Esc
Exploit Public-Facing Application - T1190
(ATT&CK® Technique)
Definition
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1190["Exploit Public-Facing Application"] --> |injects| DatabaseQuery["Database Query"]; class T1190 OffensiveTechniqueNode;
class DatabaseQuery ArtifactNode; click DatabaseQuery href "../../../dao/artifact/d3f:DatabaseQuery";
click T1190 href "../../../offensive-technique/attack/T1190/"; click DatabaseQuery href "../../../dao/artifact/d3f:DatabaseQuery"; T1190["Exploit Public-Facing Application"] --> |modifies| ProcessSegment["Process Segment"]; class T1190 OffensiveTechniqueNode;
class ProcessSegment ArtifactNode; click ProcessSegment href "../../../dao/artifact/d3f:ProcessSegment";
click T1190 href "../../../offensive-technique/attack/T1190/"; click ProcessSegment href "../../../dao/artifact/d3f:ProcessSegment"; T1190["Exploit Public-Facing Application"] --> |produces| InboundInternetNetworkTraffic["Inbound Internet Network Traffic"]; class T1190 OffensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode; click InboundInternetNetworkTraffic href "../../../dao/artifact/d3f:InboundInternetNetworkTraffic";
click T1190 href "../../../offensive-technique/attack/T1190/"; click InboundInternetNetworkTraffic href "../../../dao/artifact/d3f:InboundInternetNetworkTraffic"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click ProtocolMetadataAnomalyDetection href "../../../technique/d3f:ProtocolMetadataAnomalyDetection"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class RemoteTerminalSessionDetection DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click RemoteTerminalSessionDetection href "../../../technique/d3f:RemoteTerminalSessionDetection"; NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class NetworkTrafficSignatureAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click NetworkTrafficSignatureAnalysis href "../../../technique/d3f:NetworkTrafficSignatureAnalysis"; InboundSessionVolumeAnalysis["Inbound Session Volume Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
InboundSessionVolumeAnalysis["Inbound Session Volume Analysis"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class InboundSessionVolumeAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click InboundSessionVolumeAnalysis href "../../../technique/d3f:InboundSessionVolumeAnalysis"; Client-serverPayloadProfiling["Client-server Payload Profiling"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
Client-serverPayloadProfiling["Client-server Payload Profiling"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class Client-serverPayloadProfiling DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click Client-serverPayloadProfiling href "../../../technique/d3f:Client-serverPayloadProfiling"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click PerHostDownload-UploadRatioAnalysis href "../../../technique/d3f:PerHostDownload-UploadRatioAnalysis"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class NetworkTrafficCommunityDeviation DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click NetworkTrafficCommunityDeviation href "../../../technique/d3f:NetworkTrafficCommunityDeviation"; DatabaseQueryStringAnalysis["Database Query String Analysis"] -->
| analyzes | DatabaseQuery["Database Query"];
DatabaseQueryStringAnalysis["Database Query String Analysis"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class DatabaseQueryStringAnalysis DefensiveTechniqueNode;
class DatabaseQuery ArtifactNode;
click DatabaseQueryStringAnalysis href "../../../technique/d3f:DatabaseQueryStringAnalysis"; SegmentAddressOffsetRandomization["Segment Address Offset Randomization"] -->
| obfuscates | ProcessSegment["Process Segment"];
SegmentAddressOffsetRandomization["Segment Address Offset Randomization"] -.->
| may-harden | T1190["Exploit Public-Facing Application"] ;
class SegmentAddressOffsetRandomization DefensiveTechniqueNode;
class ProcessSegment ArtifactNode;
click SegmentAddressOffsetRandomization href "../../../technique/d3f:SegmentAddressOffsetRandomization"; ProcessSegmentExecutionPrevention["Process Segment Execution Prevention"] -->
| neutralizes | ProcessSegment["Process Segment"];
ProcessSegmentExecutionPrevention["Process Segment Execution Prevention"] -.->
| may-harden | T1190["Exploit Public-Facing Application"] ;
class ProcessSegmentExecutionPrevention DefensiveTechniqueNode;
class ProcessSegment ArtifactNode;
click ProcessSegmentExecutionPrevention href "../../../technique/d3f:ProcessSegmentExecutionPrevention"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.->
| may-detect | T1190["Exploit Public-Facing Application"] ;
class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click UserGeolocationLogonPatternAnalysis href "../../../technique/d3f:UserGeolocationLogonPatternAnalysis"; NetworkTrafficFiltering["Network Traffic Filtering"] -->
| filters | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
NetworkTrafficFiltering["Network Traffic Filtering"] -.->
| may-isolate | T1190["Exploit Public-Facing Application"] ;
class NetworkTrafficFiltering DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click NetworkTrafficFiltering href "../../../technique/d3f:NetworkTrafficFiltering"; InboundTrafficFiltering["Inbound Traffic Filtering"] -->
| filters | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
InboundTrafficFiltering["Inbound Traffic Filtering"] -.->
| may-isolate | T1190["Exploit Public-Facing Application"] ;
class InboundTrafficFiltering DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click InboundTrafficFiltering href "../../../technique/d3f:InboundTrafficFiltering";