Initial Access (11 techniques)
Vectors used to gain an initial foothold in a target network.
The Initial Access tactic groups MITRE ATT&CK techniques used by adversaries to vectors used to gain an initial foothold in a target network. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1078 — Valid Accounts Containers, ESXi, IaaS, Identity Provider, Linux, macOS, Network Devices, Office Suite, SaaS, Windows
- T1091 — Replication Through Removable Media Windows
- T1133 — External Remote Services Containers, Linux, macOS, Windows
- T1189 — Drive-by Compromise Identity Provider, Linux, macOS, Windows
- T1190 — Exploit Public-Facing Application Containers, ESXi, IaaS, Linux, macOS, Network Devices, Windows
- T1195 — Supply Chain Compromise Linux, Windows, macOS, SaaS
- T1199 — Trusted Relationship IaaS, Identity Provider, Linux, macOS, Office Suite, SaaS, Windows
- T1200 — Hardware Additions Windows, Linux, macOS
- T1566 — Phishing Identity Provider, Linux, macOS, Office Suite, SaaS, Windows
- T1659 — Content Injection Linux, macOS, Windows
- T1669 — Wi-Fi Networks Linux, Network Devices, Windows, macOS
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses