Web

Name Technique Datamodel
Confluence Unauthenticated Remote Code Execution CVE-2022-26134 Server Software Component, Exploit Public-Facing Application Endpoint
Detect F5 TMUI RCE CVE-2020-5902 Exploit Public-Facing Application None
Detect attackers scanning for vulnerable JBoss servers System Information Discovery Web
Detect malicious requests to exploit JBoss servers None Web
Exploit Public Facing Application via Apache Commons Text Web Shell, Server Software Component, Exploit Public-Facing Application Web
Fortinet Appliance Auth bypass Exploit Public-Facing Application Web
Log4Shell JNDI Payload Injection Attempt Exploit Public-Facing Application Web
Log4Shell JNDI Payload Injection with Outbound Connection Exploit Public-Facing Application Network_Traffic, Web
Monitor Web Traffic For Brand Abuse None Web
ProxyShell ProxyNotShell Behavior Detected Exploit Public-Facing Application Risk
SQL Injection with Long URLs Exploit Public-Facing Application Web
Spring4Shell Payload URL Request Web Shell, Server Software Component, Exploit Public-Facing Application Web
Supernova Webshell Web Shell Web
VMware Server Side Template Injection Hunt Exploit Public-Facing Application Web
VMware Workspace ONE Freemarker Server-side Template Injection Exploit Public-Facing Application Web
Web JSP Request via URL Web Shell, Server Software Component, Exploit Public-Facing Application Web
Web Spring Cloud Function FunctionRouter Exploit Public-Facing Application Web
Web Spring4Shell HTTP Request Class Module Exploit Public-Facing Application Web
Windows Exchange Autodiscover SSRF Abuse Exploit Public-Facing Application Web

Endpoint

Living Off The Land

Ingress Tool Transfer, Exploit Public-Facing Application, Command and Scripting Interpreter

Detect SharpHound Usage

Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery

CMD Echo Pipe - Escalation

Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process

Back to Top ↑

Cloud

Back to Top ↑

Deprecated

Back to Top ↑

Application

Back to Top ↑

Network

Detect ARP Poisoning

Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning

Back to Top ↑

Web

Back to Top ↑