Show in Graph
Common Information
Type Value
Value 
Exploit Public-Facing Application - T1190
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description The use of software, data, or commands to take advantage of a weakness in an Internet-facing computer system or program in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL) (Citation: NVD CVE-2016-6662), standard services (like SMB (Citation: CIS Multiple SMB Vulnerabilities) or SSH), and any other applications with Internet accessible open sockets, such as web servers and related services. (Citation: NVD CVE-2014-7169) Depending on the flaw being exploited this may include Exploitation for Defense Evasion. For websites and databases, the OWASP top 10 gives a good list of the top 10 most common web-based vulnerabilities. (Citation: OWASP Top 10) Detection: Monitor application logs for abnormal behavior that may indicate attempted or successful exploitation. Use deep packet inspection to look for artifacts of common exploit traffic, such as SQL injection. Web Application Firewalls may detect improper inputs attempting exploitation. Platforms: Linux, Windows, macOS Data Sources: Application logs, Packet capture, Web logs, Web application firewall logs
Details Published Attributes CTI Title
Details Website 2024-07-02 5 Pentesting results for 2023
Details Website 2024-07-01 4 A Vulnerability in OpenSSH Could Allow for Remote Code Execution
Details Website 2024-06-28 41 Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer
Details Website 2024-06-25 3 Multiple Vulnerabilities in Progress MOVEit Products Could Allow for Authentication Bypass
Details Website 2024-06-24 24 Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation | Recorded Future
Details Website 2024-06-18 4 Multiple Vulnerabilities in VMware Products Could Allow for Remote Code Execution
Details Website 2024-06-07 22 DERO cryptojacking adopts new techniques to evade detection | Wiz Blog
Details Website 2024-06-06 9 Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers
Details Website 2024-06-06 9 Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers
Details Website 2024-06-04 3 Multiple Vulnerabilities in Progress Telerik Report Server Could Allow for Remote Code Execution
Details Website 2024-06-01 48 Ngioweb Remains Active 7 Years Later
Details Website 2024-05-30 4 Multiple Vulnerabilities in LenelS2 NetBox Could Allow for Arbitrary Code Execution
Details Website 2024-05-30 18 Decoding Water Sigbin's Latest Obfuscation Tricks
Details Website 2024-05-30 19 Decoding Water Sigbin's Latest Obfuscation Tricks
Details Website 2024-05-23 1 A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass
Details Website 2024-05-11 12 Healthcare's Black Basta Bash
Details Website 2024-05-10 256 #StopRansomware: Black Basta | CISA
Details Website 2024-05-09 2 A Vulnerability in F5 BIG-IP Next Central Manager Could Allow for Remote Code Execution
Details Website 2024-05-09 2 A Vulnerability in F5 BIG-IP Next Central Manager Could Allow for Remote Code Execution
Details Website 2024-04-21 21 CVE-2024-3400: Critical Palo Alto PAN-OS Command Injection Vulnerability Exploited by Sysrv Botnet's XMRig Malware
Details Website 2024-03-28 21 MSSQL to ScreenConnect | Huntress
Details Website 2024-03-18 96 Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Details Website 2024-03-18 96 Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Details Website 2024-03-13 3 Threat Intelligence for Financial Services | Recorded Future
Details Website 2024-03-06 59 Тень пентестера: эксперты F.A.C.C.T. исследовали неизвестные атаки вымогателей Shadow