Exploit Public-Facing Application (T1190)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Exploit Public-Facing Application

Associated Tactics

  • Initial Access

Initial Access (TA0001)

The adversary is trying to get into your network. Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through initial access may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords.

View on ATT&CK

Procedure Examples

Description Source(s)
Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.. (2011, September 13). 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Retrieved April 10, 2019. CWE top 25
CIS. (2017, May 15). Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution. Retrieved April 3, 2018. CIS Multiple SMB Vulnerabilities
Greenberg, A. (2022, November 10). Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless. Retrieved March 22, 2023. Wired Russia Cyberwar
Marvi, A. et al.. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved March 22, 2023. Mandiant Fortinet Zero Day
National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018. NVD CVE-2016-6662
National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018. NVD CVE-2014-7169
Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020. Cisco Blog Legacy Device Attacks
OWASP. (2018, February 23). OWASP Top Ten Project. Retrieved April 3, 2018. OWASP Top 10
US-CERT. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020. US-CERT TA18-106A Network Infrastructure Devices 2018