Skip to content

Latest commit

 

History

History
76 lines (76 loc) · 20.1 KB

matrix.md

File metadata and controls

76 lines (76 loc) · 20.1 KB

All Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control
Drive-by Compromise CONTRIBUTE A TEST AppleScript .bash_profile and .bashrc Access Token Manipulation Access Token Manipulation Account Manipulation Account Discovery AppleScript Audio Capture Automated Exfiltration CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST CMSTP Accessibility Features Accessibility Features Application Access Token CONTRIBUTE A TEST Bash History Application Window Discovery Application Access Token CONTRIBUTE A TEST Automated Collection Data Compressed Communication Through Removable Media CONTRIBUTE A TEST
External Remote Services CONTRIBUTE A TEST Command-Line Interface Account Manipulation AppCert DLLs CONTRIBUTE A TEST BITS Jobs Brute Force Browser Bookmark Discovery Application Deployment Software CONTRIBUTE A TEST Clipboard Data Data Encrypted Connection Proxy
Hardware Additions CONTRIBUTE A TEST Compiled HTML File AppCert DLLs CONTRIBUTE A TEST AppInit DLLs Binary Padding Cloud Instance Metadata API CONTRIBUTE A TEST Cloud Service Dashboard CONTRIBUTE A TEST Component Object Model and Distributed COM CONTRIBUTE A TEST Data Staged Data Transfer Size Limits Custom Command and Control Protocol CONTRIBUTE A TEST
Replication Through Removable Media CONTRIBUTE A TEST Component Object Model and Distributed COM CONTRIBUTE A TEST AppInit DLLs Application Shimming Bypass User Account Control Credential Dumping Cloud Service Discovery CONTRIBUTE A TEST Exploitation of Remote Services CONTRIBUTE A TEST Data from Cloud Storage Object CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Custom Cryptographic Protocol CONTRIBUTE A TEST
Spearphishing Attachment Control Panel Items Application Shimming Bypass User Account Control CMSTP Credentials from Web Browsers CONTRIBUTE A TEST Domain Trust Discovery Internal Spearphishing CONTRIBUTE A TEST Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Command and Control Channel CONTRIBUTE A TEST Data Encoding
Spearphishing Link CONTRIBUTE A TEST Dynamic Data Exchange Authentication Package CONTRIBUTE A TEST DLL Search Order Hijacking Clear Command History Credentials in Files File and Directory Discovery Logon Scripts Data from Local System Exfiltration Over Other Network Medium CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Execution through API CONTRIBUTE A TEST BITS Jobs Dylib Hijacking CONTRIBUTE A TEST Code Signing CONTRIBUTE A TEST Credentials in Registry Network Service Scanning Pass the Hash Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST
Supply Chain Compromise CONTRIBUTE A TEST Execution through Module Load CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Elevated Execution with Prompt CONTRIBUTE A TEST Compile After Delivery Exploitation for Credential Access CONTRIBUTE A TEST Network Share Discovery Pass the Ticket Data from Removable Media CONTRIBUTE A TEST Scheduled Transfer CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Browser Extensions Emond Compiled HTML File Forced Authentication CONTRIBUTE A TEST Network Sniffing Remote Desktop Protocol Email Collection Transfer Data to Cloud Account CONTRIBUTE A TEST Fallback Channels CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Change Default File Association Exploitation for Privilege Escalation CONTRIBUTE A TEST Component Firmware CONTRIBUTE A TEST Hooking Password Policy Discovery Remote File Copy Input Capture Multi-Stage Channels CONTRIBUTE A TEST
InstallUtil Component Firmware CONTRIBUTE A TEST Extra Window Memory Injection CONTRIBUTE A TEST Component Object Model Hijacking Input Capture Peripheral Device Discovery CONTRIBUTE A TEST Remote Services CONTRIBUTE A TEST Man in the Browser CONTRIBUTE A TEST Multi-hop Proxy CONTRIBUTE A TEST
LSASS Driver CONTRIBUTE A TEST Component Object Model Hijacking File System Permissions Weakness Connection Proxy Input Prompt Permission Groups Discovery Replication Through Removable Media CONTRIBUTE A TEST Screen Capture Multiband Communication CONTRIBUTE A TEST
Launchctl Create Account Hooking Control Panel Items Kerberoasting Process Discovery SSH Hijacking CONTRIBUTE A TEST Video Capture CONTRIBUTE A TEST Multilayer Encryption CONTRIBUTE A TEST
Local Job Scheduling DLL Search Order Hijacking Image File Execution Options Injection DCShadow Keychain Query Registry Shared Webroot CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST
