-
Notifications
You must be signed in to change notification settings - Fork 5
/
search.html
1126 lines (1000 loc) · 113 KB
/
search.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!DOCTYPE html>
<html lang="en" data-content_root="" >
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Search - The Atomic Playbook</title>
<script data-cfasync="false">
document.documentElement.dataset.mode = localStorage.getItem("mode") || "";
document.documentElement.dataset.theme = localStorage.getItem("theme") || "light";
</script>
<!-- Loaded before other Sphinx assets -->
<link href="_static/styles/theme.css?digest=bd9e20870c6007c4c509" rel="stylesheet" />
<link href="_static/styles/bootstrap.css?digest=bd9e20870c6007c4c509" rel="stylesheet" />
<link href="_static/styles/pydata-sphinx-theme.css?digest=bd9e20870c6007c4c509" rel="stylesheet" />
<link href="_static/vendor/fontawesome/6.5.1/css/all.min.css?digest=bd9e20870c6007c4c509" rel="stylesheet" />
<link rel="preload" as="font" type="font/woff2" crossorigin href="_static/vendor/fontawesome/6.5.1/webfonts/fa-solid-900.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin href="_static/vendor/fontawesome/6.5.1/webfonts/fa-brands-400.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin href="_static/vendor/fontawesome/6.5.1/webfonts/fa-regular-400.woff2" />
<link rel="stylesheet" type="text/css" href="_static/pygments.css" />
<link rel="stylesheet" href="_static/styles/sphinx-book-theme.css?digest=14f4ca6b54d191a8c7657f6c759bf11a5fb86285" type="text/css" />
<link rel="stylesheet" type="text/css" href="_static/togglebutton.css" />
<link rel="stylesheet" type="text/css" href="_static/copybutton.css" />
<link rel="stylesheet" type="text/css" href="_static/mystnb.4510f1fc1dee50b3e5859aac5469c37c29e427902b24a333a5f9fcb2f0b3ac41.css" />
<link rel="stylesheet" type="text/css" href="_static/sphinx-thebe.css" />
<link rel="stylesheet" type="text/css" href="_static/design-style.4045f2051d55cab465a707391d5b2007.min.css" />
<!-- Pre-loaded scripts that we'll load fully later -->
<link rel="preload" as="script" href="_static/scripts/bootstrap.js?digest=bd9e20870c6007c4c509" />
<link rel="preload" as="script" href="_static/scripts/pydata-sphinx-theme.js?digest=bd9e20870c6007c4c509" />
<script src="_static/vendor/fontawesome/6.5.1/js/all.min.js?digest=bd9e20870c6007c4c509"></script>
<script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js"></script>
<script src="_static/doctools.js"></script>
<script src="_static/clipboard.min.js"></script>
<script src="_static/copybutton.js"></script>
<script src="_static/scripts/sphinx-book-theme.js?digest=5a5c038af52cf7bc1a1ec88eea08e6366ee68824"></script>
<script>let toggleHintShow = 'Click to show';</script>
<script>let toggleHintHide = 'Click to hide';</script>
<script>let toggleOpenOnPrint = 'true';</script>
<script src="_static/togglebutton.js"></script>
<script>var togglebuttonSelector = '.toggle, .admonition.dropdown';</script>
<script src="_static/design-tabs.js"></script>
<script>const THEBE_JS_URL = "https://unpkg.com/[email protected]/lib/index.js"
const thebe_selector = ".thebe,.cell"
const thebe_selector_input = "pre"
const thebe_selector_output = ".output, .cell_output"
</script>
<script async="async" src="_static/sphinx-thebe.js"></script>
<script>DOCUMENTATION_OPTIONS.pagename = 'search';</script>
<script src="_static/searchtools.js"></script>
<script src="_static/language_data.js"></script>
<script src="searchindex.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="#" />
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="docsearch:language" content="en"/>
</head>
<body data-bs-spy="scroll" data-bs-target=".bd-toc-nav" data-offset="180" data-bs-root-margin="0px 0px -60%" data-default-mode="">
<a id="pst-skip-link" class="skip-link" href="#main-content">Skip to main content</a>
<div id="pst-scroll-pixel-helper"></div>
<button type="button" class="btn rounded-pill" id="pst-back-to-top">
<i class="fa-solid fa-arrow-up"></i>
Back to top
</button>
<input type="checkbox"
class="sidebar-toggle"
name="__primary"
id="__primary"/>
<label class="overlay overlay-primary" for="__primary"></label>
<input type="checkbox"
class="sidebar-toggle"
name="__secondary"
id="__secondary"/>
<label class="overlay overlay-secondary" for="__secondary"></label>
<div class="search-button__wrapper">
<div class="search-button__overlay"></div>
<div class="search-button__search-container">
<form class="bd-search d-flex align-items-center"
action="#"
method="get">
<i class="fa-solid fa-magnifying-glass"></i>
<input type="search"
class="form-control"
name="q"
id="search-input"
placeholder="Search this book..."
aria-label="Search this book..."
