firewall logs
Details Published Attributes CTI Title
Details Website 2024-09-09 14 静默入侵:Godzilla 无文件后门攻击 Atlassian Confluence | CTF导航
Details Website 2024-09-06 58 CISA Alert AA24-249A: Russian GRU Unit 29155 Targeting U.S. and Global Critical Infrastructure
Details Website 2024-09-06 46 Самые интересные киберинциденты в 2023 году: внутренние угрозы и многое другое
Details Website 2024-09-06 4 A Vulnerability in SonicWall SonicOS Management Access and SSLVPN Could Allow for Unauthorized Resource Access
Details Website 2024-09-05 396 Russian Military Cyber Actors Target US and Global Critical Infrastructure | CISA
Details Website 2024-09-05 22 Multiple Vulnerabilities in Veeam Products Could Allow for Remote Code Execution
Details Website 2024-09-03 46 Most interesting IR cases in 2023: insider threats and more
Details Website 2024-09-02 43 Iranian State-Sponsored Hackers Have Become Access Brokers For Ransomware Gangsca - Cyble
Details Website 2024-08-29 269 #StopRansomware: RansomHub Ransomware | CISA
Details Website 2024-08-28 62 Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA
Details Website 2024-08-28 23 AA24-241A : Joint Cybersecurity Advisory on Iran-based Cyber Actors Targeting US Organizations
Details Website 2024-08-28 11 Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
Details Website 2024-08-26 30 Threat Intelligence Report 20th August – 26th August 2024
Details Website 2024-08-23 3 Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Details Website 2024-08-19 20 PG_MEM: A Malware Hidden in the Postgres Processes
Details Website 2024-08-19 2 CVE-2024-7593 Detection: A Critical Vulnerability in Ivanti Virtual Traffic Manager Enables Unauthorized Admin Access - SOC Prime
Details Website 2024-08-13 9 Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution
Details Website 2024-08-12 27 You Don't Know the HAFNIUM of it...
Details Website 2024-08-01 59 DNS Early Detection - Breaking the Black Basta Ransomware Kill Chain | Infoblox
Details Website 2024-07-29 7 2023 Activities Summary of SectorJ groups (JPN) – Red Alert
Details Website 2024-07-26 22 RansomHub Ransomware – New Infection Chains Unveiled
Details Website 2024-07-25 59 How APT groups operate in Southeast Asia
Details Website 2024-07-22 2 A Vulnerability in Cisco Secure Email Gateway Could Allow for Remote Code Execution
Details Website 2024-07-09 2 A Vulnerability in OpenSSH Could Allow for Remote Code Execution
Details Website 2024-07-05 12 Turning Jenkins Into a Cryptomining Machine From an Attackers Perspective