Mac Technique Matrix

From enterprise
Jump to: navigation, search
Persistence .bash_profile and .bashrcCron JobDylib HijackingHidden Files and DirectoriesLC_LOAD_DYLIB AdditionLaunch AgentLaunch DaemonLaunchctlLogin ItemLogon ScriptsPlist ModificationRc.commonRe-opened ApplicationsRedundant AccessStartup ItemsTrapValid AccountsWeb Shell
Privilege Escalation Dylib HijackingExploitation of VulnerabilityLaunch DaemonPlist ModificationSetuid and SetgidStartup ItemsSudoValid AccountsWeb Shell
Defense Evasion Binary PaddingClear Command HistoryCode SigningDisabling Security ToolsExploitation of VulnerabilityFile DeletionGatekeeper BypassHISTCONTROLHidden Files and DirectoriesHidden UsersHidden WindowIndicator Removal from ToolsIndicator Removal on HostLC_MAIN HijackingLaunchctlMasqueradingPlist ModificationRedundant AccessScriptingSpace after FilenameValid Accounts
Credential Access Bash HistoryBrute ForceCreate AccountCredentials in FilesExploitation of VulnerabilityInput CaptureInput PromptKeychainNetwork SniffingPrivate KeysSecurityd MemoryTwo-Factor Authentication Interception
Discovery Account DiscoveryApplication Window DiscoveryFile and Directory DiscoveryNetwork Share DiscoveryPermission Groups DiscoveryProcess DiscoveryRemote System DiscoverySecurity Software DiscoverySystem Information DiscoverySystem Network Configuration DiscoverySystem Network Connections DiscoverySystem Owner/User Discovery
Lateral Movement AppleScriptApplication Deployment SoftwareExploitation of VulnerabilityLogon ScriptsRemote File CopyRemote ServicesThird-party Software
Execution AppleScriptCommand-Line InterfaceGraphical User InterfaceLaunchctlScriptingSourceSpace after FilenameThird-party SoftwareTrap
Collection Automated CollectionClipboard DataData StagedData from Local SystemData from Network Shared DriveData from Removable MediaInput CaptureScreen Capture
Exfiltration Automated ExfiltrationData CompressedData EncryptedData Transfer Size LimitsExfiltration Over Alternative ProtocolExfiltration Over Command and Control ChannelExfiltration Over Other Network MediumExfiltration Over Physical MediumScheduled Transfer
Command and Control Commonly Used PortCommunication Through Removable MediaConnection ProxyCustom Command and Control ProtocolCustom Cryptographic ProtocolData EncodingData ObfuscationFallback ChannelsMulti-Stage ChannelsMultiband CommunicationMultilayer EncryptionRemote File CopyStandard Application Layer ProtocolStandard Cryptographic ProtocolStandard Non-Application Layer ProtocolUncommonly Used PortWeb Service