Cloud Accounts CONTRIBUTE A TEST |
At (Linux) |
.bash_profile and .bashrc |
.bash_profile and .bashrc |
Abuse Elevation Control Mechanism CONTRIBUTE A TEST |
/etc/passwd and /etc/shadow |
Account Discovery CONTRIBUTE A TEST |
Application Access Token CONTRIBUTE A TEST |
ARP Cache Poisoning CONTRIBUTE A TEST |
Automated Exfiltration CONTRIBUTE A TEST |
Application Layer Protocol CONTRIBUTE A TEST |
Account Access Removal CONTRIBUTE A TEST |
Compromise Hardware Supply Chain CONTRIBUTE A TEST |
Command and Scripting Interpreter CONTRIBUTE A TEST |
Account Manipulation CONTRIBUTE A TEST |
Abuse Elevation Control Mechanism CONTRIBUTE A TEST |
Application Access Token CONTRIBUTE A TEST |
ARP Cache Poisoning CONTRIBUTE A TEST |
Browser Bookmark Discovery |
Exploitation of Remote Services CONTRIBUTE A TEST |
Archive Collected Data CONTRIBUTE A TEST |
Data Transfer Size Limits |
Asymmetric Cryptography CONTRIBUTE A TEST |
Application Exhaustion Flood CONTRIBUTE A TEST |
Compromise Software Dependencies and Development Tools CONTRIBUTE A TEST |
Cron |
Add Office 365 Global Administrator Role CONTRIBUTE A TEST |
At (Linux) |
Binary Padding |
Bash History |
Cloud Account CONTRIBUTE A TEST |
Internal Spearphishing CONTRIBUTE A TEST |
Archive via Custom Method CONTRIBUTE A TEST |
Exfiltration Over Alternative Protocol |
Bidirectional Communication CONTRIBUTE A TEST |
Application or System Exploitation CONTRIBUTE A TEST |
Compromise Software Supply Chain CONTRIBUTE A TEST |
Exploitation for Client Execution CONTRIBUTE A TEST |
Add-ins CONTRIBUTE A TEST |
Boot or Logon Autostart Execution CONTRIBUTE A TEST |
Bootkit CONTRIBUTE A TEST |
Brute Force CONTRIBUTE A TEST |
Cloud Groups CONTRIBUTE A TEST |
Lateral Tool Transfer CONTRIBUTE A TEST |
Archive via Library CONTRIBUTE A TEST |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST |
Commonly Used Port CONTRIBUTE A TEST |
Data Destruction |
Default Accounts CONTRIBUTE A TEST |
Graphical User Interface CONTRIBUTE A TEST |
Additional Cloud Credentials CONTRIBUTE A TEST |
Boot or Logon Initialization Scripts CONTRIBUTE A TEST |
Clear Command History |
Cloud Instance Metadata API CONTRIBUTE A TEST |
Cloud Infrastructure Discovery CONTRIBUTE A TEST |
Remote Service Session Hijacking CONTRIBUTE A TEST |
Archive via Utility |
Exfiltration Over Bluetooth CONTRIBUTE A TEST |
Communication Through Removable Media CONTRIBUTE A TEST |
Data Encrypted for Impact CONTRIBUTE A TEST |
Domain Accounts CONTRIBUTE A TEST |
JavaScript/JScript CONTRIBUTE A TEST |
At (Linux) |
Cloud Accounts CONTRIBUTE A TEST |
Clear Linux or Mac System Logs |
Credential Stuffing CONTRIBUTE A TEST |
Cloud Service Dashboard CONTRIBUTE A TEST |
Remote Services CONTRIBUTE A TEST |
Audio Capture CONTRIBUTE A TEST |
Exfiltration Over C2 Channel CONTRIBUTE A TEST |
DNS CONTRIBUTE A TEST |
Data Manipulation CONTRIBUTE A TEST |
Drive-by Compromise CONTRIBUTE A TEST |
Malicious File CONTRIBUTE A TEST |
Boot or Logon Autostart Execution CONTRIBUTE A TEST |
Create or Modify System Process CONTRIBUTE A TEST |
Cloud Accounts CONTRIBUTE A TEST |
Credentials In Files |
Cloud Service Discovery CONTRIBUTE A TEST |
SSH CONTRIBUTE A TEST |
Automated Collection CONTRIBUTE A TEST |
