Mapea rutas de ataque. Encuentra el siguiente paso.
Un registro comunitario de kill-chains, indexado por MITRE ATT&CK. Explora rutas como grafos, envía las tuyas y obtén sugerencias sobre la posible continuación.
Pick a technique you’ve achieved — the manual will surface what usually comes next.
Powered by co-occurrence across 6+ approved dossiers.
Disagree with the manual? Add your own dossier to the registry — it will sharpen the next consultation.
Recent dossiers
View all →- Nº 0015 steps
5G core GTP-U user-plane injection → subscriber MITM
Attacker on a transit network between mobile-core hops (or with compromised UPF). GTP-U packets are typically unfiltered between PEs; inject packets into subscriber bearers — credential capture, free-of-charge tunnels, downstream attacks.
- Nº 0025 steps
TRITON-class SIS reprogram → disable safety shutdown
After OT-network foothold, reach a Triconex Safety Instrumented System. Download attacker logic that suppresses safety trips on a process that's about to be pushed past its safe envelope.
- Nº 0036 steps
Multi-agent confused-deputy → tool-call escalation
User-facing agent has limited tools; back-end planning agent has powerful tools (shell, file system). Prompt injection in user input → user agent → back-end agent. The back-end runs the attacker's intent under the planner's higher trust.
- Nº 0046 steps
Malicious MCP server → silent supply chain for agent tools
User installs an MCP server marketed as a useful integration. Every subsequent agent session has the rogue server in scope — its tools log prompts, exfil files, or inject responses to bias the agent.
- Nº 0055 steps
IMSI catcher → force 2G downgrade → SMS / call intercept
Operate a rogue base station in the target area. Phones associate; force fallback to 2G where no mutual auth is required. Intercept SMS OTPs, sniff voice calls, push notifications fail silently.
- Nº 0066 steps
Industroyer2 IEC-104 substation hijack
Timed payload speaks IEC-60870-5-104 to substation RTUs at attacker-chosen hour; sends 'open breaker' commands across a substation, blackouts a grid section.