Initial Access (11 techniques)
Vectors used to gain an initial foothold in a target network.
The Initial Access tactic groups MITRE ATT&CK techniques used by adversaries tovectors used to gain an initial foothold in a target network. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1078 - Valid AccountsContainers, ESXi, IaaS, Identity Provider, Linux, macOS, Network Devices, Office Suite, SaaS, Windows
- T1091 - Replication Through Removable MediaWindows
- T1133 - External Remote ServicesContainers, Linux, macOS, Windows
- T1189 - Drive-by CompromiseIdentity Provider, Linux, macOS, Windows
- T1190 - Exploit Public-Facing ApplicationContainers, ESXi, IaaS, Linux, macOS, Network Devices, Windows
- T1195 - Supply Chain CompromiseLinux, Windows, macOS, SaaS
- T1199 - Trusted RelationshipIaaS, Identity Provider, Linux, macOS, Office Suite, SaaS, Windows
- T1200 - Hardware AdditionsWindows, Linux, macOS
- T1566 - PhishingIdentity Provider, Linux, macOS, Office Suite, SaaS, Windows
- T1659 - Content InjectionLinux, macOS, Windows
- T1669 - Wi-Fi NetworksLinux, Network Devices, Windows, macOS
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses