Mac Technique Matrix

From enterprise
Jump to: navigation, search
Initial Access Drive-by CompromiseExploit Public-Facing ApplicationHardware AdditionsSpearphishing AttachmentSpearphishing LinkSpearphishing via ServiceSupply Chain CompromiseTrusted RelationshipValid Accounts
Execution AppleScriptCommand-Line InterfaceExploitation for Client ExecutionGraphical User InterfaceLaunchctlLocal Job SchedulingScriptingSourceSpace after FilenameThird-party SoftwareTrapUser Execution
Persistence .bash_profile and .bashrcBrowser ExtensionsCreate AccountDylib HijackingHidden Files and DirectoriesKernel Modules and ExtensionsLC_LOAD_DYLIB AdditionLaunch AgentLaunch DaemonLaunchctlLocal Job SchedulingLogin ItemLogon ScriptsPlist ModificationPort KnockingRc.commonRe-opened ApplicationsRedundant AccessStartup ItemsTrapValid AccountsWeb Shell
Privilege Escalation Dylib HijackingExploitation for Privilege EscalationLaunch DaemonPlist ModificationProcess InjectionSetuid and SetgidStartup ItemsSudoSudo CachingValid AccountsWeb Shell
Defense Evasion Binary PaddingClear Command HistoryCode SigningDisabling Security ToolsExploitation for Defense EvasionFile DeletionGatekeeper BypassHISTCONTROLHidden Files and DirectoriesHidden UsersHidden WindowIndicator Removal from ToolsIndicator Removal on HostInstall Root CertificateLC_MAIN HijackingLaunchctlMasqueradingObfuscated Files or InformationPlist ModificationPort KnockingProcess InjectionRedundant AccessRootkitScriptingSpace after FilenameValid AccountsWeb Service
Credential Access Bash HistoryBrute ForceCredentials in FilesExploitation for Credential AccessInput CaptureInput PromptKeychainNetwork SniffingPrivate KeysSecurityd MemoryTwo-Factor Authentication Interception
Discovery Account DiscoveryApplication Window DiscoveryBrowser Bookmark DiscoveryFile and Directory DiscoveryNetwork Service ScanningNetwork Share DiscoveryPassword Policy DiscoveryPermission Groups DiscoveryProcess DiscoveryRemote System DiscoverySecurity Software DiscoverySystem Information DiscoverySystem Network Configuration DiscoverySystem Network Connections DiscoverySystem Owner/User Discovery
Lateral Movement AppleScriptApplication Deployment SoftwareExploitation of Remote ServicesLogon ScriptsRemote File CopyRemote ServicesSSH HijackingThird-party Software
Collection Audio CaptureAutomated CollectionClipboard DataData StagedData from Information RepositoriesData from Local SystemData from Network Shared DriveData from Removable MediaInput CaptureScreen CaptureVideo Capture
Exfiltration Automated ExfiltrationData CompressedData EncryptedData Transfer Size LimitsExfiltration Over Alternative ProtocolExfiltration Over Command and Control ChannelExfiltration Over Other Network MediumExfiltration Over Physical MediumScheduled Transfer
Command and Control Commonly Used PortCommunication Through Removable MediaConnection ProxyCustom Command and Control ProtocolCustom Cryptographic ProtocolData EncodingData ObfuscationDomain FrontingFallback ChannelsMulti-Stage ChannelsMulti-hop ProxyMultiband CommunicationMultilayer EncryptionPort KnockingRemote Access ToolsRemote File CopyStandard Application Layer ProtocolStandard Cryptographic ProtocolStandard Non-Application Layer ProtocolUncommonly Used PortWeb Service