Home/ MITRE Matrix/ Defense Evasion/ T1211

T1211Exploitation for Stealth

T1211 — Exploitation for Stealth is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 3 detection use cases covering it and 1 threat-intel article citing it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

3Use cases

1Articles

0Sub-techniques

1Tactic

Use cases covering this technique (3)

[WEEKLY] Language-runtime server (node/python/java) spawns OS shell shortly after inbound request — eval / sandbox-escape exploitation chain Internal exploit · alerting DSPDD [WEEKLY] Low-Code / AI Workflow Runtime Sandbox-Escape — Server Process Spawns Shell + Public Egress Internal exploit · alerting DSΣPDD [LLM] vm2 NodeVM denylist bypass PoC strings — getBuiltinModule + inspector/promises Bespoke exploit · alerting DSΣPDDCS

Articles citing this technique (1)

crit [GHSA / CRITICAL] CVE-2026-47140: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution art-173