T0820: Exploitation for Evasion
Essential information
- MITRE technique ID
T0820- Confidence
- 100/100
- Revoked
- No
- Published
- 21/05/2020 19:43
- Modified
- 27/03/2026 01:44
- Author / Source
- The MITRE Corporation
Description
Adversaries may exploit a software vulnerability to take advantage of a programming error in a program, service, or within the operating system software or kernel itself to evade detection. Vulnerabilities may exist in software that can be used to disable or circumvent security features.
Adversaries may have prior knowledge through [Remote System Information Discovery](https://attack.mitre.org/techniques/T0888) about security features implemented on control devices. These device security features will likely be targeted directly for exploitation. There are examples of firmware RAM/ROM consistency checks on control devices being targeted by adversaries to enable the installation of malicious [System Firmware](https://attack.mitre.org/techniques/T0857).
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-ics-attack | evasion |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.