| Drive-by Compromise CONTRIBUTE A TEST |
Command-Line Interface |
.bash_profile and .bashrc |
Exploitation for Privilege Escalation CONTRIBUTE A TEST |
Application Access Token CONTRIBUTE A TEST |
Account Manipulation CONTRIBUTE A TEST |
Account Discovery |
Application Access Token CONTRIBUTE A TEST |
Audio Capture CONTRIBUTE A TEST |
Automated Exfiltration CONTRIBUTE A TEST |
Commonly Used Port CONTRIBUTE A TEST |
Account Access Removal CONTRIBUTE A TEST |
| Exploit Public-Facing Application CONTRIBUTE A TEST |
Exploitation for Client Execution CONTRIBUTE A TEST |
Account Manipulation CONTRIBUTE A TEST |
Process Injection |
Binary Padding |
Bash History |
Browser Bookmark Discovery |
Application Deployment Software CONTRIBUTE A TEST |
Automated Collection CONTRIBUTE A TEST |
Data Compressed |
Communication Through Removable Media CONTRIBUTE A TEST |
Data Destruction |
| Hardware Additions CONTRIBUTE A TEST |
Graphical User Interface CONTRIBUTE A TEST |
Bootkit CONTRIBUTE A TEST |
Setuid and Setgid |
Clear Command History |
Brute Force CONTRIBUTE A TEST |
Cloud Service Dashboard CONTRIBUTE A TEST |
Exploitation of Remote Services CONTRIBUTE A TEST |
Clipboard Data CONTRIBUTE A TEST |
Data Encrypted |
Connection Proxy |
Data Encrypted for Impact CONTRIBUTE A TEST |
| Spearphishing Attachment CONTRIBUTE A TEST |
Local Job Scheduling |
Browser Extensions |
Sudo |
Compile After Delivery CONTRIBUTE A TEST |
Cloud Instance Metadata API CONTRIBUTE A TEST |
Cloud Service Discovery CONTRIBUTE A TEST |
Internal Spearphishing CONTRIBUTE A TEST |
Data Staged |
Data Transfer Size Limits |
Custom Command and Control Protocol CONTRIBUTE A TEST |
Defacement CONTRIBUTE A TEST |
| Spearphishing Link CONTRIBUTE A TEST |
Scripting |
Create Account |
Sudo Caching |
Connection Proxy |
Credential Dumping CONTRIBUTE A TEST |
File and Directory Discovery |
Remote File Copy |
Data from Cloud Storage Object CONTRIBUTE A TEST |
Exfiltration Over Alternative Protocol |
Custom Cryptographic Protocol CONTRIBUTE A TEST |
Disk Content Wipe CONTRIBUTE A TEST |
| Spearphishing via Service CONTRIBUTE A TEST |
Source |
Hidden Files and Directories |
Valid Accounts CONTRIBUTE A TEST |
Disabling Security Tools |
Credentials from Web Browsers CONTRIBUTE A TEST |
Network Service Scanning |
Remote Services CONTRIBUTE A TEST |
Data from Information Repositories CONTRIBUTE A TEST |
Exfiltration Over Command and Control Channel CONTRIBUTE A TEST |
Data Encoding |
Disk Structure Wipe CONTRIBUTE A TEST |
| Supply Chain Compromise CONTRIBUTE A TEST |
Space after Filename CONTRIBUTE A TEST |
Implant Container Image CONTRIBUTE A TEST |
Web Shell CONTRIBUTE A TEST |
Execution Guardrails CONTRIBUTE A TEST |
Credentials in Files |
Network Share Discovery |
SSH Hijacking CONTRIBUTE A TEST |
Data from Local System CONTRIBUTE A TEST |
Exfiltration Over Other Network Medium CONTRIBUTE A TEST |
Data Obfuscation CONTRIBUTE A TEST |
Endpoint Denial of Service CONTRIBUTE A TEST |
| Trusted Relationship CONTRIBUTE A TEST |
Third-party Software CONTRIBUTE A TEST |
Kernel Modules and Extensions |
|
Exploitation for Defense Evasion CONTRIBUTE A TEST |
Exploitation for Credential Access CONTRIBUTE A TEST |
Network Sniffing |
