Yakubu Bello – Cyber Security Expert

Description:
Detects successful directory traversal or sensitive file access attempts (e.g., web.config, passwd) that passed inspection and received a 2xx response. Indicates exposure of configuration or credential data.
MITRE ATT&CK:

TA0001 Initial Access | T1190 Exploit Public-Facing Application

TA0009 Collection | T1005 Data from Local System
IRS Pub 1075 Alignment:

IR-5, IR-6, AC-3 (Access Enforcement), AU-2, SC-7, SI-4, SI-7

Description:
Detects successful SQL injection attempts that passed validation and returned a 2xx response. Indicates unauthorized database access or manipulation.
MITRE ATT&CK:

TA0001 Initial Access | T1190 Exploit Public-Facing Application

TA0007 Discovery | T1046 Network Service Scanning
IRS Pub 1075 Alignment:

IR-5, IR-6, AC-6 (Least Privilege), AU-2, AU-6, SC-7, SI-4

Description:
Detects abnormal HTTP methods (PUT, DELETE, TRACE, OPTIONS) used by unknown sources, suggesting probing or exploitation of misconfigured endpoints.
MITRE ATT&CK:

TA0001 Initial Access | T1190 Exploit Public-Facing Application

TA0007 Discovery | T1046 Network Service Scanning
IRS Pub 1075 Alignment:

IR-5, IR-6, AC-17, AU-2, SC-7, SI-4

Description:
Detects successful bypass of web application firewall signatures where malicious requests passed inspection and received a 2xx response. Indicates evasion of security controls and potential exploitation of public-facing applications.
MITRE ATT&CK:

TA0001 Initial Access | T1190 Exploit Public-Facing Application

TA0005 Defense Evasion | T1562 Impair Defenses
IRS Pub 1075 Alignment:

IR-5 (Incident Monitoring), IR-6 (Incident Reporting), AC-17 (Remote Access), AU-6 (Audit Review), SC-7 (Boundary Protection), SI-4 (System Monitoring)

Related Articles

Want to Be a SOC Analyst or Threat Hunter? Part 6

Want to Be a SOC Analyst or Threat Hunter? Part 5

Want to Be a SOC Analyst or Threat Hunter? Part 4

Leave a Comment Cancel Reply

Copyright © 2025 Yakubu Bello - Cyber Security Expert