Exfiltration Over Other Network Medium CONTRIBUTE A TEST |
DNS Calculation CONTRIBUTE A TEST |
Defacement CONTRIBUTE A TEST |
Exploit Public-Facing Application CONTRIBUTE A TEST |
Malicious Link CONTRIBUTE A TEST |
Boot or Logon Initialization Scripts CONTRIBUTE A TEST |
Cron |
Compile After Delivery CONTRIBUTE A TEST |
Credentials from Password Stores CONTRIBUTE A TEST |
Domain Account CONTRIBUTE A TEST |
SSH Hijacking CONTRIBUTE A TEST |
Clipboard Data CONTRIBUTE A TEST |
Exfiltration Over Physical Medium CONTRIBUTE A TEST |
Data Encoding CONTRIBUTE A TEST |
Direct Network Flood CONTRIBUTE A TEST |
External Remote Services CONTRIBUTE A TEST |
Native API CONTRIBUTE A TEST |
Bootkit CONTRIBUTE A TEST |
Default Accounts CONTRIBUTE A TEST |
Create Cloud Instance CONTRIBUTE A TEST |
Credentials from Web Browsers CONTRIBUTE A TEST |
Domain Groups CONTRIBUTE A TEST |
Software Deployment Tools CONTRIBUTE A TEST |
Confluence CONTRIBUTE A TEST |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST |
Data Obfuscation CONTRIBUTE A TEST |
Disk Content Wipe CONTRIBUTE A TEST |
Hardware Additions CONTRIBUTE A TEST |
Network Device CLI CONTRIBUTE A TEST |
Browser Extensions |
Domain Accounts CONTRIBUTE A TEST |
Create Snapshot CONTRIBUTE A TEST |
Exploitation for Credential Access CONTRIBUTE A TEST |
Email Account CONTRIBUTE A TEST |
Use Alternate Authentication Material CONTRIBUTE A TEST |
Data Staged CONTRIBUTE A TEST |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
Dead Drop Resolver CONTRIBUTE A TEST |
Disk Structure Wipe CONTRIBUTE A TEST |
Local Accounts CONTRIBUTE A TEST |
Python CONTRIBUTE A TEST |
Cloud Account CONTRIBUTE A TEST |
Event Triggered Execution CONTRIBUTE A TEST |
Default Accounts CONTRIBUTE A TEST |
Input Capture CONTRIBUTE A TEST |
File and Directory Discovery |
VNC CONTRIBUTE A TEST |
Data from Cloud Storage Object CONTRIBUTE A TEST |
Exfiltration Over Web Service CONTRIBUTE A TEST |
Domain Fronting CONTRIBUTE A TEST |
Disk Wipe CONTRIBUTE A TEST |
Phishing CONTRIBUTE A TEST |
Scheduled Task/Job CONTRIBUTE A TEST |
Cloud Accounts CONTRIBUTE A TEST |
Exploitation for Privilege Escalation CONTRIBUTE A TEST |
Delete Cloud Instance CONTRIBUTE A TEST |
Keylogging CONTRIBUTE A TEST |
Local Account |
Web Session Cookie CONTRIBUTE A TEST |
Data from Configuration Repository CONTRIBUTE A TEST |
Exfiltration over USB CONTRIBUTE A TEST |
Domain Generation Algorithms CONTRIBUTE A TEST |
Endpoint Denial of Service CONTRIBUTE A TEST |
Spearphishing Attachment CONTRIBUTE A TEST |
Scripting CONTRIBUTE A TEST |
Compromise Client Software Binary CONTRIBUTE A TEST |
Hijack Execution Flow CONTRIBUTE A TEST |
Deobfuscate/Decode Files or Information CONTRIBUTE A TEST |
Man-in-the-Middle CONTRIBUTE A TEST |
Local Groups |
|
Data from Information Repositories CONTRIBUTE A TEST |
Exfiltration to Cloud Storage CONTRIBUTE A TEST |
Dynamic Resolution CONTRIBUTE A TEST |
External Defacement CONTRIBUTE A TEST |
Spearphishing Link CONTRIBUTE A TEST |
Software Deployment Tools CONTRIBUTE A TEST |
Create Account CONTRIBUTE A TEST |
Kernel Modules and Extensions |
Disable Cloud Logs CONTRIBUTE A TEST |
Modify Authentication Process CONTRIBUTE A TEST |
