Adversary-in-the-Middle
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.mitre.org/techniques/T1040), [Transmitted Data Manipulation](https://attack.mitre.org/techniques/T1565/002), or replay attacks ([Exploitation for Credential Access](https://attack.mitre.org/techniques/T1212)). By abusing features of common networking protocols that can determine the flow of ...
BY SOURCE
PROCEDURES (31)
Auto-extracted: 3 detections for brute force
Auto-extracted: 3 detections for network connection monitoring
Auto-extracted: 2 detections for suspicious
Auto-extracted: 2 detections for cloud
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for authentication monitoring
Auto-extracted: 1 detections for dns
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for process creation monitoring
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for general monitoring
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for brute force
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for base64
Auto-extracted: 1 detections for kerbero
Auto-extracted: 1 detections for http
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for script execution monitoring
Auto-extracted: 1 detections for lateral
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for base64