Esc
Brute Force - T1110
(ATT&CK® Technique)
Definition
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained. Without knowledge of the password for an account or set of accounts, an adversary may systematically guess the password using a repetitive or iterative mechanism. Brute forcing passwords can take place via interaction with a service that will check the validity of those credentials or offline against previously acquired credential data, such as password hashes.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1110["Brute Force"] --> |accesses| Password["Password"]; class T1110 OffensiveTechniqueNode;
class Password ArtifactNode; click Password href "/dao/artifact/d3f:Password";
click T1110 href "/offensive-technique/attack/T1110/"; click Password href "/dao/artifact/d3f:Password"; T1110["Brute Force"] --> |may-create| IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; class T1110 OffensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic";
click T1110 href "/offensive-technique/attack/T1110/"; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; T1110["Brute Force"] --> |modifies| AuthenticationLog["Authentication Log"]; class T1110 OffensiveTechniqueNode;
class AuthenticationLog ArtifactNode; click AuthenticationLog href "/dao/artifact/d3f:AuthenticationLog";
click T1110 href "/offensive-technique/attack/T1110/"; click AuthenticationLog href "/dao/artifact/d3f:AuthenticationLog"; ConnectionAttemptAnalysis["Connection Attempt Analysis"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
ConnectionAttemptAnalysis["Connection Attempt Analysis"] -.->
| may-detect | T1110["Brute Force"] ;
class ConnectionAttemptAnalysis DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click ConnectionAttemptAnalysis href "/technique/d3f:ConnectionAttemptAnalysis"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.->
| may-detect | T1110["Brute Force"] ;
class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] -.->
| may-detect | T1110["Brute Force"] ;
class AdministrativeNetworkActivityAnalysis DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click AdministrativeNetworkActivityAnalysis href "/technique/d3f:AdministrativeNetworkActivityAnalysis"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.->
| may-detect | T1110["Brute Force"] ;
class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; DecoyUserCredential["Decoy User Credential"] -->
| spoofs | Password["Password"];
DecoyUserCredential["Decoy User Credential"] -.->
| may-deceive | T1110["Brute Force"] ;
class DecoyUserCredential DefensiveTechniqueNode;
class Password ArtifactNode;
click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] -.->
| may-detect | T1110["Brute Force"] ;
class NetworkTrafficSignatureAnalysis DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click NetworkTrafficSignatureAnalysis href "/technique/d3f:NetworkTrafficSignatureAnalysis"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.->
| may-detect | T1110["Brute Force"] ;
class RemoteTerminalSessionDetection DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; Client-serverPayloadProfiling["Client-server Payload Profiling"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
Client-serverPayloadProfiling["Client-server Payload Profiling"] -.->
| may-detect | T1110["Brute Force"] ;
class Client-serverPayloadProfiling DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.->
| may-detect | T1110["Brute Force"] ;
class NetworkTrafficCommunityDeviation DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -->
| analyzes | Password["Password"];
CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.->
| may-detect | T1110["Brute Force"] ;
class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -->
| analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.->
| may-detect | T1110["Brute Force"] ;
class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -->
| deletes | Password["Password"];
AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.->
| may-evict | T1110["Brute Force"] ;
class AuthenticationCacheInvalidation DefensiveTechniqueNode;
class Password ArtifactNode;
click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; CredentialRevocation["Credential Revocation"] -->
| deletes | Password["Password"];
CredentialRevocation["Credential Revocation"] -.->
| may-evict | T1110["Brute Force"] ;
class CredentialRevocation DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialRevocation href "/technique/d3f:CredentialRevocation"; StrongPasswordPolicy["Strong Password Policy"] -->
| strengthens | Password["Password"];
StrongPasswordPolicy["Strong Password Policy"] -.->
| may-harden | T1110["Brute Force"] ;
class StrongPasswordPolicy DefensiveTechniqueNode;
class Password ArtifactNode;
click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; CredentialRotation["Credential Rotation"] -->
| regenerates | Password["Password"];
CredentialRotation["Credential Rotation"] -.->
| may-harden | T1110["Brute Force"] ;
class CredentialRotation DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialRotation href "/technique/d3f:CredentialRotation"; Multi-factorAuthentication["Multi-factor Authentication"] -->
| uses | Password["Password"];
Multi-factorAuthentication["Multi-factor Authentication"] -.->
| may-harden | T1110["Brute Force"] ;
class Multi-factorAuthentication DefensiveTechniqueNode;
class Password ArtifactNode;
click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; PasswordAuthentication["Password Authentication"] -->
| uses | Password["Password"];
PasswordAuthentication["Password Authentication"] -.->
| may-harden | T1110["Brute Force"] ;
class PasswordAuthentication DefensiveTechniqueNode;
class Password ArtifactNode;
click PasswordAuthentication href "/technique/d3f:PasswordAuthentication"; CredentialTransmissionScoping["Credential Transmission Scoping"] -->
| isolates | Password["Password"];
CredentialTransmissionScoping["Credential Transmission Scoping"] -.->
| may-isolate | T1110["Brute Force"] ;
class CredentialTransmissionScoping DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; NetworkTrafficFiltering["Network Traffic Filtering"] -->
| filters | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"];
NetworkTrafficFiltering["Network Traffic Filtering"] -.->
| may-isolate | T1110["Brute Force"] ;
class NetworkTrafficFiltering DefensiveTechniqueNode;
class IntranetAdministrativeNetworkTraffic ArtifactNode;
click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; ReissueCredential["Reissue Credential"] -->
| restores | Password["Password"];
ReissueCredential["Reissue Credential"] -.->
| may-restore | T1110["Brute Force"] ;
class ReissueCredential DefensiveTechniqueNode;
class Password ArtifactNode;
click ReissueCredential href "/technique/d3f:ReissueCredential"; CredentialHardening["Credential Hardening"] -->
| hardens | Password["Password"];
CredentialHardening["Credential Hardening"] -.->
| may-harden | T1110["Brute Force"] ;
class CredentialHardening DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialHardening href "/technique/d3f:CredentialHardening"; PasswordRotation["Password Rotation"] -->
| regenerates | Password["Password"];
PasswordRotation["Password Rotation"] -.->
| may-harden | T1110["Brute Force"] ;
class PasswordRotation DefensiveTechniqueNode;
class Password ArtifactNode;
click PasswordRotation href "/technique/d3f:PasswordRotation"; One-timePassword["One-time Password"] -->
| use-limits | Password["Password"];
One-timePassword["One-time Password"] -.->
| may-harden | T1110["Brute Force"] ;
class One-timePassword DefensiveTechniqueNode;
class Password ArtifactNode;
click One-timePassword href "/technique/d3f:One-timePassword";