T1133Initial Access

External Remote Services

Use VPNs, Citrix, RDP, etc. exposed externally.

§ Where this technique fits

T1133 is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

Authoritative reference: attack.mitre.org/techniques/T1133/.

§ Dossiers chaining this technique

POS network pivot → RAM-scraper → card data exfil
The Target 2013 / Home Depot 2014 chain: vendor foothold → flat payment-switch VLAN → drop a memory-scraping malware on POS terminals → exfil track data through a payment-switch host.
step 2 / 7

§ What commonly comes next

01
Payment-Switch Network Pivot
POS-PAYMENT-SWITCH · Lateral Movement
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

POS network pivot → RAM-scraper → card data exfil

§ What commonly comes next