Attack path: CVE-2026-56236
Where this CVE sits in the complete attacker lifecycle.
0 techniques directly attributed and 6 inferred, across 2 phases. Each technique shows its mapping confidence; follow-on techniques come from shared-actor co-occurrence.
Highlighted from CVE-2026-56236 · primary technique T1027.006
Reconnaissance
·
Persistence
Priv Escalation
Stealth
T1564.009
inferred
Resource Forking
T1574.010
inferred
Services File Permissions Weakness
T1027.006
inferred
HTML Smuggling
T1574.005
inferred
Executable Installer File Permissions Weakness
✓ detection content available
T1027.009
inferred
Embedded Payloads
✓ detection content available
T1221
14.6x
Template Injection
✓ detection content available
T1542.003
9.3x
Bootkit
✓ detection content available
T1218.010
9.1x
Regsvr32
✓ detection content available
Defense Impairment
·
Credential Access
Discovery
·
Lateral Movement
·
Collection
C2
·
Exfiltration
·
Impact
·
Want your real detection gaps for this chain?
Declare your detection stack - your rules, telemetry, and techniques - and we will show exactly which of these techniques you cannot see. We do not grade you against a public rule corpus, only against what you actually run.
Direct - an ATT&CK/nuclei source names this CVE
Inferred - derived via CWE/CAPEC (lower confidence, may be off)
Likely follow-on (shared-actor co-occurrence)
✓We hold public detection content
Lift = how strongly a follow-on co-occurs with this CVE across shared threat actors (1x expected, 5x highly distinctive).
Hunt package
All 23 techniques in this view - Sigma rules, Atomic tests, and coverage in one place.