Skip to content

Initial Access

Case Studies

The MITRE ATT&CK website contains a number of real cases where each technique has been used. The examples listed here are just a bunch of further examples, particularly interesting because they illustrate all the intrusion steps that followed Initial Access.

Phishing

Just two resources (I am not even trying to provide a link to relevant incidents; I would not know where to start):

Secure email (SPF, DKIM, DMARC)

These are very interesting topics but not part of this course.

Trusted Relationship - Case Studies

Also look at the "Procedure examples" in the MITRE ATT&CK technique.

Supply Chain Compromise

Case Studies

Also look at the References in the MITRE ATT&CK technique (and their sub-techniques).

SolarWinds

A major incident with national security implications.

Linux xz compression library

Over a period of over two years, an attacker worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership. Using that access, they installed a very subtle, carefully hidden backdoor into liblzma, a part of xz that also happens to be a dependency of OpenSSH sshd on Debian, Ubuntu, Fedora, and other systemd-based Linux systems. That backdoor gives the attacker the ability to run an arbitrary command on the target system without logging in: unauthenticated, targeted remote code execution.

This attack was publicly disclosed on March 29, 2024 and it marks a watershed moment in open source supply chain security.

Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone...BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”

Interesting examples

Software development

You develop software and you could unwillingly distribute malicious software to your customers:

Firmware and routers

National Security

Defense

Analyses