Attack Path
An attack path is the sequence of weaknesses, access points, and privilege transitions an attacker can use to move from an initial foothold to a high-value objective.
What Is an Attack Path?
An attack path is not just a single vulnerability or exposed service. It is the chain that connects conditions across identities, endpoints, applications, and networks into a route an attacker can realistically exploit to escalate access or reach sensitive assets.
What Shapes an Attack Path
- Initial Access Opportunities: Phishing, exposed services, or leaked credentials
- Privilege Gaps: Excessive permissions or weak role separation
- Lateral Movement Options: Unnecessary trust paths and weak segmentation
- Target Value: Systems, data, or identities that advance attacker objectives
Why Attack Paths Matter
Security teams rarely have time to fix every finding immediately. Attack path analysis helps them prioritize remediation based on how individual issues combine to create a practical route to compromise.
How FourCore ATTACK Relates
FourCore ATTACK helps validate whether attack paths can be executed in practice and whether security controls interrupt the chain before the attacker reaches critical objectives.