| initial-access | execution | persistence | privilege-escalation | defense-evasion | credential-access | discovery | lateral-movement | collection | exfiltration | command-and-control | impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Compromise Hardware Supply Chain CONTRIBUTE A TEST | AppleScript | .bash_profile and .bashrc | .bash_profile and .bashrc | Abuse Elevation Control Mechanism CONTRIBUTE A TEST | ARP Cache Poisoning CONTRIBUTE A TEST | Account Discovery CONTRIBUTE A TEST | Exploitation of Remote Services CONTRIBUTE A TEST | ARP Cache Poisoning CONTRIBUTE A TEST | Automated Exfiltration CONTRIBUTE A TEST | Application Layer Protocol CONTRIBUTE A TEST | Account Access Removal CONTRIBUTE A TEST |
| Compromise Software Dependencies and Development Tools CONTRIBUTE A TEST | Command and Scripting Interpreter CONTRIBUTE A TEST | Account Manipulation CONTRIBUTE A TEST | Abuse Elevation Control Mechanism CONTRIBUTE A TEST | Binary Padding | Bash History | Application Window Discovery CONTRIBUTE A TEST | Internal Spearphishing CONTRIBUTE A TEST | Archive Collected Data CONTRIBUTE A TEST | Data Transfer Size Limits | Asymmetric Cryptography CONTRIBUTE A TEST | Application Exhaustion Flood CONTRIBUTE A TEST |
| Compromise Software Supply Chain CONTRIBUTE A TEST | Cron | Boot or Logon Autostart Execution CONTRIBUTE A TEST | Boot or Logon Autostart Execution CONTRIBUTE A TEST | Clear Command History | Brute Force CONTRIBUTE A TEST | Browser Bookmark Discovery | Lateral Tool Transfer CONTRIBUTE A TEST | Archive via Custom Method CONTRIBUTE A TEST | Exfiltration Over Alternative Protocol | Bidirectional Communication CONTRIBUTE A TEST | Application or System Exploitation CONTRIBUTE A TEST |
| Default Accounts CONTRIBUTE A TEST | Exploitation for Client Execution CONTRIBUTE A TEST | Boot or Logon Initialization Scripts CONTRIBUTE A TEST | Boot or Logon Initialization Scripts CONTRIBUTE A TEST | Clear Linux or Mac System Logs | Credential Stuffing CONTRIBUTE A TEST | Domain Account CONTRIBUTE A TEST | Remote Service Session Hijacking CONTRIBUTE A TEST | Archive via Library CONTRIBUTE A TEST | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST | Commonly Used Port CONTRIBUTE A TEST | Data Destruction |
| Domain Accounts CONTRIBUTE A TEST | Graphical User Interface CONTRIBUTE A TEST | Browser Extensions | Create or Modify System Process CONTRIBUTE A TEST | Code Signing CONTRIBUTE A TEST | Credentials In Files | Domain Groups CONTRIBUTE A TEST | Remote Services CONTRIBUTE A TEST | Archive via Utility | Exfiltration Over Bluetooth CONTRIBUTE A TEST | Communication Through Removable Media CONTRIBUTE A TEST | Data Encrypted for Impact CONTRIBUTE A TEST |
| Drive-by Compromise CONTRIBUTE A TEST | JavaScript/JScript CONTRIBUTE A TEST | Compromise Client Software Binary CONTRIBUTE A TEST | Cron | Compile After Delivery CONTRIBUTE A TEST | Credentials from Password Stores CONTRIBUTE A TEST | File and Directory Discovery | SSH CONTRIBUTE A TEST | Audio Capture CONTRIBUTE A TEST | Exfiltration Over C2 Channel CONTRIBUTE A TEST | DNS CONTRIBUTE A TEST | Data Manipulation CONTRIBUTE A TEST |
