EXPLORE
Sign In
← Back to Explore
T1562.010

Downgrade Attack

Adversaries may downgrade or use a version of system features that may be outdated, vulnerable, and/or does not support updated security controls. Downgrade attacks typically take advantage of a system’s backward compatibility to force it into less secure modes of operation. Adversaries may downgrade and use various less-secure versions of features of a system, such as [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059)s or even network protocols that can be abused t...

WindowsLinuxmacOS
4
Detections
2
Sources
0
Threat Actors

BY SOURCE

3elastic1sigma

PROCEDURES (3)

Registry2 detections

Auto-extracted: 2 detections for registry

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

DETECTIONS (4)

LSA PPL Protection Disabled Via Reg.EXE
sigmahigh
Network-Level Authentication (NLA) Disabled
elasticlow
Potential HTTP Downgrade Attack
elasticlow
Potential NetNTLMv1 Downgrade Attack
elasticmedium