MITRE ATT&CK Technique
Description
Adversaries may develop exploits that can be used during targeting. An exploit takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer hardware or software. Rather than finding/modifying exploits from online or purchasing them from exploit vendors, an adversary may develop their own exploits.(Citation: NYTStuxnet) Adversaries may use information acquired via [Vulnerabilities](https://attack.mitre.org/techniques/T1588/006) to focus exploit development efforts. As part of the exploit development process, adversaries may uncover exploitable vulnerabilities through methods such as fuzzing and patch analysis.(Citation: Irongeek Sims BSides 2017) As with legitimate development efforts, different skill sets may be required for developing exploits. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's exploit development capabilities, provided the adversary plays a role in shaping requirements and maintains an initial degree of exclusivity to the exploit. Adversaries may use exploits during various phases of the adversary lifecycle (i.e. [Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190), [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203), [Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068), [Exploitation for Defense Evasion](https://attack.mitre.org/techniques/T1211), [Exploitation for Credential Access](https://attack.mitre.org/techniques/T1212), [Exploitation of Remote Services](https://attack.mitre.org/techniques/T1210), and [Application or System Exploitation](https://attack.mitre.org/techniques/T1499/004)).
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-10-01T01:48:15.511Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may develop exploits that can be used during '
'targeting. An exploit takes advantage of a bug or '
'vulnerability in order to cause unintended or unanticipated '
'behavior to occur on computer hardware or software. Rather '
'than finding/modifying exploits from online or purchasing '
'them from exploit vendors, an adversary may develop their own '
'exploits.(Citation: NYTStuxnet) Adversaries may use '
'information acquired via '
'[Vulnerabilities](https://attack.mitre.org/techniques/T1588/006) '
'to focus exploit development efforts. As part of the exploit '
'development process, adversaries may uncover exploitable '
'vulnerabilities through methods such as fuzzing and patch '
'analysis.(Citation: Irongeek Sims BSides 2017)\n'
'\n'
'As with legitimate development efforts, different skill sets '
'may be required for developing exploits. The skills needed '
'may be located in-house, or may need to be contracted out. '
'Use of a contractor may be considered an extension of that '
"adversary's exploit development capabilities, provided the "
'adversary plays a role in shaping requirements and maintains '
'an initial degree of exclusivity to the exploit.\n'
'\n'
'Adversaries may use exploits during various phases of the '
'adversary lifecycle (i.e. [Exploit Public-Facing '
'Application](https://attack.mitre.org/techniques/T1190), '
'[Exploitation for Client '
'Execution](https://attack.mitre.org/techniques/T1203), '
'[Exploitation for Privilege '
'Escalation](https://attack.mitre.org/techniques/T1068), '
'[Exploitation for Defense '
'Evasion](https://attack.mitre.org/techniques/T1211), '
'[Exploitation for Credential '
'Access](https://attack.mitre.org/techniques/T1212), '
'[Exploitation of Remote '
'Services](https://attack.mitre.org/techniques/T1210), and '
'[Application or System '
'Exploitation](https://attack.mitre.org/techniques/T1499/004)).',
'external_references': [{'external_id': 'T1587.004',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1587/004'},
{'description': 'Stephen Sims. (2017, April 30). '
'Microsoft Patch Analysis for '
'Exploitation. Retrieved October 16, '
'2020.',
'source_name': 'Irongeek Sims BSides 2017',
'url': 'https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims'},
{'description': 'William J. Broad, John Markoff, and '
'David E. Sanger. (2011, January 15). '
'Israeli Test on Worm Called Crucial '
'in Iran Nuclear Delay. Retrieved '
'March 1, 2017.',
'source_name': 'NYTStuxnet',
'url': 'https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html'}],
'id': 'attack-pattern--bbc3cba7-84ae-410d-b18b-16750731dfa2',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'resource-development'}],
'modified': '2025-10-24T17:49:17.967Z',
'name': 'Exploits',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.0'}