TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Test signature detection for file upload/email filters
Test signature detection for file upload/email filters
An adversary can test their planned method of attack against existing security products such as email filters or intrusion detection sensors (IDS). [1]
ID: T1361
Sub-techniques:
No sub-techniques
Tactic:
Test Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Use of sites like [https://www.virustotal.com VirusTotal] to test signature detection often occurs to test detection. Defender can also look for newly added uploads as a precursor to an adversary's launch of an attack.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Current open source technologies and websites exist to facilitate adversary testing of malware against signatures.
References
- Kim Zetter. (14, September 2). A Google Site Meant to Protect You Is Helping Hackers Attack You. Retrieved March 9, 2017.
×