Network Service Scanning |
|
Data from Local System CONTRIBUTE A TEST |
Exfiltration to Code Repository CONTRIBUTE A TEST |
Encrypted Channel CONTRIBUTE A TEST |
Firmware Corruption CONTRIBUTE A TEST |
Spearphishing via Service CONTRIBUTE A TEST |
Source CONTRIBUTE A TEST |
Create or Modify System Process CONTRIBUTE A TEST |
LD_PRELOAD |
Disable Crypto Hardware CONTRIBUTE A TEST |
Network Device Authentication CONTRIBUTE A TEST |
Network Share Discovery |
|
Data from Network Shared Drive CONTRIBUTE A TEST |
Scheduled Transfer CONTRIBUTE A TEST |
External Proxy CONTRIBUTE A TEST |
Inhibit System Recovery CONTRIBUTE A TEST |
Supply Chain Compromise CONTRIBUTE A TEST |
Systemd Timers CONTRIBUTE A TEST |
Cron |
Local Accounts CONTRIBUTE A TEST |
Disable or Modify Cloud Firewall CONTRIBUTE A TEST |
Network Sniffing |
Network Sniffing |
|
Data from Removable Media CONTRIBUTE A TEST |
Traffic Duplication CONTRIBUTE A TEST |
Fallback Channels CONTRIBUTE A TEST |
Internal Defacement CONTRIBUTE A TEST |
Trusted Relationship CONTRIBUTE A TEST |
Unix Shell |
Default Accounts CONTRIBUTE A TEST |
Proc Memory CONTRIBUTE A TEST |
Disable or Modify System Firewall |
OS Credential Dumping CONTRIBUTE A TEST |
Password Policy Discovery |
|
Email Collection CONTRIBUTE A TEST |
Transfer Data to Cloud Account CONTRIBUTE A TEST |
Fast Flux DNS CONTRIBUTE A TEST |
Network Denial of Service CONTRIBUTE A TEST |
Valid Accounts CONTRIBUTE A TEST |
User Execution CONTRIBUTE A TEST |
Domain Account CONTRIBUTE A TEST |
Process Injection CONTRIBUTE A TEST |
Disable or Modify Tools |
Password Cracking CONTRIBUTE A TEST |
Permission Groups Discovery CONTRIBUTE A TEST |
|
Email Forwarding Rule CONTRIBUTE A TEST |
|
File Transfer Protocols CONTRIBUTE A TEST |
OS Exhaustion Flood CONTRIBUTE A TEST |
|
Visual Basic CONTRIBUTE A TEST |
Domain Accounts CONTRIBUTE A TEST |
Ptrace System Calls CONTRIBUTE A TEST |
Domain Accounts CONTRIBUTE A TEST |
Password Guessing CONTRIBUTE A TEST |
Process Discovery |
|
Input Capture CONTRIBUTE A TEST |
|
Ingress Tool Transfer |
Reflection Amplification CONTRIBUTE A TEST |
|
|
Event Triggered Execution CONTRIBUTE A TEST |
Scheduled Task/Job CONTRIBUTE A TEST |
Downgrade System Image CONTRIBUTE A TEST |
Password Spraying CONTRIBUTE A TEST |
Remote System Discovery |
|
Keylogging CONTRIBUTE A TEST |
|
Internal Proxy |
Resource Hijacking |
|
|
Exchange Email Delegate Permissions CONTRIBUTE A TEST |
Setuid and Setgid |
Environmental Keying CONTRIBUTE A TEST |
Pluggable Authentication Modules CONTRIBUTE A TEST |
Security Software Discovery |
|
Local Data Staging |
|
Junk Data CONTRIBUTE A TEST |
Runtime Data Manipulation CONTRIBUTE A TEST |
|
|
External Remote Services CONTRIBUTE A TEST |
Sudo and Sudo Caching |
Execution Guardrails CONTRIBUTE A TEST |
Private Keys |
Software Discovery CONTRIBUTE A TEST |
|
Man-in-the-Middle CONTRIBUTE A TEST |
|
Mail Protocols CONTRIBUTE A TEST |
Service Exhaustion Flood CONTRIBUTE A TEST |
|
|
Hijack Execution Flow CONTRIBUTE A TEST |
Systemd Service |
Exploitation for Defense Evasion CONTRIBUTE A TEST |
Proc Filesystem CONTRIBUTE A TEST |
System Checks |
|
Network Device Configuration Dump CONTRIBUTE A TEST |
|
Multi-Stage Channels CONTRIBUTE A TEST |