| Exploit Public-Facing Application CONTRIBUTE A TEST | Launchctl | Create Account CONTRIBUTE A TEST | Default Accounts CONTRIBUTE A TEST | Default Accounts CONTRIBUTE A TEST | Credentials from Web Browsers | Local Account | SSH Hijacking CONTRIBUTE A TEST | Automated Collection CONTRIBUTE A TEST | Exfiltration Over Other Network Medium CONTRIBUTE A TEST | DNS Calculation CONTRIBUTE A TEST | Defacement CONTRIBUTE A TEST |
| Hardware Additions CONTRIBUTE A TEST | Launchd | Create or Modify System Process CONTRIBUTE A TEST | Domain Accounts CONTRIBUTE A TEST | Deobfuscate/Decode Files or Information CONTRIBUTE A TEST | Exploitation for Credential Access CONTRIBUTE A TEST | Local Groups | Software Deployment Tools CONTRIBUTE A TEST | Clipboard Data | Exfiltration Over Physical Medium CONTRIBUTE A TEST | Data Encoding CONTRIBUTE A TEST | Direct Network Flood CONTRIBUTE A TEST |
| Local Accounts CONTRIBUTE A TEST | Malicious File CONTRIBUTE A TEST | Cron | Dylib Hijacking CONTRIBUTE A TEST | Disable or Modify System Firewall CONTRIBUTE A TEST | GUI Input Capture | Network Service Scanning | VNC CONTRIBUTE A TEST | Data Staged CONTRIBUTE A TEST | Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST | Data Obfuscation CONTRIBUTE A TEST | Disk Content Wipe CONTRIBUTE A TEST |
| Phishing CONTRIBUTE A TEST | Malicious Link CONTRIBUTE A TEST | Default Accounts CONTRIBUTE A TEST | Elevated Execution with Prompt CONTRIBUTE A TEST | Disable or Modify Tools | Input Capture CONTRIBUTE A TEST | Network Share Discovery | Data from Information Repositories CONTRIBUTE A TEST | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | Dead Drop Resolver CONTRIBUTE A TEST | Disk Structure Wipe CONTRIBUTE A TEST | |
| Spearphishing Attachment CONTRIBUTE A TEST | Native API CONTRIBUTE A TEST | Domain Account CONTRIBUTE A TEST | Emond | Domain Accounts CONTRIBUTE A TEST | Keychain | Network Sniffing | Data from Local System CONTRIBUTE A TEST | Exfiltration Over Web Service CONTRIBUTE A TEST | Domain Fronting CONTRIBUTE A TEST | Disk Wipe CONTRIBUTE A TEST | |
| Spearphishing Link CONTRIBUTE A TEST | Python CONTRIBUTE A TEST | Domain Accounts CONTRIBUTE A TEST | Event Triggered Execution CONTRIBUTE A TEST | Dylib Hijacking CONTRIBUTE A TEST | Keylogging CONTRIBUTE A TEST | Password Policy Discovery | Data from Network Shared Drive CONTRIBUTE A TEST | Exfiltration over USB CONTRIBUTE A TEST | Domain Generation Algorithms CONTRIBUTE A TEST | Endpoint Denial of Service CONTRIBUTE A TEST | |
| Spearphishing via Service CONTRIBUTE A TEST | Scheduled Task/Job CONTRIBUTE A TEST | Dylib Hijacking CONTRIBUTE A TEST | Exploitation for Privilege Escalation CONTRIBUTE A TEST | Elevated Execution with Prompt CONTRIBUTE A TEST | Man-in-the-Middle CONTRIBUTE A TEST | Peripheral Device Discovery CONTRIBUTE A TEST | Data from Removable Media CONTRIBUTE A TEST | Exfiltration to Cloud Storage CONTRIBUTE A TEST | Dynamic Resolution CONTRIBUTE A TEST | External Defacement CONTRIBUTE A TEST | |
| Supply Chain Compromise CONTRIBUTE A TEST | Scripting CONTRIBUTE A TEST | Emond | Hijack Execution Flow CONTRIBUTE A TEST | Environmental Keying CONTRIBUTE A TEST | Modify Authentication Process CONTRIBUTE A TEST | Permission Groups Discovery CONTRIBUTE A TEST | GUI Input Capture | Exfiltration to Code Repository CONTRIBUTE A TEST | Encrypted Channel CONTRIBUTE A TEST | Firmware Corruption CONTRIBUTE A TEST | |
