Skip to content

Latest commit

 

History

History
62 lines (62 loc) · 18.7 KB

matrix.md

File metadata and controls

62 lines (62 loc) · 18.7 KB
Raw

All Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control
Drive-by Compromise CONTRIBUTE A TEST AppleScript .bash_profile and .bashrc Access Token Manipulation Access Token Manipulation Account Manipulation Account Discovery AppleScript Audio Capture Automated Exfiltration CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST CMSTP Accessibility Features Accessibility Features BITS Jobs Bash History Application Window Discovery CONTRIBUTE A TEST Application Deployment Software CONTRIBUTE A TEST Automated Collection Data Compressed Communication Through Removable Media CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST Command-Line Interface AppCert DLLs CONTRIBUTE A TEST AppCert DLLs CONTRIBUTE A TEST Binary Padding CONTRIBUTE A TEST Brute Force Browser Bookmark Discovery CONTRIBUTE A TEST Distributed Component Object Model CONTRIBUTE A TEST Clipboard Data Data Encrypted Connection Proxy CONTRIBUTE A TEST
Replication Through Removable Media CONTRIBUTE A TEST Control Panel Items CONTRIBUTE A TEST AppInit DLLs AppInit DLLs Bypass User Account Control CONTRIBUTE A TEST Credential Dumping File and Directory Discovery Exploitation of Remote Services CONTRIBUTE A TEST Data Staged Data Transfer Size Limits Custom Command and Control Protocol CONTRIBUTE A TEST
Spearphishing Attachment Dynamic Data Exchange Application Shimming Application Shimming CMSTP Credentials in Files Network Service Scanning Logon Scripts Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Custom Cryptographic Protocol CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Execution through API CONTRIBUTE A TEST Authentication Package CONTRIBUTE A TEST Bypass User Account Control CONTRIBUTE A TEST Clear Command History Credentials in Registry Network Share Discovery Pass the Hash Data from Local System CONTRIBUTE A TEST Exfiltration Over Command and Control Channel CONTRIBUTE A TEST Data Encoding
Spearphishing via Service CONTRIBUTE A TEST Execution through Module Load CONTRIBUTE A TEST BITS Jobs DLL Search Order Hijacking CONTRIBUTE A TEST Code Signing CONTRIBUTE A TEST Exploitation for Credential Access CONTRIBUTE A TEST Password Policy Discovery Pass the Ticket CONTRIBUTE A TEST Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration Over Other Network Medium CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST
Supply Chain Compromise CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Dylib Hijacking CONTRIBUTE A TEST Component Firmware CONTRIBUTE A TEST Forced Authentication CONTRIBUTE A TEST Peripheral Device Discovery CONTRIBUTE A TEST Remote Desktop Protocol Data from Removable Media CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Browser Extensions Exploitation for Privilege Escalation CONTRIBUTE A TEST Component Object Model Hijacking Hooking Permission Groups Discovery Remote File Copy Email Collection CONTRIBUTE A TEST Scheduled Transfer CONTRIBUTE A TEST Fallback Channels CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST InstallUtil Change Default File Association Extra Window Memory Injection CONTRIBUTE A TEST Control Panel Items CONTRIBUTE A TEST Input Capture Process Discovery Remote Services CONTRIBUTE A TEST Input Capture Multi-Stage Channels CONTRIBUTE A TEST
LSASS Driver CONTRIBUTE A TEST Component Firmware CONTRIBUTE A TEST File System Permissions Weakness CONTRIBUTE A TEST DCShadow Input Prompt Query Registry Replication Through Removable Media CONTRIBUTE A TEST Man in the Browser CONTRIBUTE A TEST Multi-hop Proxy CONTRIBUTE A TEST
Launchctl Component Object Model Hijacking Hooking DLL Search Order Hijacking CONTRIBUTE A TEST Kerberoasting CONTRIBUTE A TEST Remote System Discovery SSH Hijacking CONTRIBUTE A TEST Screen Capture Multiband Communication CONTRIBUTE A TEST
Local Job Scheduling Create Account Image File Execution Options Injection DLL Side-Loading CONTRIBUTE A TEST Keychain Security Software Discovery Shared Webroot CONTRIBUTE A TEST Video Capture CONTRIBUTE A TEST Multilayer Encryption CONTRIBUTE A TEST
