Skip to content
SynAc
Tag

Application Security

Web/app vulnerabilities and secure coding concepts.

  1. Access Complexity/term/access-complexity

    reflects the complexity of the attack required to exploit the software feature misuse vulnerability.

  2. Access Vector/term/access-vector

    reflects the access required to exploit the vulnerability.

  3. active attack/term/active-attack

    An attack on a secure communication protocol where the attacker transmits data to the claimant, Credential Service Provider (CSP), verifier, or Relying Party (RP). Examples of active attacks include man in the middle (MitM), impersonation, and session hijacking.

  4. Artificial Intelligence/term/artificial-intelligence

    Adversaries may obtain access to generative artificial intelligence tools, such as large language models (LLMs), to aid various techniques during targeting. These tools may be used to inform, bolster, and enable a variety of malicious tasks, including conducting Reconnaissance, creating basic scripts, assisting social engineering, and even developing payloads.(Citation: MSFT AI)

  5. Cloud Instance Metadata API/term/cloud-instance-metadata-api

    Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.

  6. Denial of Service/term/denial-of-service

    A denial of service (DoS) attack attempts to make a system or network unavailable to legitimate users.

  7. Embedded Payloads/term/embedded-payloads

    Adversaries may embed payloads within other files to conceal malicious content from defenses. Otherwise seemingly benign files (such as scripts and executables) may be abused to carry and obfuscate malicious payloads and content. In some cases, embedded payloads may also enable adversaries to Subvert Trust Controls by not impacting execution controls such as digital signatures and notarization tickets.(Citation: Sentinel Labs)

  8. Extra Window Memory Injection/term/extra-window-memory-injection

    Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.

  9. Fileless Storage/term/fileless-storage

    Adversaries may store data in "fileless" formats to conceal malicious activity from defenses. Fileless storage can be broadly defined as any format other than a file. Common examples of non volatile fileless storage in Windows systems include the Windows Registry, event logs, or WMI repository.(Citation: Microsoft Fileless)(Citation: SecureList Fileless) Shared memory directories on Linux systems ( , , , and ) and volatile directories on Network Devices ( and ) may also be considered fileless storage, as files written to these directories are mapped directly to RAM and not stored on the disk.(Citation: Elastic Binary Executed from Shared Memory Directory)(Citation: Akami Frog4Shell 2024)(Citation: Aquasec Muhstik Malware 2024)(Citation: Bitsight 7777 Botnet)(Citation: CISCO Nexus 900 Config).

  10. Mavinject/term/mavinject

    Adversaries may abuse mavinject.exe to proxy execution of malicious code. Mavinject.exe is the Microsoft Application Virtualization Injector, a Windows utility that can inject code into external processes as part of Microsoft Application Virtualization (App V).(Citation: LOLBAS Mavinject)

  11. Network Devices/term/network-devices

    Adversaries may compromise third party network devices that can be used during targeting. Network devices, such as small office/home office (SOHO) routers, may be compromised where the adversary's ultimate goal is not Initial Access to that environment, but rather to leverage these devices to support additional targeting.