2020Threat Detection Report
Demo
  • Getting Started
  • Techniques
  • Industries
  • Summary
Top 10 Techniques
  • #1 Process Injection
  • #2 Scheduled Task
  • #3 Windows Admin Shares
  • #4 PowerShell
  • #5 Remote File Copy

  • #6 Masquerading
  • #7 Scripting
  • #8 DLL Search Order Hijacking
  • #9 Domain Trust Discovery
  • #10 Disabling Security Tools
Additional Research
  • Credential Dumping
  • WMI
  • Spearphishing Attachment
Products
  • Managed Detection & Response
  • Alert Center
  • Cloud Workload Protection
  • Open Source Detection Testing
Solutions
  • Endpoint Detection & Response
  •   MDR for Microsoft
  •   MDR for VMware Carbon Black
  •   MDR for Crowdstrike
  • Network
  • Cloud

Product Demo

Request a Demo to see how Red Canary helps you shut down attacks.

Your Security Ally
  • Our Story
  • Customer Case Studies
  • Education for the Security Community
  • Why MDR?
Community
  • Atomic Red Team
  • Join us on Slack
  • Surveyor
  • Invoke-Atomic

Compare

Learn why more select Red Canary for security operations.

Research & Training
  • Blog
  • Guides & Overviews
  • Video Demos
  • Events & Webinars
  • Customer Help Center
Popular Topics
  • MSSP vs. MDR
  • Detection and Response
  • MITRE ATT&CK
  • Security Operations
  • Testing and Measurement
  • Incident Response Planning

Blog

Sharpen your skills with the latest information, security articles, and insights.

Get To Know Us
  • About
  • News & Press
  • Upcoming Events
  • Careers - We're Hiring!

Contact Us

How can we help you? Reach out to our team and we'll get in touch.

  • Getting Started
  • Techniques
  • Industries
  • Summary
Demo
 

Threat Detection Report

Top Techniques

This chart illustrates how often each ATT&CK technique is leveraged in a confirmed threat in our customers' environments. Click on the techniques with arrows to navigate directly to a section including unique analysis and detection strategies for that technique.

 
 
T1055
Process Injection (17% of total threats)
 
 
T1053
Scheduled Task (13%)
 
 
T1077
Windows Admin Shares (13%)
 
 
T1086
PowerShell (12%)
 
 
T1105
Remote File Copy (9%)
 
 
T1036
Masquerading (7%)
 
 
T1064
Scripting (5%)
 
 
T1038
DLL Search Order Hijacking (5%)
 
 
T1482
Domain Trust Discovery (5%)
 
 
T1089
Disabling Security Tools (5%)
 
 
T1003
Credential Dumping (5%)
 
 
T1035
Service Execution (4%)
 
 
T1047
Windows Management Instrumentation (4%)
 
 
T1085
Rundll32 (3%)
 
 
T1140
Deobfuscate/Decode Files or Information (2%)
 
 
T1093
Process Hollowing (2%)
 
 
T1015
Accessibility Features (2%)
 
 
T1168
Local Job Scheduling (2%)
 
 
T1170
Mshta (2%)
 
 
T1193
Spearphishing Attachment (2%)
 
 
Our website uses cookies to provide you with a better browsing experience. More information can be found in our Privacy Policy.
Accept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.