Home/Compliance/Report
Threat-informed report

iso-27001-2022 - threat & detection coverage

Generated 2026-06-04 04:15 UTC from TTPI engine data
This report maps iso-27001-2022 controls to the MITRE ATT&CK techniques they address, then checks each technique against our detection corpus (Sigma, CAR, IDS, YARA, Falco). It shows, control by control, what attacks each control is meant to stop and whether those attacks are actually detectable today. Use it as the threat-informed backbone of an audit response or pentest report.

Coverage Summary

19
threat-mapped controls
204
ATT&CK techniques addressed
138
techniques we can detect
67%
detection coverage
Coverage = of the distinct techniques mapped to this framework, the share for which we hold at least one detection rule. Gaps below list controls with zero detection coverage - the priority remediation set.

Organizational

82/114 techniques covered
A.5.14 Information transfer 46/64 detectable
T1020.001 · Traffic DuplicationT1021 · Remote Services ✓T1021.001 · Remote Desktop Protocol ✓T1021.004 · SSH ✓T1021.007 · Cloud Services ✓T1021.008 · Direct Cloud VM ConnectionsT1041 · Exfiltration Over C2 Channel ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1070.008 · Clear Mailbox DataT1072 · Software Deployment Tools ✓T1078.002 · Domain Accounts ✓T1078.004 · Cloud Accounts ✓T1098.001 · Additional Cloud Credentials ✓T1098.002 · Additional Email Delegate PermissionsT1098.003 · Additional Cloud Roles ✓T1098.004 · SSH Authorized Keys ✓T1098.005 · Device Registration ✓T1110 · Brute Force ✓T1110.001 · Password Guessing ✓T1110.002 · Password Cracking ✓T1110.003 · Password SprayingT1110.004 · Credential StuffingT1111 · Multi-Factor Authentication InterceptionT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1133 · External Remote Services ✓T1134.005 · SID-History Injection ✓T1136 · Create Account ✓T1136.001 · Local Account ✓T1136.002 · Domain Account ✓T1136.003 · Cloud Account ✓T1200 · Hardware Additions ✓T1505.005 · Terminal Services DLL ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1539 · Steal Web Session Cookie ✓T1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.004 · Private Keys ✓T1552.005 · Cloud Instance Metadata API ✓T1555 · Credentials from Password Stores ✓T1556 · Modify Authentication Process ✓T1556.001 · Domain Controller AuthenticationT1556.003 · Pluggable Authentication ModulesT1556.004 · Network Device Authentication ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1567 · Exfiltration Over Web Service ✓T1567.001 · Exfiltration to Code Repository ✓T1567.002 · Exfiltration to Cloud Storage ✓T1578.005 · Modify Cloud Compute ConfigurationsT1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
A.5.16 Identity management 4/4 detectable
T1078 · Valid Accounts ✓T1078.002 · Domain Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓
A.5.18 Access rights 4/4 detectable
T1078 · Valid Accounts ✓T1078.002 · Domain Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓
A.5.33 Protection of records 20/34 detectable
T1003 · OS Credential Dumping ✓T1003.003 · NTDS ✓T1020.001 · Traffic DuplicationT1040 · Network Sniffing ✓T1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1213.004 · Customer Relationship Management SoftwareT1530 · Data from Cloud StorageT1548 · Abuse Elevation Control Mechanism ✓T1548.004 · Elevated Execution with PromptT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.004 · Private Keys ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1557.004 · Evil TwinT1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1558.005 · Ccache FilesT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
A.5.7 Threat intelligence 8/8 detectable
T1068 · Exploitation for Privilege Escalation ✓T1190 · Exploit Public-Facing Application ✓T1195 · Supply Chain Compromise ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.002 · Compromise Software Supply Chain ✓T1210 · Exploitation of Remote Services ✓T1211 · Exploitation for Stealth ✓T1212 · Exploitation for Credential Access ✓

People

82/118 techniques covered
A.6.7 Remote working 82/118 detectable
T1020.001 · Traffic DuplicationT1021 · Remote Services ✓T1021.001 · Remote Desktop Protocol ✓T1021.002 · SMB/Windows Admin Shares ✓T1021.003 · Distributed Component Object Model ✓T1021.004 · SSH ✓T1021.005 · VNC ✓T1021.006 · Windows Remote Management ✓T1021.007 · Cloud Services ✓T1021.008 · Direct Cloud VM ConnectionsT1037 · Boot or Logon Initialization Scripts ✓T1037.001 · Logon Script (Windows) ✓T1040 · Network Sniffing ✓T1041 · Exfiltration Over C2 Channel ✓T1047 · Windows Management Instrumentation ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1059 · Command and Scripting Interpreter ✓T1059.001 · PowerShell ✓T1059.002 · AppleScript ✓T1059.003 · Windows Command Shell ✓T1059.004 · Unix Shell ✓T1059.005 · Visual Basic ✓T1059.006 · Python ✓T1059.007 · JavaScript ✓T1059.008 · Network Device CLIT1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1072 · Software Deployment Tools ✓T1078.002 · Domain Accounts ✓T1078.004 · Cloud Accounts ✓T1098.001 · Additional Cloud Credentials ✓T1098.002 · Additional Email Delegate PermissionsT1098.003 · Additional Cloud Roles ✓T1098.004 · SSH Authorized Keys ✓T1098.005 · Device Registration ✓T1110 · Brute Force ✓T1110.001 · Password Guessing ✓T1110.002 · Password Cracking ✓T1110.003 · Password SprayingT1110.004 · Credential StuffingT1111 · Multi-Factor Authentication InterceptionT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1127.002 · ClickOnceT1133 · External Remote Services ✓T1134.005 · SID-History Injection ✓T1136 · Create Account ✓T1136.001 · Local Account ✓T1136.002 · Domain Account ✓T1136.003 · Cloud Account ✓T1137 · Office Application Startup ✓T1137.002 · Office Test ✓T1200 · Hardware Additions ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.005 · Messaging ApplicationsT1219 · Remote Access Tools ✓T1505.004 · IIS Components ✓T1505.005 · Terminal Services DLL ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1539 · Steal Web Session Cookie ✓T1543 · Create or Modify System Process ✓T1547.003 · Time Providers ✓T1547.004 · Winlogon Helper DLL ✓T1547.009 · Shortcut Modification ✓T1547.012 · Print ProcessorsT1547.013 · XDG Autostart EntriesT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.005 · Cloud Instance Metadata API ✓T1552.007 · Container API ✓T1555 · Credentials from Password Stores ✓T1556 · Modify Authentication Process ✓T1556.001 · Domain Controller AuthenticationT1556.003 · Pluggable Authentication ModulesT1556.004 · Network Device Authentication ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1563 · Remote Service Session HijackingT1563.001 · SSH HijackingT1563.002 · RDP Hijacking ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1567 · Exfiltration Over Web Service ✓T1567.001 · Exfiltration to Code Repository ✓T1567.002 · Exfiltration to Cloud Storage ✓T1567.003 · Exfiltration to Text Storage SitesT1567.004 · Exfiltration Over WebhookT1578.005 · Modify Cloud Compute ConfigurationsT1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration DumpT1609 · Container Administration Command ✓T1610 · Deploy Container ✓T1612 · Build Image on HostT1613 · Container and Resource Discovery ✓T1619 · Cloud Storage Object Discovery ✓T1647 · Plist File ModificationT1651 · Cloud Administration CommandT1659 · Content Injection

Physical

20/34 techniques covered
A.7.14 Secure disposal or re-use of equipment 20/34 detectable
T1003 · OS Credential Dumping ✓T1003.003 · NTDS ✓T1020.001 · Traffic DuplicationT1040 · Network Sniffing ✓T1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1213.004 · Customer Relationship Management SoftwareT1530 · Data from Cloud StorageT1548 · Abuse Elevation Control Mechanism ✓T1548.004 · Elevated Execution with PromptT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.004 · Private Keys ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1557.004 · Evil TwinT1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1558.005 · Ccache FilesT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump

Technological

237/377 techniques covered
A.8.1 User endpoint devices 26/42 detectable
T1003 · OS Credential Dumping ✓T1003.001 · LSASS Memory ✓T1003.002 · Security Account Manager ✓T1003.003 · NTDS ✓T1003.004 · LSA Secrets ✓T1003.005 · Cached Domain Credentials ✓T1003.006 · DCSync ✓T1003.007 · Proc FilesystemT1003.008 · /etc/passwd and /etc/shadowT1005 · Data from Local System ✓T1025 · Data from Removable MediaT1041 · Exfiltration Over C2 Channel ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.004 · Customer Relationship Management SoftwareT1213.005 · Messaging ApplicationsT1530 · Data from Cloud StorageT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.003 · Shell History ✓T1552.004 · Private Keys ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.003 · Runtime Data ManipulationT1567 · Exfiltration Over Web Service ✓T1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
A.8.11 Data masking 26/42 detectable
T1003 · OS Credential Dumping ✓T1003.001 · LSASS Memory ✓T1003.002 · Security Account Manager ✓T1003.003 · NTDS ✓T1003.004 · LSA Secrets ✓T1003.005 · Cached Domain Credentials ✓T1003.006 · DCSync ✓T1003.007 · Proc FilesystemT1003.008 · /etc/passwd and /etc/shadowT1005 · Data from Local System ✓T1025 · Data from Removable MediaT1041 · Exfiltration Over C2 Channel ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.004 · Customer Relationship Management SoftwareT1213.005 · Messaging ApplicationsT1530 · Data from Cloud StorageT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.003 · Shell History ✓T1552.004 · Private Keys ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.003 · Runtime Data ManipulationT1567 · Exfiltration Over Web Service ✓T1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
A.8.12 Data leakage prevention 20/34 detectable
T1003 · OS Credential Dumping ✓T1003.003 · NTDS ✓T1020.001 · Traffic DuplicationT1040 · Network Sniffing ✓T1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1213.004 · Customer Relationship Management SoftwareT1530 · Data from Cloud StorageT1548 · Abuse Elevation Control Mechanism ✓T1548.004 · Elevated Execution with PromptT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.004 · Private Keys ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1557.004 · Evil TwinT1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1558.005 · Ccache FilesT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
A.8.14 Redundancy of information processing facilities 8/12 detectable
T1485 · Data Destruction ✓T1485.001 · Lifecycle-Triggered DeletionT1486 · Data Encrypted for Impact ✓T1490 · Inhibit System Recovery ✓T1491 · DefacementT1491.001 · Internal Defacement ✓T1491.002 · External DefacementT1561 · Disk WipeT1561.001 · Disk Content Wipe ✓T1561.002 · Disk Structure Wipe ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓
A.8.19 Installation of software on operational systems 28/33 detectable
T1021.005 · VNC ✓T1059 · Command and Scripting Interpreter ✓T1059.006 · Python ✓T1072 · Software Deployment Tools ✓T1176 · Software ExtensionsT1195 · Supply Chain Compromise ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.002 · Compromise Software Supply Chain ✓T1218 · System Binary Proxy Execution ✓T1218.001 · Compiled HTML File ✓T1218.002 · Control Panel ✓T1218.003 · CMSTP ✓T1218.004 · InstallUtilT1218.005 · Mshta ✓T1218.008 · Odbcconf ✓T1218.009 · Regsvcs/Regasm ✓T1218.012 · VerclsidT1218.013 · Mavinject ✓T1218.014 · MMC ✓T1505 · Server Software Component ✓T1505.001 · SQL Stored Procedures ✓T1505.002 · Transport Agent ✓T1505.004 · IIS Components ✓T1543 · Create or Modify System Process ✓T1543.001 · Launch Agent ✓T1543.002 · Systemd Service ✓T1543.003 · Windows Service ✓T1543.004 · Launch Daemon ✓T1547.013 · XDG Autostart EntriesT1550.001 · Application Access Token ✓T1564.009 · Resource ForkingT1569 · System Services ✓T1569.001 · Launchctl ✓
A.8.22 Segregation of networks 1/1 detectable
T1590.002 · DNS ✓
A.8.24 Use of cryptography 29/50 detectable
T1003 · OS Credential Dumping ✓T1003.001 · LSASS Memory ✓T1003.002 · Security Account Manager ✓T1003.003 · NTDS ✓T1003.004 · LSA Secrets ✓T1003.005 · Cached Domain Credentials ✓T1003.006 · DCSync ✓T1003.007 · Proc FilesystemT1003.008 · /etc/passwd and /etc/shadowT1005 · Data from Local System ✓T1025 · Data from Removable MediaT1041 · Exfiltration Over C2 Channel ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1072 · Software Deployment Tools ✓T1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1098.004 · SSH Authorized Keys ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.004 · Customer Relationship Management SoftwareT1213.005 · Messaging ApplicationsT1521.003T1530 · Data from Cloud StorageT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.003 · Shell History ✓T1552.004 · Private Keys ✓T1557.004 · Evil TwinT1563.001 · SSH HijackingT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.003 · Runtime Data ManipulationT1567 · Exfiltration Over Web Service ✓T1573 · Encrypted Channel ✓T1573.001 · Symmetric CryptographyT1573.002 · Asymmetric CryptographyT1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
A.8.26 Application security requirements 21/34 detectable
T1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1134.005 · SID-History Injection ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.003 · Compromise Hardware Supply ChainT1213.003 · Code Repositories ✓T1495 · Firmware Corruption ✓T1505 · Server Software Component ✓T1505.001 · SQL Stored Procedures ✓T1505.002 · Transport Agent ✓T1505.004 · IIS Components ✓T1528 · Steal Application Access Token ✓T1542 · Pre-OS BootT1542.001 · System Firmware ✓T1542.003 · Bootkit ✓T1542.004 · ROMMONkitT1542.005 · TFTP BootT1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.006 · Group Policy Preferences ✓T1553 · Subvert Trust Controls ✓T1553.006 · Code Signing Policy ModificationT1558.004 · AS-REP RoastingT1559.003 · XPC ServicesT1574.002 · DLL Side-LoadingT1601 · Modify System ImageT1601.001 · Patch System ImageT1601.002 · Downgrade System ImageT1612 · Build Image on HostT1647 · Plist File Modification
A.8.27 Secure system architecture and engineering principles 21/34 detectable
T1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1134.005 · SID-History Injection ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.003 · Compromise Hardware Supply ChainT1213.003 · Code Repositories ✓T1495 · Firmware Corruption ✓T1505 · Server Software Component ✓T1505.001 · SQL Stored Procedures ✓T1505.002 · Transport Agent ✓T1505.004 · IIS Components ✓T1528 · Steal Application Access Token ✓T1542 · Pre-OS BootT1542.001 · System Firmware ✓T1542.003 · Bootkit ✓T1542.004 · ROMMONkitT1542.005 · TFTP BootT1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.006 · Group Policy Preferences ✓T1553 · Subvert Trust Controls ✓T1553.006 · Code Signing Policy ModificationT1558.004 · AS-REP RoastingT1559.003 · XPC ServicesT1574.002 · DLL Side-LoadingT1601 · Modify System ImageT1601.001 · Patch System ImageT1601.002 · Downgrade System ImageT1612 · Build Image on HostT1647 · Plist File Modification
A.8.28 Secure coding 21/34 detectable
T1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1134.005 · SID-History Injection ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.003 · Compromise Hardware Supply ChainT1213.003 · Code Repositories ✓T1495 · Firmware Corruption ✓T1505 · Server Software Component ✓T1505.001 · SQL Stored Procedures ✓T1505.002 · Transport Agent ✓T1505.004 · IIS Components ✓T1528 · Steal Application Access Token ✓T1542 · Pre-OS BootT1542.001 · System Firmware ✓T1542.003 · Bootkit ✓T1542.004 · ROMMONkitT1542.005 · TFTP BootT1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.006 · Group Policy Preferences ✓T1553 · Subvert Trust Controls ✓T1553.006 · Code Signing Policy ModificationT1558.004 · AS-REP RoastingT1559.003 · XPC ServicesT1574.002 · DLL Side-LoadingT1601 · Modify System ImageT1601.001 · Patch System ImageT1601.002 · Downgrade System ImageT1612 · Build Image on HostT1647 · Plist File Modification
A.8.29 Security testing in development and acceptance 21/34 detectable
T1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1134.005 · SID-History Injection ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.003 · Compromise Hardware Supply ChainT1213.003 · Code Repositories ✓T1495 · Firmware Corruption ✓T1505 · Server Software Component ✓T1505.001 · SQL Stored Procedures ✓T1505.002 · Transport Agent ✓T1505.004 · IIS Components ✓T1528 · Steal Application Access Token ✓T1542 · Pre-OS BootT1542.001 · System Firmware ✓T1542.003 · Bootkit ✓T1542.004 · ROMMONkitT1542.005 · TFTP BootT1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.006 · Group Policy Preferences ✓T1553 · Subvert Trust Controls ✓T1553.006 · Code Signing Policy ModificationT1558.004 · AS-REP RoastingT1559.003 · XPC ServicesT1574.002 · DLL Side-LoadingT1601 · Modify System ImageT1601.001 · Patch System ImageT1601.002 · Downgrade System ImageT1612 · Build Image on HostT1647 · Plist File Modification
A.8.32 Change management 15/27 detectable
T1072 · Software Deployment Tools ✓T1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.003 · Compromise Hardware Supply ChainT1213.003 · Code Repositories ✓T1495 · Firmware Corruption ✓T1505 · Server Software Component ✓T1505.001 · SQL Stored Procedures ✓T1505.002 · Transport Agent ✓T1505.004 · IIS Components ✓T1542 · Pre-OS BootT1542.001 · System Firmware ✓T1542.003 · Bootkit ✓T1542.004 · ROMMONkitT1542.005 · TFTP BootT1553 · Subvert Trust Controls ✓T1553.006 · Code Signing Policy ModificationT1559.003 · XPC ServicesT1564.009 · Resource ForkingT1574.002 · DLL Side-LoadingT1601 · Modify System ImageT1601.001 · Patch System ImageT1601.002 · Downgrade System ImageT1647 · Plist File Modification
Switch framework: NIST 800-53 · NIST CSF · CIS v8.1 · OWASP Web
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin