Skip to content

Latest commit

 

History

History
37 lines (37 loc) · 10.9 KB

macos-matrix.md

File metadata and controls

37 lines (37 loc) · 10.9 KB

macOS Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control
Drive-by Compromise CONTRIBUTE A TEST AppleScript .bash_profile and .bashrc Dylib Hijacking CONTRIBUTE A TEST Binary Padding Bash History Account Discovery AppleScript Audio Capture Automated Exfiltration CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Command-Line Interface Browser Extensions Elevated Execution with Prompt CONTRIBUTE A TEST Clear Command History Brute Force Application Window Discovery Application Deployment Software CONTRIBUTE A TEST Automated Collection Data Compressed Communication Through Removable Media CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Create Account Emond Code Signing CONTRIBUTE A TEST Credential Dumping Browser Bookmark Discovery Exploitation of Remote Services CONTRIBUTE A TEST Clipboard Data Data Encrypted Connection Proxy
Spearphishing Attachment Graphical User Interface CONTRIBUTE A TEST Dylib Hijacking CONTRIBUTE A TEST Exploitation for Privilege Escalation CONTRIBUTE A TEST Compile After Delivery Credentials from Web Browsers CONTRIBUTE A TEST File and Directory Discovery Internal Spearphishing CONTRIBUTE A TEST Data Staged Data Transfer Size Limits Custom Command and Control Protocol CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Launchctl Emond Launch Daemon Connection Proxy Credentials in Files Network Service Scanning Logon Scripts Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Custom Cryptographic Protocol CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Local Job Scheduling Hidden Files and Directories Plist Modification Disabling Security Tools Exploitation for Credential Access CONTRIBUTE A TEST Network Share Discovery Remote File Copy Data from Local System Exfiltration Over Command and Control Channel CONTRIBUTE A TEST Data Encoding
Supply Chain Compromise CONTRIBUTE A TEST Scripting Kernel Modules and Extensions Process Injection Execution Guardrails CONTRIBUTE A TEST Input Capture Network Sniffing Remote Services CONTRIBUTE A TEST Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration Over Other Network Medium CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Source LC_LOAD_DYLIB Addition CONTRIBUTE A TEST Setuid and Setgid Exploitation for Defense Evasion CONTRIBUTE A TEST Input Prompt Password Policy Discovery SSH Hijacking CONTRIBUTE A TEST Data from Removable Media CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Space after Filename Launch Agent Startup Items File Deletion Keychain Peripheral Device Discovery CONTRIBUTE A TEST Third-party Software CONTRIBUTE A TEST Input Capture Scheduled Transfer CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST
Third-party Software CONTRIBUTE A TEST Launch Daemon Sudo File and Directory Permissions Modification Network Sniffing Permission Groups Discovery Screen Capture Fallback Channels CONTRIBUTE A TEST
Trap Launchctl Sudo Caching Gatekeeper Bypass Private Keys Process Discovery Video Capture CONTRIBUTE A TEST Multi-Stage Channels CONTRIBUTE A TEST
User Execution CONTRIBUTE A TEST Local Job Scheduling Valid Accounts CONTRIBUTE A TEST HISTCONTROL Securityd Memory CONTRIBUTE A TEST Remote System Discovery Multi-hop Proxy CONTRIBUTE A TEST
Login Item CONTRIBUTE A TEST Web Shell Hidden Files and Directories Steal Web Session Cookie CONTRIBUTE A TEST Security Software Discovery Multiband Communication CONTRIBUTE A TEST
Logon Scripts Hidden Users Two-Factor Authentication Interception CONTRIBUTE A TEST Software Discovery Multilayer Encryption CONTRIBUTE A TEST
Plist Modification Hidden Window System Information Discovery Port Knocking CONTRIBUTE A TEST
Port Knocking CONTRIBUTE A TEST Indicator Removal from Tools CONTRIBUTE A TEST System Network Configuration Discovery Remote Access Tools CONTRIBUTE A TEST
Rc.common Indicator Removal on Host System Network Connections Discovery Remote File Copy
Re-opened Applications Install Root Certificate System Owner/User Discovery Standard Application Layer Protocol
Redundant Access CONTRIBUTE A TEST LC_MAIN Hijacking CONTRIBUTE A TEST Virtualization/Sandbox Evasion CONTRIBUTE A TEST Standard Cryptographic Protocol
Setuid and Setgid Launchctl Standard Non-Application Layer Protocol CONTRIBUTE A TEST
Startup Items Masquerading Uncommonly Used Port
Trap Obfuscated Files or Information Web Service
Valid Accounts CONTRIBUTE A TEST Plist Modification
Web Shell Port Knocking CONTRIBUTE A TEST
Process Injection
Redundant Access CONTRIBUTE A TEST
Rootkit
Scripting
Software Packing CONTRIBUTE A TEST
Space after Filename
Timestomp
Valid Accounts CONTRIBUTE A TEST
Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Web Service