Mshta DLL Search Order Hijacking CONTRIBUTE A TEST Launch Daemon Deobfuscate/Decode Files or Information LLMNR/NBT-NS Poisoning CONTRIBUTE A TEST System Information Discovery Taint Shared Content CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST
PowerShell Dylib Hijacking CONTRIBUTE A TEST New Service Disabling Security Tools Network Sniffing System Network Configuration Discovery Third-party Software CONTRIBUTE A TEST Remote Access Tools CONTRIBUTE A TEST
Regsvcs/Regasm External Remote Services CONTRIBUTE A TEST Path Interception CONTRIBUTE A TEST Exploitation for Defense Evasion CONTRIBUTE A TEST Password Filter DLL CONTRIBUTE A TEST System Network Connections Discovery Windows Admin Shares Remote File Copy
Regsvr32 File System Permissions Weakness CONTRIBUTE A TEST Plist Modification Extra Window Memory Injection CONTRIBUTE A TEST Private Keys System Owner/User Discovery Windows Remote Management Standard Application Layer Protocol CONTRIBUTE A TEST
Rundll32 Hidden Files and Directories Port Monitors CONTRIBUTE A TEST File Deletion Replication Through Removable Media CONTRIBUTE A TEST System Service Discovery Standard Cryptographic Protocol CONTRIBUTE A TEST
Scheduled Task Hooking Process Injection File System Logical Offsets CONTRIBUTE A TEST Securityd Memory CONTRIBUTE A TEST System Time Discovery Standard Non-Application Layer Protocol CONTRIBUTE A TEST
Scripting CONTRIBUTE A TEST Hypervisor SID-History Injection CONTRIBUTE A TEST Gatekeeper Bypass Two-Factor Authentication Interception CONTRIBUTE A TEST Uncommonly Used Port
Service Execution CONTRIBUTE A TEST Image File Execution Options Injection Scheduled Task HISTCONTROL Web Service CONTRIBUTE A TEST
Signed Binary Proxy Execution CONTRIBUTE A TEST Kernel Modules and Extensions CONTRIBUTE A TEST Service Registry Permissions Weakness CONTRIBUTE A TEST Hidden Files and Directories
Signed Script Proxy Execution CONTRIBUTE A TEST LC_LOAD_DYLIB Addition CONTRIBUTE A TEST Setuid and Setgid Hidden Users
Source CONTRIBUTE A TEST LSASS Driver CONTRIBUTE A TEST Startup Items Hidden Window CONTRIBUTE A TEST
Space after Filename Launch Agent Sudo Image File Execution Options Injection
Third-party Software CONTRIBUTE A TEST Launch Daemon Sudo Caching CONTRIBUTE A TEST Indicator Blocking CONTRIBUTE A TEST
Trap Launchctl Valid Accounts CONTRIBUTE A TEST Indicator Removal from Tools CONTRIBUTE A TEST
Trusted Developer Utilities Local Job Scheduling Web Shell CONTRIBUTE A TEST Indicator Removal on Host
User Execution CONTRIBUTE A TEST Login Item CONTRIBUTE A TEST Indirect Command Execution
Windows Management Instrumentation Logon Scripts Install Root Certificate
Windows Remote Management Modify Existing Service CONTRIBUTE A TEST InstallUtil
Netsh Helper DLL LC_MAIN Hijacking CONTRIBUTE A TEST
New Service Launchctl
Office Application Startup Masquerading CONTRIBUTE A TEST
Path Interception CONTRIBUTE A TEST Modify Registry CONTRIBUTE A TEST
Plist Modification Mshta
Port Knocking CONTRIBUTE A TEST NTFS File Attributes
Port Monitors CONTRIBUTE A TEST Network Share Connection Removal
Rc.common Obfuscated Files or Information CONTRIBUTE A TEST
Re-opened Applications Plist Modification
Redundant Access CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST
Registry Run Keys / Start Folder Process Doppelgänging CONTRIBUTE A TEST
SIP and Trust Provider Hijacking CONTRIBUTE A TEST Process Hollowing CONTRIBUTE A TEST
Scheduled Task Process Injection
Screensaver CONTRIBUTE A TEST Redundant Access CONTRIBUTE A TEST
Security Support Provider CONTRIBUTE A TEST Regsvcs/Regasm
Service Registry Permissions Weakness CONTRIBUTE A TEST Regsvr32
Shortcut Modification CONTRIBUTE A TEST Rootkit
Startup Items Rundll32
System Firmware CONTRIBUTE A TEST SIP and Trust Provider Hijacking CONTRIBUTE A TEST
Time Providers CONTRIBUTE A TEST Scripting CONTRIBUTE A TEST
Trap Signed Binary Proxy Execution CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Signed Script Proxy Execution CONTRIBUTE A TEST
Web Shell CONTRIBUTE A TEST Software Packing CONTRIBUTE A TEST
Windows Management Instrumentation Event Subscription Space after Filename
Winlogon Helper DLL CONTRIBUTE A TEST Timestomp
Trusted Developer Utilities
Valid Accounts CONTRIBUTE A TEST
Web Service CONTRIBUTE A TEST