Third-party Software CONTRIBUTE A TEST |
Data from Network Shared Drive CONTRIBUTE A TEST |
Exfiltration Over Physical Medium CONTRIBUTE A TEST |
Domain Fronting CONTRIBUTE A TEST |
Firmware Corruption CONTRIBUTE A TEST |
| Valid Accounts CONTRIBUTE A TEST |
Trap |
Local Job Scheduling |
|
File Deletion |
Input Capture CONTRIBUTE A TEST |
Password Policy Discovery |
Web Session Cookie CONTRIBUTE A TEST |
Data from Removable Media CONTRIBUTE A TEST |
Scheduled Transfer CONTRIBUTE A TEST |
Domain Generation Algorithms CONTRIBUTE A TEST |
Inhibit System Recovery CONTRIBUTE A TEST |
|
User Execution CONTRIBUTE A TEST |
Office Application Startup CONTRIBUTE A TEST |
|
File and Directory Permissions Modification |
Network Sniffing |
Permission Groups Discovery |
|
Email Collection CONTRIBUTE A TEST |
Transfer Data to Cloud Account CONTRIBUTE A TEST |
Fallback Channels CONTRIBUTE A TEST |
Network Denial of Service CONTRIBUTE A TEST |
|
|
Port Knocking CONTRIBUTE A TEST |
|
HISTCONTROL |
Private Keys |
Process Discovery |
|
Input Capture CONTRIBUTE A TEST |
|
Multi-Stage Channels CONTRIBUTE A TEST |
Resource Hijacking |
|
|
Redundant Access CONTRIBUTE A TEST |
|
Hidden Files and Directories |
Steal Application Access Token CONTRIBUTE A TEST |
Remote System Discovery |
|
Screen Capture |
|
Multi-hop Proxy CONTRIBUTE A TEST |
Runtime Data Manipulation CONTRIBUTE A TEST |
|
|
Server Software Component CONTRIBUTE A TEST |
|
Indicator Removal from Tools CONTRIBUTE A TEST |
Steal Web Session Cookie CONTRIBUTE A TEST |
Software Discovery CONTRIBUTE A TEST |
|
|
|
Multiband Communication CONTRIBUTE A TEST |
Stored Data Manipulation CONTRIBUTE A TEST |
|
|
Setuid and Setgid |
|
Indicator Removal on Host |
Two-Factor Authentication Interception CONTRIBUTE A TEST |
System Information Discovery |
|
|
|
Multilayer Encryption CONTRIBUTE A TEST |
System Shutdown/Reboot |
|
|
Systemd Service |
|
Install Root Certificate |
|
System Network Configuration Discovery |
|
|
|
Port Knocking CONTRIBUTE A TEST |
Transmitted Data Manipulation CONTRIBUTE A TEST |
|
|
Trap |
|
Masquerading |
|
System Network Connections Discovery |
|
|
|
Remote Access Tools CONTRIBUTE A TEST |
|
|
|
Valid Accounts CONTRIBUTE A TEST |
|
Obfuscated Files or Information |
|
System Owner/User Discovery |
|
|
|
Remote File Copy |
|
|
|
Web Shell CONTRIBUTE A TEST |
|
Port Knocking CONTRIBUTE A TEST |
|
|
|
|
|
Standard Application Layer Protocol |
|
|
|
|
|
Process Injection |
|
|
|
|
|
Standard Cryptographic Protocol CONTRIBUTE A TEST |
|
|
|
|
|
Redundant Access CONTRIBUTE A TEST |
|
|
|
|
|
Standard Non-Application Layer Protocol CONTRIBUTE A TEST |
|
|
|
|
|
Revert Cloud Instance CONTRIBUTE A TEST |
|
|
|
|
|
Uncommonly Used Port |
|
|
|
|
|
Rootkit |
|
|
|
|
|
Web Service CONTRIBUTE A TEST |
|
|
|
|
|
Scripting |
|
|
|
|
|
|
|
|
|
|
|
Space after Filename CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Timestomp |
|
|
|
|
|
|
|
|
|
|
|
Unused/Unsupported Cloud Regions CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Valid Accounts CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Web Service CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Web Session Cookie CONTRIBUTE A TEST |
|
|
|
|
|
|
|