Initial Access (11 techniques)
Vectors used to gain an initial foothold in a target network.
The Initial Access tactic groups MITRE ATT&CK techniques used by adversaries tovectors used to gain an initial foothold in a target network. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1078 — Valid AccountsContainers, ESXi, IaaS, Identity Provider, Linux, macOS, Network Devices, Office Suite, SaaS, Windows
- T1091 — Replication Through Removable MediaWindows
- T1133 — External Remote ServicesContainers, Linux, macOS, Windows
- T1189 — Drive-by CompromiseIdentity Provider, Linux, macOS, Windows
- T1190 — Exploit Public-Facing ApplicationContainers, ESXi, IaaS, Linux, macOS, Network Devices, Windows
- T1195 — Supply Chain CompromiseLinux, Windows, macOS, SaaS
- T1199 — Trusted RelationshipIaaS, Identity Provider, Linux, macOS, Office Suite, SaaS, Windows
- T1200 — Hardware AdditionsWindows, Linux, macOS
- T1566 — PhishingIdentity Provider, Linux, macOS, Office Suite, SaaS, Windows
- T1659 — Content InjectionLinux, macOS, Windows
- T1669 — Wi-Fi NetworksLinux, Network Devices, Windows, macOS
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses