Attack

T9 Attack is plans to reveal and share 9 scenarios twice a year. (Number of attack scenarios may change)

The attacks created a single attack scenario (One Layer) based on MITER ATT&CK TTPs. and attack code is divided into 9, and the first T9 is the 9th attack made that year, and is organized as follows in order of the year it was created.

For example, if the example above “T9-23-01-S-N-A” is Path Traversal Attack, the attack tool that performs Path Traversal Attack will be ready in the Attacker environment and web server for Path Traversal Attack and system that can collect attack log will be established in Victim environment.

* T9-23–01–S–N–A
: 23 (year)
: 01 (between 1~N, if the data is the first data released in 2023, the number will be 1)
: S (S: Single Attack, M: Multi Attack)
: N (N: Network, E: EndPoint , NE: Network/EndPoint)
: A (Based on 14 MITRE ATT&CK tactics, the first tactic(Reconnaissance) lettered A and the last tactic (Impact) lettered N. Can be repeated)

[Alphabet match with 14 tatics]
A	B	C	D	E	F	G
Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion
H	I	J	K	L	M	N
Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact

We configured a separate environment to perform the attack. The environment was configured to be vulnerable using Virtual Machines and Docker, and a scenario was created to attack the vulnerability.
We collect logs generated from attack packets and EndPoint, and share the logs and attack environment.

2024

※ Click on the attack name to see a description and scenario for the attack