Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
clear tags
13 threats — page 1 of 1
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Impair Defenses | Defense Evasion | Adversaries may maliciously modify components of a victim environment in order to hinder or disable … | Edit | |
| Impair Defenses: Disable Windows Event Logging | Defense Evasion | Adversaries may disable Windows event logging to limit data that can be leveraged for detections and… | Edit | |
| Impair Defenses: Disable or Modify Cloud Firewall | Defense Evasion | Adversaries may disable or modify a firewall within a cloud environment to bypass controls that limi… | Edit | |
| Impair Defenses: Disable or Modify Cloud Logs | Defense Evasion | An adversary may disable or modify cloud logging capabilities and integrations to limit what data is… | Edit | |
| Impair Defenses: Disable or Modify Linux Audit System | Defense Evasion | Adversaries may disable or modify the Linux audit system to hide malicious activity and avoid detect… | Edit | |
| Impair Defenses: Disable or Modify Network Device Firewall | Defense Evasion | Adversaries may disable network device-based firewall mechanisms entirely or add, delete, or modify … | Edit | |
| Impair Defenses: Disable or Modify System Firewall | Defense Evasion | Adversaries may disable or modify system firewalls in order to bypass controls limiting network usag… | Edit | |
| Impair Defenses: Disable or Modify Tools | Defense Evasion | Adversaries may modify and/or disable security tools to avoid possible detection of their malware/to… | Edit | |
| Impair Defenses: Downgrade Attack | Defense Evasion | Adversaries may downgrade or use a version of system features that may be outdated, vulnerable, and/… | Edit | |
| Impair Defenses: Impair Command History Logging | Defense Evasion | Adversaries may impair command history logging to hide commands they run on a compromised system. Va… | Edit | |
| Impair Defenses: Indicator Blocking | Defense Evasion | An adversary may attempt to block indicators or events typically captured by sensors from being gath… | Edit | |
| Impair Defenses: Safe Mode Boot | Defense Evasion | Adversaries may abuse Windows safe mode to disable endpoint defenses. Safe mode starts up the Window… | Edit | |
| Impair Defenses: Spoof Security Alerting | Defense Evasion | Adversaries may spoof security alerting from tools, presenting false evidence to impair defenders’ a… | Edit |