Mshta Dylib Hijacking CONTRIBUTE A TEST Launch Daemon DLL Search Order Hijacking LLMNR/NBT-NS Poisoning and Relay CONTRIBUTE A TEST Remote System Discovery Taint Shared Content CONTRIBUTE A TEST Remote Access Tools CONTRIBUTE A TEST
PowerShell Emond New Service DLL Side-Loading Network Sniffing Security Software Discovery Third-party Software CONTRIBUTE A TEST Remote File Copy
Regsvcs/Regasm External Remote Services CONTRIBUTE A TEST Parent PID Spoofing Deobfuscate/Decode Files or Information Password Filter DLL Software Discovery Web Session Cookie CONTRIBUTE A TEST Standard Application Layer Protocol
Regsvr32 File System Permissions Weakness Path Interception CONTRIBUTE A TEST Disabling Security Tools Private Keys System Information Discovery Windows Admin Shares Standard Cryptographic Protocol
Rundll32 Hidden Files and Directories Plist Modification Execution Guardrails CONTRIBUTE A TEST Securityd Memory CONTRIBUTE A TEST System Network Configuration Discovery Windows Remote Management Standard Non-Application Layer Protocol CONTRIBUTE A TEST
Scheduled Task Hooking Port Monitors CONTRIBUTE A TEST Exploitation for Defense Evasion CONTRIBUTE A TEST Steal Application Access Token CONTRIBUTE A TEST System Network Connections Discovery Uncommonly Used Port
Scripting Hypervisor PowerShell Profile Extra Window Memory Injection CONTRIBUTE A TEST Steal Web Session Cookie CONTRIBUTE A TEST System Owner/User Discovery Web Service
Service Execution Image File Execution Options Injection Process Injection File Deletion Two-Factor Authentication Interception CONTRIBUTE A TEST System Service Discovery
Signed Binary Proxy Execution Implant Container Image CONTRIBUTE A TEST SID-History Injection CONTRIBUTE A TEST File System Logical Offsets System Time Discovery
Signed Script Proxy Execution Kernel Modules and Extensions Scheduled Task File and Directory Permissions Modification Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Source LC_LOAD_DYLIB Addition CONTRIBUTE A TEST Service Registry Permissions Weakness Gatekeeper Bypass
Space after Filename LSASS Driver CONTRIBUTE A TEST Setuid and Setgid Group Policy Modification CONTRIBUTE A TEST
Third-party Software CONTRIBUTE A TEST Launch Agent Startup Items HISTCONTROL
Trap Launch Daemon Sudo Hidden Files and Directories
Trusted Developer Utilities Launchctl Sudo Caching Hidden Users
User Execution CONTRIBUTE A TEST Local Job Scheduling Valid Accounts CONTRIBUTE A TEST Hidden Window
Windows Management Instrumentation Login Item CONTRIBUTE A TEST Web Shell Image File Execution Options Injection
Windows Remote Management Logon Scripts Indicator Blocking CONTRIBUTE A TEST
XSL Script Processing Modify Existing Service Indicator Removal from Tools CONTRIBUTE A TEST
Netsh Helper DLL Indicator Removal on Host
New Service Indirect Command Execution
Office Application Startup Install Root Certificate
Path Interception CONTRIBUTE A TEST InstallUtil
Plist Modification LC_MAIN Hijacking CONTRIBUTE A TEST
Port Knocking CONTRIBUTE A TEST Launchctl
Port Monitors CONTRIBUTE A TEST Masquerading
PowerShell Profile Modify Registry
Rc.common Mshta
Re-opened Applications NTFS File Attributes
Redundant Access CONTRIBUTE A TEST Network Share Connection Removal
Registry Run Keys / Startup Folder Obfuscated Files or Information
SIP and Trust Provider Hijacking CONTRIBUTE A TEST Parent PID Spoofing
Scheduled Task Plist Modification
Screensaver Port Knocking CONTRIBUTE A TEST
Security Support Provider Process Doppelgänging CONTRIBUTE A TEST
Server Software Component Process Hollowing
Service Registry Permissions Weakness Process Injection
Setuid and Setgid Redundant Access CONTRIBUTE A TEST
Shortcut Modification Regsvcs/Regasm
Startup Items Regsvr32
System Firmware CONTRIBUTE A TEST Revert Cloud Instance CONTRIBUTE A TEST
Systemd Service Rootkit
Time Providers CONTRIBUTE A TEST Rundll32
Trap SIP and Trust Provider Hijacking CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Scripting
Web Shell Signed Binary Proxy Execution
Windows Management Instrumentation Event Subscription Signed Script Proxy Execution
Winlogon Helper DLL Software Packing CONTRIBUTE A TEST
Space after Filename
Template Injection CONTRIBUTE A TEST
Timestomp
Trusted Developer Utilities
Unused/Unsupported Cloud Regions CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST
Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Web Service
Web Session Cookie CONTRIBUTE A TEST
XSL Script Processing