| Trusted Relationship CONTRIBUTE A TEST | Software Deployment Tools CONTRIBUTE A TEST | Event Triggered Execution CONTRIBUTE A TEST | Kernel Modules and Extensions CONTRIBUTE A TEST | Execution Guardrails CONTRIBUTE A TEST | Network Sniffing | Process Discovery | Input Capture CONTRIBUTE A TEST | Scheduled Transfer CONTRIBUTE A TEST | External Proxy CONTRIBUTE A TEST | Inhibit System Recovery CONTRIBUTE A TEST | |
| Valid Accounts CONTRIBUTE A TEST | Source CONTRIBUTE A TEST | Hijack Execution Flow CONTRIBUTE A TEST | LC_LOAD_DYLIB Addition CONTRIBUTE A TEST | Exploitation for Defense Evasion CONTRIBUTE A TEST | OS Credential Dumping CONTRIBUTE A TEST | Remote System Discovery | Keylogging CONTRIBUTE A TEST | Fallback Channels CONTRIBUTE A TEST | Internal Defacement CONTRIBUTE A TEST | ||
| System Services CONTRIBUTE A TEST | Kernel Modules and Extensions CONTRIBUTE A TEST | Launch Agent | File Deletion | Password Cracking CONTRIBUTE A TEST | Security Software Discovery | Local Data Staging | Fast Flux DNS CONTRIBUTE A TEST | Network Denial of Service CONTRIBUTE A TEST | |||
| Unix Shell | LC_LOAD_DYLIB Addition CONTRIBUTE A TEST | Launch Daemon | File and Directory Permissions Modification CONTRIBUTE A TEST | Password Guessing CONTRIBUTE A TEST | Software Discovery | Man-in-the-Middle CONTRIBUTE A TEST | File Transfer Protocols CONTRIBUTE A TEST | OS Exhaustion Flood CONTRIBUTE A TEST | |||
| User Execution CONTRIBUTE A TEST | Launch Agent | Launchd | Gatekeeper Bypass | Password Spraying CONTRIBUTE A TEST | System Checks | Remote Data Staging CONTRIBUTE A TEST | Ingress Tool Transfer | Reflection Amplification CONTRIBUTE A TEST | |||
| Visual Basic CONTRIBUTE A TEST | Launch Daemon | Local Accounts CONTRIBUTE A TEST | Hidden File System CONTRIBUTE A TEST | Pluggable Authentication Modules CONTRIBUTE A TEST | System Information Discovery | Screen Capture | Internal Proxy | Resource Hijacking | |||
| Launchd | Logon Script (Mac) | Hidden Files and Directories | Private Keys | System Network Configuration Discovery | Video Capture CONTRIBUTE A TEST | Junk Data CONTRIBUTE A TEST | Runtime Data Manipulation CONTRIBUTE A TEST | ||||
| Local Account | Plist Modification | Hidden Users | Securityd Memory CONTRIBUTE A TEST | System Network Connections Discovery | Web Portal Capture CONTRIBUTE A TEST | Mail Protocols CONTRIBUTE A TEST | Service Exhaustion Flood CONTRIBUTE A TEST | ||||
| Local Accounts CONTRIBUTE A TEST | Process Injection CONTRIBUTE A TEST | Hidden Window CONTRIBUTE A TEST | Steal Web Session Cookie CONTRIBUTE A TEST | System Owner/User Discovery | Multi-Stage Channels CONTRIBUTE A TEST | Service Stop CONTRIBUTE A TEST | |||||
| Logon Script (Mac) | Rc.common | Hide Artifacts CONTRIBUTE A TEST | Two-Factor Authentication Interception CONTRIBUTE A TEST | Time Based Evasion CONTRIBUTE A TEST | Multi-hop Proxy CONTRIBUTE A TEST | Stored Data Manipulation CONTRIBUTE A TEST | |||||