autocomplete="off"
autocorrect="off"
autocapitalize="off"
spellcheck="false"/>
<span class="search-button__kbd-shortcut"><kbd class="kbd-shortcut__modifier">Ctrl</kbd>+<kbd>K</kbd></span>
</form></div>
</div>
<header>
<div class="bd-header navbar navbar-expand-lg bd-navbar">
</div>
</header>
<div class="bd-container">
<div class="bd-container__inner bd-page-width">
<div class="bd-sidebar-primary bd-sidebar">
<div class="sidebar-header-items sidebar-primary__section">
</div>
<div class="sidebar-primary-items__start sidebar-primary__section">
<div class="sidebar-primary-item">
<a class="navbar-brand logo" href="intro.html">
<img src="_static/logo.png" class="logo__image only-light" alt="The Atomic Playbook - Home"/>
<script>document.write(`<img src="_static/logo.png" class="logo__image only-dark" alt="The Atomic Playbook - Home"/>`);</script>
</a></div>
<div class="sidebar-primary-item"><nav class="bd-links" id="bd-docs-nav" aria-label="Main">
<div class="bd-toc-item navbar-nav active">
<ul class="nav bd-sidenav bd-sidenav__home-link">
<li class="toctree-l1">
<a class="reference internal" href="intro.html">
Welcome to the Atomic Playbook
</a>
</li>
</ul>
<ul class="nav bd-sidenav">
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/initial-access.html">Initial Access</a><input class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-1"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1078.001.html">T1078.001 - Default Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1078.002.html">T1078.002 - Domain Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1078.003.html">T1078.003 - Local Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1078.004.html">T1078.004 - Cloud Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1078.html">T1078 - Valid Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1091.html">T1091 - Replication Through Removable Media</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1133.html">T1133 - External Remote Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1189.html">T1189 - Drive-by Compromise</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1190.html">T1190 - Exploit Public-Facing Application</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1195.001.html">T1195.001 - Compromise Software Dependencies and Development Tools</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1195.002.html">T1195.002 - Compromise Software Supply Chain</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1195.003.html">T1195.003 - Compromise Hardware Supply Chain</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1195.html">T1195 - Supply Chain Compromise</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1199.html">T1199 - Trusted Relationship</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1200.html">T1200 - Hardware Additions</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1566.001.html">T1566.001 - Spearphishing Attachment</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1566.002.html">T1566.002 - Spearphishing Link</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1566.003.html">T1566.003 - Spearphishing via Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1566.004.html">T1566.004 - Spearphishing Voice</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1566.html">T1566 - Phishing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/initial-access/T1659.html">T1659 - Content Injection</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/execution.html">Execution</a><input class="toctree-checkbox" id="toctree-checkbox-2" name="toctree-checkbox-2" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-2"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1047.html">T1047 - Windows Management Instrumentation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1053.002.html">T1053.002 - At</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1053.003.html">T1053.003 - Cron</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1053.005.html">T1053.005 - Scheduled Task</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1053.006.html">T1053.006 - Systemd Timers</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1053.007.html">T1053.007 - Container Orchestration Job</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1053.html">T1053 - Scheduled Task/Job</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.001.html">T1059.001 - PowerShell</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.002.html">T1059.002 - AppleScript</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.003.html">T1059.003 - Windows Command Shell</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.004.html">T1059.004 - Unix Shell</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.005.html">T1059.005 - Visual Basic</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.006.html">T1059.006 - Python</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.007.html">T1059.007 - JavaScript</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.008.html">T1059.008 - Network Device CLI</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.009.html">T1059.009 - Cloud API</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1059.html">T1059 - Command and Scripting Interpreter</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1072.html">T1072 - Software Deployment Tools</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1106.html">T1106 - Native API</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1129.html">T1129 - Shared Modules</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1203.html">T1203 - Exploitation for Client Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1204.001.html">T1204.001 - Malicious Link</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1204.002.html">T1204.002 - Malicious File</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1204.003.html">T1204.003 - Malicious Image</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1204.html">T1204 - User Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1559.001.html">T1559.001 - Component Object Model</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1559.002.html">T1559.002 - Dynamic Data Exchange</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1559.003.html">T1559.003 - XPC Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1559.html">T1559 - Inter-Process Communication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1569.001.html">T1569.001 - Launchctl</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1569.002.html">T1569.002 - Service Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1569.html">T1569 - System Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1609.html">T1609 - Container Administration Command</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1610.html">T1610 - Deploy Container</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1648.html">T1648 - Serverless Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/execution/T1651.html">T1651 - Cloud Administration Command</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/persistence.html">Persistence</a><input class="toctree-checkbox" id="toctree-checkbox-3" name="toctree-checkbox-3" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-3"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1037.001.html">T1037.001 - Logon Script (Windows)</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1037.002.html">T1037.002 - Login Hook</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1037.003.html">T1037.003 - Network Logon Script</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1037.004.html">T1037.004 - RC Scripts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1037.005.html">T1037.005 - Startup Items</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1037.html">T1037 - Boot or Logon Initialization Scripts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1053.002.html">T1053.002 - At</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1053.003.html">T1053.003 - Cron</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1053.005.html">T1053.005 - Scheduled Task</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1053.006.html">T1053.006 - Systemd Timers</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1053.007.html">T1053.007 - Container Orchestration Job</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1053.html">T1053 - Scheduled Task/Job</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1078.001.html">T1078.001 - Default Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1078.002.html">T1078.002 - Domain Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1078.003.html">T1078.003 - Local Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1078.004.html">T1078.004 - Cloud Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1078.html">T1078 - Valid Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1098.001.html">T1098.001 - Additional Cloud Credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1098.002.html">T1098.002 - Additional Email Delegate Permissions</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1098.003.html">T1098.003 - Additional Cloud Roles</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1098.004.html">T1098.004 - SSH Authorized Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1098.005.html">T1098.005 - Device Registration</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1098.006.html">T1098.006 - Additional Container Cluster Roles</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1098.html">T1098 - Account Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1133.html">T1133 - External Remote Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1136.001.html">T1136.001 - Local Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1136.002.html">T1136.002 - Domain Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1136.003.html">T1136.003 - Cloud Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1136.html">T1136 - Create Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1137.001.html">T1137.001 - Office Template Macros</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1137.002.html">T1137.002 - Office Test</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1137.003.html">T1137.003 - Outlook Forms</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1137.004.html">T1137.004 - Outlook Home Page</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1137.005.html">T1137.005 - Outlook Rules</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1137.006.html">T1137.006 - Add-ins</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1137.html">T1137 - Office Application Startup</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1176.html">T1176 - Browser Extensions</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1197.html">T1197 - BITS Jobs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1205.001.html">T1205.001 - Port Knocking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1205.002.html">T1205.002 - Socket Filters</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1205.html">T1205 - Traffic Signaling</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1505.001.html">T1505.001 - SQL Stored Procedures</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1505.002.html">T1505.002 - Transport Agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1505.003.html">T1505.003 - Web Shell</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1505.004.html">T1505.004 - IIS Components</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1505.005.html">T1505.005 - Terminal Services DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1505.html">T1505 - Server Software Component</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1525.html">T1525 - Implant Internal Image</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1542.001.html">T1542.001 - System Firmware</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1542.002.html">T1542.002 - Component Firmware</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1542.003.html">T1542.003 - Bootkit</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1542.004.html">T1542.004 - ROMMONkit</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1542.005.html">T1542.005 - TFTP Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1542.html">T1542 - Pre-OS Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1543.001.html">T1543.001 - Launch Agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1543.002.html">T1543.002 - Systemd Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1543.003.html">T1543.003 - Windows Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1543.004.html">T1543.004 - Launch Daemon</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1543.html">T1543 - Create or Modify System Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.001.html">T1546.001 - Change Default File Association</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.002.html">T1546.002 - Screensaver</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.003.html">T1546.003 - Windows Management Instrumentation Event Subscription</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.004.html">T1546.004 - Unix Shell Configuration Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.005.html">T1546.005 - Trap</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.006.html">T1546.006 - LC_LOAD_DYLIB Addition</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.007.html">T1546.007 - Netsh Helper DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.008.html">T1546.008 - Accessibility Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.009.html">T1546.009 - AppCert DLLs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.010.html">T1546.010 - AppInit DLLs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.011.html">T1546.011 - Application Shimming</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.012.html">T1546.012 - Image File Execution Options Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.013.html">T1546.013 - PowerShell Profile</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.014.html">T1546.014 - Emond</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.015.html">T1546.015 - Component Object Model Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.016.html">T1546.016 - Installer Packages</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1546.html">T1546 - Event Triggered Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.001.html">T1547.001 - Registry Run Keys / Startup Folder</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.002.html">T1547.002 - Authentication Package</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.003.html">T1547.003 - Time Providers</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.004.html">T1547.004 - Winlogon Helper DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.005.html">T1547.005 - Security Support Provider</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.006.html">T1547.006 - Kernel Modules and Extensions</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.007.html">T1547.007 - Re-opened Applications</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.008.html">T1547.008 - LSASS Driver</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.009.html">T1547.009 - Shortcut Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.010.html">T1547.010 - Port Monitors</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.012.html">T1547.012 - Print Processors</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.013.html">T1547.013 - XDG Autostart Entries</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.014.html">T1547.014 - Active Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.015.html">T1547.015 - Login Items</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1547.html">T1547 - Boot or Logon Autostart Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1554.html">T1554 - Compromise Client Software Binary</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.001.html">T1556.001 - Domain Controller Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.002.html">T1556.002 - Password Filter DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.003.html">T1556.003 - Pluggable Authentication Modules</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.004.html">T1556.004 - Network Device Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.005.html">T1556.005 - Reversible Encryption</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.006.html">T1556.006 - Multi-Factor Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.007.html">T1556.007 - Hybrid Identity</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.008.html">T1556.008 - Network Provider DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1556.html">T1556 - Modify Authentication Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.001.html">T1574.001 - DLL Search Order Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.002.html">T1574.002 - DLL Side-Loading</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.004.html">T1574.004 - Dylib Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.005.html">T1574.005 - Executable Installer File Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.006.html">T1574.006 - Dynamic Linker Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.007.html">T1574.007 - Path Interception by PATH Environment Variable</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.008.html">T1574.008 - Path Interception by Search Order Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.009.html">T1574.009 - Path Interception by Unquoted Path</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.010.html">T1574.010 - Services File Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.011.html">T1574.011 - Services Registry Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.012.html">T1574.012 - COR_PROFILER</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.013.html">T1574.013 - KernelCallbackTable</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1574.html">T1574 - Hijack Execution Flow</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/persistence/T1653.html">T1653 - Power Settings</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/privilege-escalation.html">Privilege Escalation</a><input class="toctree-checkbox" id="toctree-checkbox-4" name="toctree-checkbox-4" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-4"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1037.001.html">T1037.001 - Logon Script (Windows)</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1037.002.html">T1037.002 - Login Hook</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1037.003.html">T1037.003 - Network Logon Script</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1037.004.html">T1037.004 - RC Scripts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1037.005.html">T1037.005 - Startup Items</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1037.html">T1037 - Boot or Logon Initialization Scripts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1053.002.html">T1053.002 - At</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1053.003.html">T1053.003 - Cron</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1053.005.html">T1053.005 - Scheduled Task</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1053.006.html">T1053.006 - Systemd Timers</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1053.007.html">T1053.007 - Container Orchestration Job</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1053.html">T1053 - Scheduled Task/Job</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.001.html">T1055.001 - Dynamic-link Library Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.002.html">T1055.002 - Portable Executable Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.003.html">T1055.003 - Thread Execution Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.004.html">T1055.004 - Asynchronous Procedure Call</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.005.html">T1055.005 - Thread Local Storage</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.008.html">T1055.008 - Ptrace System Calls</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.009.html">T1055.009 - Proc Memory</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.011.html">T1055.011 - Extra Window Memory Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.012.html">T1055.012 - Process Hollowing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.013.html">T1055.013 - Process Doppelgänging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.014.html">T1055.014 - VDSO Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.015.html">T1055.015 - ListPlanting</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1055.html">T1055 - Process Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1068.html">T1068 - Exploitation for Privilege Escalation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1078.001.html">T1078.001 - Default Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1078.002.html">T1078.002 - Domain Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1078.003.html">T1078.003 - Local Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1078.004.html">T1078.004 - Cloud Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1078.html">T1078 - Valid Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1098.001.html">T1098.001 - Additional Cloud Credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1098.002.html">T1098.002 - Additional Email Delegate Permissions</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1098.003.html">T1098.003 - Additional Cloud Roles</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1098.004.html">T1098.004 - SSH Authorized Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1098.005.html">T1098.005 - Device Registration</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1098.006.html">T1098.006 - Additional Container Cluster Roles</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1098.html">T1098 - Account Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1134.001.html">T1134.001 - Token Impersonation/Theft</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1134.002.html">T1134.002 - Create Process with Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1134.003.html">T1134.003 - Make and Impersonate Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1134.004.html">T1134.004 - Parent PID Spoofing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1134.005.html">T1134.005 - SID-History Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1134.html">T1134 - Access Token Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1484.001.html">T1484.001 - Group Policy Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1484.002.html">T1484.002 - Domain Trust Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1484.html">T1484 - Domain Policy Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1543.001.html">T1543.001 - Launch Agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1543.002.html">T1543.002 - Systemd Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1543.003.html">T1543.003 - Windows Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1543.004.html">T1543.004 - Launch Daemon</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1543.html">T1543 - Create or Modify System Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.001.html">T1546.001 - Change Default File Association</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.002.html">T1546.002 - Screensaver</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.003.html">T1546.003 - Windows Management Instrumentation Event Subscription</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.004.html">T1546.004 - Unix Shell Configuration Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.005.html">T1546.005 - Trap</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.006.html">T1546.006 - LC_LOAD_DYLIB Addition</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.007.html">T1546.007 - Netsh Helper DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.008.html">T1546.008 - Accessibility Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.009.html">T1546.009 - AppCert DLLs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.010.html">T1546.010 - AppInit DLLs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.011.html">T1546.011 - Application Shimming</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.012.html">T1546.012 - Image File Execution Options Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.013.html">T1546.013 - PowerShell Profile</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.014.html">T1546.014 - Emond</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.015.html">T1546.015 - Component Object Model Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.016.html">T1546.016 - Installer Packages</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1546.html">T1546 - Event Triggered Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.001.html">T1547.001 - Registry Run Keys / Startup Folder</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.002.html">T1547.002 - Authentication Package</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.003.html">T1547.003 - Time Providers</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.004.html">T1547.004 - Winlogon Helper DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.005.html">T1547.005 - Security Support Provider</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.006.html">T1547.006 - Kernel Modules and Extensions</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.007.html">T1547.007 - Re-opened Applications</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.008.html">T1547.008 - LSASS Driver</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.009.html">T1547.009 - Shortcut Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.010.html">T1547.010 - Port Monitors</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.012.html">T1547.012 - Print Processors</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.013.html">T1547.013 - XDG Autostart Entries</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.014.html">T1547.014 - Active Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.015.html">T1547.015 - Login Items</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1547.html">T1547 - Boot or Logon Autostart Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1548.001.html">T1548.001 - Setuid and Setgid</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1548.002.html">T1548.002 - Bypass User Account Control</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1548.003.html">T1548.003 - Sudo and Sudo Caching</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1548.004.html">T1548.004 - Elevated Execution with Prompt</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1548.005.html">T1548.005 - Temporary Elevated Cloud Access</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1548.html">T1548 - Abuse Elevation Control Mechanism</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.001.html">T1574.001 - DLL Search Order Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.002.html">T1574.002 - DLL Side-Loading</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.004.html">T1574.004 - Dylib Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.005.html">T1574.005 - Executable Installer File Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.006.html">T1574.006 - Dynamic Linker Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.007.html">T1574.007 - Path Interception by PATH Environment Variable</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.008.html">T1574.008 - Path Interception by Search Order Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.009.html">T1574.009 - Path Interception by Unquoted Path</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.010.html">T1574.010 - Services File Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.011.html">T1574.011 - Services Registry Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.012.html">T1574.012 - COR_PROFILER</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.013.html">T1574.013 - KernelCallbackTable</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1574.html">T1574 - Hijack Execution Flow</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/privilege-escalation/T1611.html">T1611 - Escape to Host</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/defense-evasion.html">Defense Evasion</a><input class="toctree-checkbox" id="toctree-checkbox-5" name="toctree-checkbox-5" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-5"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1006.html">T1006 - Direct Volume Access</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1014.html">T1014 - Rootkit</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.001.html">T1027.001 - Binary Padding</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.002.html">T1027.002 - Software Packing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.003.html">T1027.003 - Steganography</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.004.html">T1027.004 - Compile After Delivery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.005.html">T1027.005 - Indicator Removal from Tools</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.006.html">T1027.006 - HTML Smuggling</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.007.html">T1027.007 - Dynamic API Resolution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.008.html">T1027.008 - Stripped Payloads</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.009.html">T1027.009 - Embedded Payloads</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.010.html">T1027.010 - Command Obfuscation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.011.html">T1027.011 - Fileless Storage</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.012.html">T1027.012 - LNK Icon Smuggling</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1027.html">T1027 - Obfuscated Files or Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.001.html">T1036.001 - Invalid Code Signature</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.002.html">T1036.002 - Right-to-Left Override</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.003.html">T1036.003 - Rename System Utilities</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.004.html">T1036.004 - Masquerade Task or Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.005.html">T1036.005 - Match Legitimate Name or Location</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.006.html">T1036.006 - Space after Filename</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.007.html">T1036.007 - Double File Extension</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.008.html">T1036.008 - Masquerade File Type</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.009.html">T1036.009 - Break Process Trees</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1036.html">T1036 - Masquerading</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.001.html">T1055.001 - Dynamic-link Library Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.002.html">T1055.002 - Portable Executable Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.003.html">T1055.003 - Thread Execution Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.004.html">T1055.004 - Asynchronous Procedure Call</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.005.html">T1055.005 - Thread Local Storage</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.008.html">T1055.008 - Ptrace System Calls</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.009.html">T1055.009 - Proc Memory</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.011.html">T1055.011 - Extra Window Memory Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.012.html">T1055.012 - Process Hollowing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.013.html">T1055.013 - Process Doppelgänging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.014.html">T1055.014 - VDSO Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.015.html">T1055.015 - ListPlanting</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1055.html">T1055 - Process Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.001.html">T1070.001 - Clear Windows Event Logs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.002.html">T1070.002 - Clear Linux or Mac System Logs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.003.html">T1070.003 - Clear Command History</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.004.html">T1070.004 - File Deletion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.005.html">T1070.005 - Network Share Connection Removal</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.006.html">T1070.006 - Timestomp</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.007.html">T1070.007 - Clear Network Connection History and Configurations</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.008.html">T1070.008 - Clear Mailbox Data</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.009.html">T1070.009 - Clear Persistence</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1070.html">T1070 - Indicator Removal</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1078.001.html">T1078.001 - Default Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1078.002.html">T1078.002 - Domain Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1078.003.html">T1078.003 - Local Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1078.004.html">T1078.004 - Cloud Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1078.html">T1078 - Valid Accounts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1112.html">T1112 - Modify Registry</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1127.001.html">T1127.001 - MSBuild</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1127.html">T1127 - Trusted Developer Utilities Proxy Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1134.001.html">T1134.001 - Token Impersonation/Theft</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1134.002.html">T1134.002 - Create Process with Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1134.003.html">T1134.003 - Make and Impersonate Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1134.004.html">T1134.004 - Parent PID Spoofing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1134.005.html">T1134.005 - SID-History Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1134.html">T1134 - Access Token Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1140.html">T1140 - Deobfuscate/Decode Files or Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1197.html">T1197 - BITS Jobs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1202.html">T1202 - Indirect Command Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1205.001.html">T1205.001 - Port Knocking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1205.002.html">T1205.002 - Socket Filters</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1205.html">T1205 - Traffic Signaling</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1207.html">T1207 - Rogue Domain Controller</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1211.html">T1211 - Exploitation for Defense Evasion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1216.001.html">T1216.001 - PubPrn</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1216.html">T1216 - System Script Proxy Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.001.html">T1218.001 - Compiled HTML File</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.002.html">T1218.002 - Control Panel</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.003.html">T1218.003 - CMSTP</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.004.html">T1218.004 - InstallUtil</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.005.html">T1218.005 - Mshta</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.007.html">T1218.007 - Msiexec</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.008.html">T1218.008 - Odbcconf</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.009.html">T1218.009 - Regsvcs/Regasm</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.010.html">T1218.010 - Regsvr32</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.011.html">T1218.011 - Rundll32</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.012.html">T1218.012 - Verclsid</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.013.html">T1218.013 - Mavinject</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.014.html">T1218.014 - MMC</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1218.html">T1218 - System Binary Proxy Execution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1220.html">T1220 - XSL Script Processing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1221.html">T1221 - Template Injection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1222.001.html">T1222.001 - Windows File and Directory Permissions Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1222.002.html">T1222.002 - Linux and Mac File and Directory Permissions Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1222.html">T1222 - File and Directory Permissions Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1480.001.html">T1480.001 - Environmental Keying</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1480.html">T1480 - Execution Guardrails</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1484.001.html">T1484.001 - Group Policy Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1484.002.html">T1484.002 - Domain Trust Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1484.html">T1484 - Domain Policy Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1497.001.html">T1497.001 - System Checks</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1497.002.html">T1497.002 - User Activity Based Checks</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1497.003.html">T1497.003 - Time Based Evasion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1497.html">T1497 - Virtualization/Sandbox Evasion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1535.html">T1535 - Unused/Unsupported Cloud Regions</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1542.001.html">T1542.001 - System Firmware</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1542.002.html">T1542.002 - Component Firmware</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1542.003.html">T1542.003 - Bootkit</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1542.004.html">T1542.004 - ROMMONkit</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1542.005.html">T1542.005 - TFTP Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1542.html">T1542 - Pre-OS Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1548.001.html">T1548.001 - Setuid and Setgid</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1548.002.html">T1548.002 - Bypass User Account Control</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1548.003.html">T1548.003 - Sudo and Sudo Caching</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1548.004.html">T1548.004 - Elevated Execution with Prompt</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1548.005.html">T1548.005 - Temporary Elevated Cloud Access</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1548.html">T1548 - Abuse Elevation Control Mechanism</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1550.001.html">T1550.001 - Application Access Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1550.002.html">T1550.002 - Pass the Hash</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1550.003.html">T1550.003 - Pass the Ticket</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1550.004.html">T1550.004 - Web Session Cookie</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1550.html">T1550 - Use Alternate Authentication Material</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1553.001.html">T1553.001 - Gatekeeper Bypass</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1553.002.html">T1553.002 - Code Signing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1553.003.html">T1553.003 - SIP and Trust Provider Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1553.004.html">T1553.004 - Install Root Certificate</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1553.005.html">T1553.005 - Mark-of-the-Web Bypass</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1553.006.html">T1553.006 - Code Signing Policy Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1553.html">T1553 - Subvert Trust Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.001.html">T1556.001 - Domain Controller Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.002.html">T1556.002 - Password Filter DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.003.html">T1556.003 - Pluggable Authentication Modules</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.004.html">T1556.004 - Network Device Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.005.html">T1556.005 - Reversible Encryption</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.006.html">T1556.006 - Multi-Factor Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.007.html">T1556.007 - Hybrid Identity</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.008.html">T1556.008 - Network Provider DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1556.html">T1556 - Modify Authentication Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.001.html">T1562.001 - Disable or Modify Tools</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.002.html">T1562.002 - Disable Windows Event Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.003.html">T1562.003 - Impair Command History Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.004.html">T1562.004 - Disable or Modify System Firewall</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.006.html">T1562.006 - Indicator Blocking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.007.html">T1562.007 - Disable or Modify Cloud Firewall</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.008.html">T1562.008 - Disable or Modify Cloud Logs</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.009.html">T1562.009 - Safe Mode Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.010.html">T1562.010 - Downgrade Attack</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.011.html">T1562.011 - Spoof Security Alerting</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.012.html">T1562.012 - Disable or Modify Linux Audit System</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1562.html">T1562 - Impair Defenses</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.001.html">T1564.001 - Hidden Files and Directories</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.002.html">T1564.002 - Hidden Users</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.003.html">T1564.003 - Hidden Window</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.004.html">T1564.004 - NTFS File Attributes</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.005.html">T1564.005 - Hidden File System</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.006.html">T1564.006 - Run Virtual Instance</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.007.html">T1564.007 - VBA Stomping</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.008.html">T1564.008 - Email Hiding Rules</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.009.html">T1564.009 - Resource Forking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.010.html">T1564.010 - Process Argument Spoofing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.011.html">T1564.011 - Ignore Process Interrupts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1564.html">T1564 - Hide Artifacts</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.001.html">T1574.001 - DLL Search Order Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.002.html">T1574.002 - DLL Side-Loading</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.004.html">T1574.004 - Dylib Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.005.html">T1574.005 - Executable Installer File Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.006.html">T1574.006 - Dynamic Linker Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.007.html">T1574.007 - Path Interception by PATH Environment Variable</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.008.html">T1574.008 - Path Interception by Search Order Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.009.html">T1574.009 - Path Interception by Unquoted Path</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.010.html">T1574.010 - Services File Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.011.html">T1574.011 - Services Registry Permissions Weakness</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.012.html">T1574.012 - COR_PROFILER</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.013.html">T1574.013 - KernelCallbackTable</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1574.html">T1574 - Hijack Execution Flow</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1578.001.html">T1578.001 - Create Snapshot</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1578.002.html">T1578.002 - Create Cloud Instance</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1578.003.html">T1578.003 - Delete Cloud Instance</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1578.004.html">T1578.004 - Revert Cloud Instance</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1578.005.html">T1578.005 - Modify Cloud Compute Configurations</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1578.html">T1578 - Modify Cloud Compute Infrastructure</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1599.001.html">T1599.001 - Network Address Translation Traversal</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1599.html">T1599 - Network Boundary Bridging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1600.001.html">T1600.001 - Reduce Key Space</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1600.002.html">T1600.002 - Disable Crypto Hardware</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1600.html">T1600 - Weaken Encryption</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1601.001.html">T1601.001 - Patch System Image</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1601.002.html">T1601.002 - Downgrade System Image</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1601.html">T1601 - Modify System Image</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1610.html">T1610 - Deploy Container</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1612.html">T1612 - Build Image on Host</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1620.html">T1620 - Reflective Code Loading</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1622.html">T1622 - Debugger Evasion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1647.html">T1647 - Plist File Modification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/defense-evasion/T1656.html">T1656 - Impersonation</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/credential-access.html">Credential Access</a><input class="toctree-checkbox" id="toctree-checkbox-6" name="toctree-checkbox-6" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-6"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.001.html">T1003.001 - LSASS Memory</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.002.html">T1003.002 - Security Account Manager</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.003.html">T1003.003 - NTDS</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.004.html">T1003.004 - LSA Secrets</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.005.html">T1003.005 - Cached Domain Credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.006.html">T1003.006 - DCSync</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.007.html">T1003.007 - Proc Filesystem</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.008.html">T1003.008 - /etc/passwd and /etc/shadow</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1003.html">T1003 - OS Credential Dumping</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1040.html">T1040 - Network Sniffing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1056.001.html">T1056.001 - Keylogging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1056.002.html">T1056.002 - GUI Input Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1056.003.html">T1056.003 - Web Portal Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1056.004.html">T1056.004 - Credential API Hooking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1056.html">T1056 - Input Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1110.001.html">T1110.001 - Password Guessing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1110.002.html">T1110.002 - Password Cracking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1110.003.html">T1110.003 - Password Spraying</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1110.004.html">T1110.004 - Credential Stuffing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1110.html">T1110 - Brute Force</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1111.html">T1111 - Multi-Factor Authentication Interception</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1187.html">T1187 - Forced Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1212.html">T1212 - Exploitation for Credential Access</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1528.html">T1528 - Steal Application Access Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1539.html">T1539 - Steal Web Session Cookie</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.001.html">T1552.001 - Credentials In Files</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.002.html">T1552.002 - Credentials in Registry</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.003.html">T1552.003 - Bash History</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.004.html">T1552.004 - Private Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.005.html">T1552.005 - Cloud Instance Metadata API</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.006.html">T1552.006 - Group Policy Preferences</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.007.html">T1552.007 - Container API</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.008.html">T1552.008 - Chat Messages</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1552.html">T1552 - Unsecured Credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1555.001.html">T1555.001 - Keychain</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1555.002.html">T1555.002 - Securityd Memory</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1555.003.html">T1555.003 - Credentials from Web Browsers</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1555.004.html">T1555.004 - Windows Credential Manager</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1555.005.html">T1555.005 - Password Managers</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1555.006.html">T1555.006 - Cloud Secrets Management Stores</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1555.html">T1555 - Credentials from Password Stores</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.001.html">T1556.001 - Domain Controller Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.002.html">T1556.002 - Password Filter DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.003.html">T1556.003 - Pluggable Authentication Modules</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.004.html">T1556.004 - Network Device Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.005.html">T1556.005 - Reversible Encryption</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.006.html">T1556.006 - Multi-Factor Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.007.html">T1556.007 - Hybrid Identity</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.008.html">T1556.008 - Network Provider DLL</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1556.html">T1556 - Modify Authentication Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1557.001.html">T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1557.002.html">T1557.002 - ARP Cache Poisoning</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1557.003.html">T1557.003 - DHCP Spoofing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1557.html">T1557 - Adversary-in-the-Middle</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1558.001.html">T1558.001 - Golden Ticket</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1558.002.html">T1558.002 - Silver Ticket</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1558.003.html">T1558.003 - Kerberoasting</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1558.004.html">T1558.004 - AS-REP Roasting</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1558.html">T1558 - Steal or Forge Kerberos Tickets</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1606.001.html">T1606.001 - Web Cookies</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1606.002.html">T1606.002 - SAML Tokens</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1606.html">T1606 - Forge Web Credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1621.html">T1621 - Multi-Factor Authentication Request Generation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/credential-access/T1649.html">T1649 - Steal or Forge Authentication Certificates</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/discovery.html">Discovery</a><input class="toctree-checkbox" id="toctree-checkbox-7" name="toctree-checkbox-7" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-7"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1007.html">T1007 - System Service Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1010.html">T1010 - Application Window Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1012.html">T1012 - Query Registry</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1016.001.html">T1016.001 - Internet Connection Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1016.002.html">T1016.002 - Wi-Fi Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1016.html">T1016 - System Network Configuration Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1018.html">T1018 - Remote System Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1033.html">T1033 - System Owner/User Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1040.html">T1040 - Network Sniffing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1046.html">T1046 - Network Service Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1049.html">T1049 - System Network Connections Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1057.html">T1057 - Process Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1069.001.html">T1069.001 - Local Groups</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1069.002.html">T1069.002 - Domain Groups</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1069.003.html">T1069.003 - Cloud Groups</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1069.html">T1069 - Permission Groups Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1082.html">T1082 - System Information Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1083.html">T1083 - File and Directory Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1087.001.html">T1087.001 - Local Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1087.002.html">T1087.002 - Domain Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1087.003.html">T1087.003 - Email Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1087.004.html">T1087.004 - Cloud Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1087.html">T1087 - Account Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1120.html">T1120 - Peripheral Device Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1124.html">T1124 - System Time Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1135.html">T1135 - Network Share Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1201.html">T1201 - Password Policy Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1217.html">T1217 - Browser Information Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1482.html">T1482 - Domain Trust Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1497.001.html">T1497.001 - System Checks</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1497.002.html">T1497.002 - User Activity Based Checks</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1497.003.html">T1497.003 - Time Based Evasion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1497.html">T1497 - Virtualization/Sandbox Evasion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1518.001.html">T1518.001 - Security Software Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1518.html">T1518 - Software Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1526.html">T1526 - Cloud Service Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1538.html">T1538 - Cloud Service Dashboard</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1580.html">T1580 - Cloud Infrastructure Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1613.html">T1613 - Container and Resource Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1614.001.html">T1614.001 - System Language Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1614.html">T1614 - System Location Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1615.html">T1615 - Group Policy Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1619.html">T1619 - Cloud Storage Object Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1622.html">T1622 - Debugger Evasion</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1652.html">T1652 - Device Driver Discovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/discovery/T1654.html">T1654 - Log Enumeration</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/lateral-movement.html">Lateral Movement</a><input class="toctree-checkbox" id="toctree-checkbox-8" name="toctree-checkbox-8" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-8"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.001.html">T1021.001 - Remote Desktop Protocol</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.002.html">T1021.002 - SMB/Windows Admin Shares</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.003.html">T1021.003 - Distributed Component Object Model</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.004.html">T1021.004 - SSH</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.005.html">T1021.005 - VNC</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.006.html">T1021.006 - Windows Remote Management</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.007.html">T1021.007 - Cloud Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.008.html">T1021.008 - Direct Cloud VM Connections</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1021.html">T1021 - Remote Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1072.html">T1072 - Software Deployment Tools</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1080.html">T1080 - Taint Shared Content</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1091.html">T1091 - Replication Through Removable Media</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1210.html">T1210 - Exploitation of Remote Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1534.html">T1534 - Internal Spearphishing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1550.001.html">T1550.001 - Application Access Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1550.002.html">T1550.002 - Pass the Hash</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1550.003.html">T1550.003 - Pass the Ticket</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1550.004.html">T1550.004 - Web Session Cookie</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1550.html">T1550 - Use Alternate Authentication Material</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1563.001.html">T1563.001 - SSH Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1563.002.html">T1563.002 - RDP Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1563.html">T1563 - Remote Service Session Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/lateral-movement/T1570.html">T1570 - Lateral Tool Transfer</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/collection.html">Collection</a><input class="toctree-checkbox" id="toctree-checkbox-9" name="toctree-checkbox-9" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-9"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1005.html">T1005 - Data from Local System</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1025.html">T1025 - Data from Removable Media</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1039.html">T1039 - Data from Network Shared Drive</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1056.001.html">T1056.001 - Keylogging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1056.002.html">T1056.002 - GUI Input Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1056.003.html">T1056.003 - Web Portal Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1056.004.html">T1056.004 - Credential API Hooking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1056.html">T1056 - Input Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1074.001.html">T1074.001 - Local Data Staging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1074.002.html">T1074.002 - Remote Data Staging</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1074.html">T1074 - Data Staged</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1113.html">T1113 - Screen Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1114.001.html">T1114.001 - Local Email Collection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1114.002.html">T1114.002 - Remote Email Collection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1114.003.html">T1114.003 - Email Forwarding Rule</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1114.html">T1114 - Email Collection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1115.html">T1115 - Clipboard Data</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1119.html">T1119 - Automated Collection</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1123.html">T1123 - Audio Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1125.html">T1125 - Video Capture</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1185.html">T1185 - Browser Session Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1213.001.html">T1213.001 - Confluence</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1213.002.html">T1213.002 - Sharepoint</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1213.003.html">T1213.003 - Code Repositories</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1213.html">T1213 - Data from Information Repositories</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1530.html">T1530 - Data from Cloud Storage</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1557.001.html">T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1557.002.html">T1557.002 - ARP Cache Poisoning</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1557.003.html">T1557.003 - DHCP Spoofing</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1557.html">T1557 - Adversary-in-the-Middle</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1560.001.html">T1560.001 - Archive via Utility</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1560.002.html">T1560.002 - Archive via Library</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1560.003.html">T1560.003 - Archive via Custom Method</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1560.html">T1560 - Archive Collected Data</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1602.001.html">T1602.001 - SNMP (MIB Dump)</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1602.002.html">T1602.002 - Network Device Configuration Dump</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/collection/T1602.html">T1602 - Data from Configuration Repository</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/command-and-control.html">Command and Control</a><input class="toctree-checkbox" id="toctree-checkbox-10" name="toctree-checkbox-10" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-10"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1001.001.html">T1001.001 - Junk Data</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1001.002.html">T1001.002 - Steganography</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1001.003.html">T1001.003 - Protocol Impersonation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1001.html">T1001 - Data Obfuscation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1008.html">T1008 - Fallback Channels</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1071.001.html">T1071.001 - Web Protocols</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1071.002.html">T1071.002 - File Transfer Protocols</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1071.003.html">T1071.003 - Mail Protocols</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1071.004.html">T1071.004 - DNS</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1071.html">T1071 - Application Layer Protocol</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1090.001.html">T1090.001 - Internal Proxy</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1090.002.html">T1090.002 - External Proxy</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1090.003.html">T1090.003 - Multi-hop Proxy</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1090.004.html">T1090.004 - Domain Fronting</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1090.html">T1090 - Proxy</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1092.html">T1092 - Communication Through Removable Media</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1095.html">T1095 - Non-Application Layer Protocol</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1102.001.html">T1102.001 - Dead Drop Resolver</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1102.002.html">T1102.002 - Bidirectional Communication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1102.003.html">T1102.003 - One-Way Communication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1102.html">T1102 - Web Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1104.html">T1104 - Multi-Stage Channels</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1105.html">T1105 - Ingress Tool Transfer</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1132.001.html">T1132.001 - Standard Encoding</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1132.002.html">T1132.002 - Non-Standard Encoding</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1132.html">T1132 - Data Encoding</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1205.001.html">T1205.001 - Port Knocking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1205.002.html">T1205.002 - Socket Filters</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1205.html">T1205 - Traffic Signaling</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1219.html">T1219 - Remote Access Software</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1568.001.html">T1568.001 - Fast Flux DNS</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1568.002.html">T1568.002 - Domain Generation Algorithms</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1568.003.html">T1568.003 - DNS Calculation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1568.html">T1568 - Dynamic Resolution</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1571.html">T1571 - Non-Standard Port</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1572.html">T1572 - Protocol Tunneling</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1573.001.html">T1573.001 - Symmetric Cryptography</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1573.002.html">T1573.002 - Asymmetric Cryptography</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1573.html">T1573 - Encrypted Channel</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/command-and-control/T1659.html">T1659 - Content Injection</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/exfiltration.html">Exfiltration</a><input class="toctree-checkbox" id="toctree-checkbox-11" name="toctree-checkbox-11" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-11"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1011.001.html">T1011.001 - Exfiltration Over Bluetooth</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1011.html">T1011 - Exfiltration Over Other Network Medium</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1020.001.html">T1020.001 - Traffic Duplication</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1020.html">T1020 - Automated Exfiltration</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1029.html">T1029 - Scheduled Transfer</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1030.html">T1030 - Data Transfer Size Limits</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1041.html">T1041 - Exfiltration Over C2 Channel</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1048.001.html">T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1048.002.html">T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1048.003.html">T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1048.html">T1048 - Exfiltration Over Alternative Protocol</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1052.001.html">T1052.001 - Exfiltration over USB</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1052.html">T1052 - Exfiltration Over Physical Medium</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1537.html">T1537 - Transfer Data to Cloud Account</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1567.001.html">T1567.001 - Exfiltration to Code Repository</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1567.002.html">T1567.002 - Exfiltration to Cloud Storage</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1567.003.html">T1567.003 - Exfiltration to Text Storage Sites</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1567.004.html">T1567.004 - Exfiltration Over Webhook</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/exfiltration/T1567.html">T1567 - Exfiltration Over Web Service</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="tactics/impact.html">Impact</a><input class="toctree-checkbox" id="toctree-checkbox-12" name="toctree-checkbox-12" type="checkbox"/><label class="toctree-toggle" for="toctree-checkbox-12"><i class="fa-solid fa-chevron-down"></i></label><ul>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1485.html">T1485 - Data Destruction</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1486.html">T1486 - Data Encrypted for Impact</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1489.html">T1489 - Service Stop</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1490.html">T1490 - Inhibit System Recovery</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1491.001.html">T1491.001 - Internal Defacement</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1491.002.html">T1491.002 - External Defacement</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1491.html">T1491 - Defacement</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1495.html">T1495 - Firmware Corruption</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1496.html">T1496 - Resource Hijacking</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1498.001.html">T1498.001 - Direct Network Flood</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1498.002.html">T1498.002 - Reflection Amplification</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1498.html">T1498 - Network Denial of Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1499.001.html">T1499.001 - OS Exhaustion Flood</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1499.002.html">T1499.002 - Service Exhaustion Flood</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1499.003.html">T1499.003 - Application Exhaustion Flood</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1499.004.html">T1499.004 - Application or System Exploitation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1499.html">T1499 - Endpoint Denial of Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1529.html">T1529 - System Shutdown/Reboot</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1531.html">T1531 - Account Access Removal</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1561.001.html">T1561.001 - Disk Content Wipe</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1561.002.html">T1561.002 - Disk Structure Wipe</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1561.html">T1561 - Disk Wipe</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1565.001.html">T1565.001 - Stored Data Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1565.002.html">T1565.002 - Transmitted Data Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1565.003.html">T1565.003 - Runtime Data Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1565.html">T1565 - Data Manipulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="tactics/impact/T1657.html">T1657 - Financial Theft</a></li>
</ul>
</li>
</ul>
</div>
</nav></div>
</div>
<div class="sidebar-primary-items__end sidebar-primary__section">
</div>
<div id="rtd-footer-container"></div>
</div>
<main id="main-content" class="bd-main">
<div class="sbt-scroll-pixel-helper"></div>
<div class="bd-content">
<div class="bd-article-container">
<div class="bd-header-article">
<div class="header-article-items header-article__inner">
<div class="header-article-items__start">
<div class="header-article-item"><label class="sidebar-toggle primary-toggle btn btn-sm" for="__primary" title="Toggle primary sidebar" data-bs-placement="bottom" data-bs-toggle="tooltip">
<span class="fa-solid fa-bars"></span>
</label></div>
</div>
<div class="header-article-items__end">
<div class="header-article-item">
<div class="article-header-buttons">
<button onclick="toggleFullScreen()"
class="btn btn-sm btn-fullscreen-button"
title="Fullscreen mode"
data-bs-placement="bottom" data-bs-toggle="tooltip"
>
<span class="btn__icon-container">
<i class="fas fa-expand"></i>
</span>
</button>
<script>
document.write(`
<button class="btn btn-sm navbar-btn theme-switch-button" title="light/dark" aria-label="light/dark" data-bs-placement="bottom" data-bs-toggle="tooltip">
<span class="theme-switch nav-link" data-mode="light"><i class="fa-solid fa-sun fa-lg"></i></span>