Service Stop CONTRIBUTE A TEST |
|
|
Implant Container Image CONTRIBUTE A TEST |
Systemd Timers CONTRIBUTE A TEST |
File Deletion |
Securityd Memory CONTRIBUTE A TEST |
System Information Discovery |
|
Remote Data Staging CONTRIBUTE A TEST |
|
Multi-hop Proxy CONTRIBUTE A TEST |
Stored Data Manipulation CONTRIBUTE A TEST |
|
|
Kernel Modules and Extensions |
Trap |
File and Directory Permissions Modification CONTRIBUTE A TEST |
Steal Application Access Token CONTRIBUTE A TEST |
System Network Configuration Discovery |
|
Remote Email Collection CONTRIBUTE A TEST |
|
Multiband Communication CONTRIBUTE A TEST |
System Shutdown/Reboot |
|
|
LD_PRELOAD |
VDSO Hijacking CONTRIBUTE A TEST |
Hidden File System CONTRIBUTE A TEST |
Steal Web Session Cookie CONTRIBUTE A TEST |
System Network Connections Discovery |
|
SNMP (MIB Dump) CONTRIBUTE A TEST |
|
Non-Application Layer Protocol CONTRIBUTE A TEST |
Transmitted Data Manipulation CONTRIBUTE A TEST |
|
|
Local Account |
Valid Accounts CONTRIBUTE A TEST |
Hidden Files and Directories |
Two-Factor Authentication Interception CONTRIBUTE A TEST |
System Owner/User Discovery |
|
Screen Capture |
|
Non-Standard Encoding CONTRIBUTE A TEST |
|
|
|
Local Accounts CONTRIBUTE A TEST |
|
Hide Artifacts CONTRIBUTE A TEST |
Unsecured Credentials CONTRIBUTE A TEST |
Time Based Evasion CONTRIBUTE A TEST |
|
Sharepoint CONTRIBUTE A TEST |
|
Non-Standard Port |
|
|
|
Office Application Startup CONTRIBUTE A TEST |
|
Hijack Execution Flow CONTRIBUTE A TEST |
Web Portal Capture CONTRIBUTE A TEST |
User Activity Based Checks CONTRIBUTE A TEST |
|
Web Portal Capture CONTRIBUTE A TEST |
|
One-Way Communication CONTRIBUTE A TEST |
|
|
|
Office Template Macros CONTRIBUTE A TEST |
|
Impair Command History Logging |
|
Virtualization/Sandbox Evasion CONTRIBUTE A TEST |
|
|
|
Port Knocking CONTRIBUTE A TEST |
|
|
|
Office Test CONTRIBUTE A TEST |
|
Impair Defenses CONTRIBUTE A TEST |
|
|
|
|
|
Protocol Impersonation CONTRIBUTE A TEST |
|
|
|
Outlook Forms CONTRIBUTE A TEST |
|
Indicator Blocking |
|
|
|
|
|
Protocol Tunneling CONTRIBUTE A TEST |
|
|
|
Outlook Home Page CONTRIBUTE A TEST |
|
Indicator Removal from Tools CONTRIBUTE A TEST |
|
|
|
|
|
Proxy CONTRIBUTE A TEST |
|
|
|
Outlook Rules CONTRIBUTE A TEST |
|
Indicator Removal on Host CONTRIBUTE A TEST |
|
|
|
|
|
Remote Access Software CONTRIBUTE A TEST |
|
|
|
Port Knocking CONTRIBUTE A TEST |
|
Install Root Certificate |
|
|
|
|
|
Standard Encoding |
|
|
|
Pre-OS Boot CONTRIBUTE A TEST |
|
LD_PRELOAD |
|
|
|
|
|
Steganography CONTRIBUTE A TEST |
|
|
|
ROMMONkit CONTRIBUTE A TEST |
|
Linux and Mac File and Directory Permissions Modification |
|
|
|
|
|
Symmetric Cryptography CONTRIBUTE A TEST |
|
|
|
Redundant Access CONTRIBUTE A TEST |
|
Local Accounts CONTRIBUTE A TEST |
|
|
|
|
|
Traffic Signaling CONTRIBUTE A TEST |
|
|
|
SQL Stored Procedures CONTRIBUTE A TEST |
|
Masquerade Task or Service CONTRIBUTE A TEST |
|
|
|
|
|
Web Protocols |
|
|
|
SSH Authorized Keys |
|
Masquerading CONTRIBUTE A TEST |
|
|
|
|
|
Web Service CONTRIBUTE A TEST |
|
|
|
Scheduled Task/Job CONTRIBUTE A TEST |
|
Match Legitimate Name or Location CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Server Software Component CONTRIBUTE A TEST |
