(no title)

- A collection of public threat intel reports [0]. Lots of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews [1].

- VERIS community database [2]. Collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

[0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

[1] https://twitter.com/uuallan/status/1437068825636265985

[2] https://github.com/vz-risk/VCDB