Technique Matrix

From ATT&CK
Jump to: navigation, search
Persistence Accessibility FeaturesAppInit DLLsBasic Input/Output SystemBootkitChange Default File AssociationComponent FirmwareComponent Object Model HijackingDLL Search Order HijackingFile System Permissions WeaknessHypervisorLegitimate CredentialsLocal Port MonitorLogon ScriptsModify Existing ServiceNew ServicePath InterceptionRedundant AccessRegistry Run Keys / Start FolderScheduled TaskSecurity Support ProviderService Registry Permissions WeaknessShortcut ModificationWeb ShellWindows Management Instrumentation Event SubscriptionWinlogon Helper DLL
Privilege Escalation Accessibility FeaturesAppInit DLLsBypass User Account ControlDLL InjectionDLL Search Order HijackingExploitation of VulnerabilityFile System Permissions WeaknessLegitimate CredentialsLocal Port MonitorNew ServicePath InterceptionScheduled TaskService Registry Permissions WeaknessWeb Shell
Defense Evasion Binary PaddingBypass User Account ControlCode SigningComponent FirmwareComponent Object Model HijackingDLL InjectionDLL Search Order HijackingDLL Side-LoadingDisabling Security ToolsExploitation of VulnerabilityFile DeletionFile System Logical OffsetsIndicator BlockingIndicator Removal from ToolsIndicator Removal on HostInstallUtilLegitimate CredentialsMSBuildMasqueradingModify RegistryNTFS Extended AttributesNetwork Share Connection RemovalObfuscated Files or InformationProcess HollowingRedundant AccessRegsvcs/RegasmRegsvr32RootkitRundll32ScriptingSoftware PackingTimestomp
Credential Access Brute ForceCredential DumpingCredential ManipulationCredentials in FilesExploitation of VulnerabilityInput CaptureNetwork SniffingTwo-Factor Authentication Interception
Discovery Account DiscoveryApplication Window DiscoveryFile and Directory DiscoveryLocal Network Configuration DiscoveryLocal Network Connections DiscoveryNetwork Service ScanningPeripheral Device DiscoveryPermission Groups DiscoveryProcess DiscoveryQuery RegistryRemote System DiscoverySecurity Software DiscoverySystem Information DiscoverySystem Owner/User DiscoverySystem Service DiscoverySystem Time Discovery
Lateral Movement Application Deployment SoftwareExploitation of VulnerabilityLogon ScriptsPass the HashPass the TicketRemote Desktop ProtocolRemote File CopyRemote ServicesReplication Through Removable MediaShared WebrootTaint Shared ContentThird-party SoftwareWindows Admin SharesWindows Remote Management
Execution Command-Line InterfaceExecution through APIGraphical User InterfaceInstallUtilMSBuildPowerShellProcess HollowingRegsvcs/RegasmRegsvr32Rundll32Scheduled TaskScriptingService ExecutionThird-party SoftwareWindows Management InstrumentationWindows Remote Management
Collection Audio CaptureAutomated CollectionClipboard DataData StagedData from Local SystemData from Network Shared DriveData from Removable MediaEmail CollectionInput CaptureScreen CaptureVideo Capture
Exfiltration Automated ExfiltrationData CompressedData EncryptedData Transfer Size LimitsExfiltration Over Alternative ProtocolExfiltration Over Command and Control ChannelExfiltration Over Other Network MediumExfiltration Over Physical MediumScheduled Transfer
Command and Control Commonly Used PortCommunication Through Removable MediaConnection ProxyCustom Command and Control ProtocolCustom Cryptographic ProtocolData ObfuscationFallback ChannelsMulti-Stage ChannelsMultiband CommunicationMultilayer EncryptionRemote File CopyStandard Application Layer ProtocolStandard Cryptographic ProtocolStandard Non-Application Layer ProtocolUncommonly Used PortWeb Service