|
Modify Authentication Process CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Systemd Service |
|
Modify Cloud Compute Infrastructure CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Systemd Timers CONTRIBUTE A TEST |
|
Modify System Image CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
TFTP Boot CONTRIBUTE A TEST |
|
Network Address Translation Traversal CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Traffic Signaling CONTRIBUTE A TEST |
|
Network Boundary Bridging CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Transport Agent CONTRIBUTE A TEST |
|
Network Device Authentication CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Trap |
|
Obfuscated Files or Information |
|
|
|
|
|
|
|
|
|
Valid Accounts CONTRIBUTE A TEST |
|
Patch System Image CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Web Shell CONTRIBUTE A TEST |
|
Pluggable Authentication Modules CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Port Knocking CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Pre-OS Boot CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Proc Memory CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Process Injection CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Ptrace System Calls CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
ROMMONkit CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Reduce Key Space CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Redundant Access CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Rename System Utilities |
|
|
|
|
|
|
|
|
|
|
|
Revert Cloud Instance CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Right-to-Left Override CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Rootkit |
|
|
|
|
|
|
|
|
|
|
|
Run Virtual Instance CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Scripting CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Setuid and Setgid |
|
|
|
|
|
|
|
|
|
|
|
Space after Filename CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Steganography CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Subvert Trust Controls CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Sudo and Sudo Caching |
|
|
|
|
|
|
|
|
|
|
|
System Checks |
|
|
|
|
|
|
|
|
|
|
|
TFTP Boot CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Time Based Evasion CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Timestomp |
|
|
|
|
|
|
|
|
|
|
|
Traffic Signaling CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Unused/Unsupported Cloud Regions CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Use Alternate Authentication Material CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
User Activity Based Checks CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
VBA Stomping CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
VDSO Hijacking CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Valid Accounts CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Virtualization/Sandbox Evasion CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Weaken Encryption CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Web Session Cookie CONTRIBUTE A TEST |
|
|
|
|
|
|
|