| Plist Modification | Re-opened Applications | Hijack Execution Flow CONTRIBUTE A TEST | Unsecured Credentials CONTRIBUTE A TEST | User Activity Based Checks CONTRIBUTE A TEST | Multiband Communication CONTRIBUTE A TEST | System Shutdown/Reboot | |||||
| Port Knocking CONTRIBUTE A TEST | Scheduled Task/Job CONTRIBUTE A TEST | Impair Command History Logging | Web Portal Capture CONTRIBUTE A TEST | Virtualization/Sandbox Evasion CONTRIBUTE A TEST | Non-Application Layer Protocol CONTRIBUTE A TEST | Transmitted Data Manipulation CONTRIBUTE A TEST | |||||
| Rc.common | Setuid and Setgid | Impair Defenses CONTRIBUTE A TEST | Non-Standard Encoding CONTRIBUTE A TEST | ||||||||
| Re-opened Applications | Startup Items | Indicator Blocking CONTRIBUTE A TEST | Non-Standard Port | ||||||||
| Redundant Access CONTRIBUTE A TEST | Sudo and Sudo Caching | Indicator Removal from Tools CONTRIBUTE A TEST | One-Way Communication CONTRIBUTE A TEST | ||||||||
| SSH Authorized Keys | Trap | Indicator Removal on Host CONTRIBUTE A TEST | Port Knocking CONTRIBUTE A TEST | ||||||||
| Scheduled Task/Job CONTRIBUTE A TEST | Valid Accounts CONTRIBUTE A TEST | Install Root Certificate | Protocol Impersonation CONTRIBUTE A TEST | ||||||||
| Server Software Component CONTRIBUTE A TEST | Invalid Code Signature CONTRIBUTE A TEST | Protocol Tunneling CONTRIBUTE A TEST | |||||||||
| Startup Items | LC_MAIN Hijacking CONTRIBUTE A TEST | Proxy CONTRIBUTE A TEST | |||||||||
| Traffic Signaling CONTRIBUTE A TEST | Linux and Mac File and Directory Permissions Modification | Remote Access Software CONTRIBUTE A TEST | |||||||||
| Trap | Local Accounts CONTRIBUTE A TEST | Standard Encoding | |||||||||
| Valid Accounts CONTRIBUTE A TEST | Masquerading CONTRIBUTE A TEST | Steganography CONTRIBUTE A TEST | |||||||||
| Web Shell CONTRIBUTE A TEST | Match Legitimate Name or Location CONTRIBUTE A TEST | Symmetric Cryptography CONTRIBUTE A TEST | |||||||||
| Modify Authentication Process CONTRIBUTE A TEST | Traffic Signaling CONTRIBUTE A TEST | ||||||||||
| Obfuscated Files or Information | Web Protocols | ||||||||||
| Pluggable Authentication Modules CONTRIBUTE A TEST | Web Service CONTRIBUTE A TEST | ||||||||||
| Port Knocking CONTRIBUTE A TEST | |||||||||||
| Process Injection CONTRIBUTE A TEST | |||||||||||
| Redundant Access CONTRIBUTE A TEST | |||||||||||
| Rename System Utilities CONTRIBUTE A TEST | |||||||||||
| Right-to-Left Override CONTRIBUTE A TEST | |||||||||||
| Rootkit CONTRIBUTE A TEST | |||||||||||
| Run Virtual Instance CONTRIBUTE A TEST | |||||||||||
| Scripting CONTRIBUTE A TEST | |||||||||||
| Setuid and Setgid | |||||||||||
| Software Packing | |||||||||||
| Space after Filename | |||||||||||
| Steganography CONTRIBUTE A TEST | |||||||||||
| Subvert Trust Controls CONTRIBUTE A TEST | |||||||||||
| Sudo and Sudo Caching | |||||||||||
| System Checks | |||||||||||
| Time Based Evasion CONTRIBUTE A TEST | |||||||||||
| Timestomp | |||||||||||
| Traffic Signaling CONTRIBUTE A TEST | |||||||||||
| User Activity Based Checks CONTRIBUTE A TEST | |||||||||||
| VBA Stomping CONTRIBUTE A TEST | |||||||||||
| Valid Accounts CONTRIBUTE A TEST | |||||||||||
| Virtualization/Sandbox Evasion CONTRIBUTE A TEST |
This repository has been archived by the owner on Jan 16, 2024. It is now read-only.