MITRE ATT&CK Enterprise Framework
Inial Access
Execuon
Persistence
Privilege Escalaon
Defense Evasion
Drive-by Compromise
AppleScript
.bash_profile and .bashrc
Access Token Manipulaon Access Token Manipulaon
Exploit Public-Facing Applicaon
CMSTP
Accessibility Features
Accessibility Features
Binary Padding
External Remote Services
Command-Line Interface
Account Manipulaon
AppCert DLLs
BITS Jobs
Hardware Addions
Compiled HTML File
AppCert DLLs
AppInit DLLs
Bypass User Account Control
Replicaon Through Removable Media Spearphishing Aachment Spearphishing Link Spearphishing via Service Supply Chain Compromise Trusted Relaonship
Valid Accounts
Component Object Model and Distributed COM
Control Panel Items Dynamic Data Exchange Execuon through API
Execuon through Module Load Exploitaon for
Client Execuon Graphical User Interface
InstallUl Launchctl Local Job Scheduling LSASS Driver
Mshta PowerShell Regsvcs/Regasm Regsvr32 Rundll32 Scheduled Task Scripng Service Execuon Signed Binary Proxy Execuon Signed Script Proxy Execuon
Source Space aer Filename Third-party Soware
Trap Trusted Developer Ulies
User Execuon Windows Management
Instrumentaon Windows Remote
Management XSL Script Processing
AppInit DLLs
Applicaon Shimming
Applicaon Shimming
Bypass User Account Control
Authencaon Package
DLL Search Order Hijacking
BITS Jobs
Dylib Hijacking
Bootkit
Elevated Execuon with Prompt
Browser Extensions
Emond
Change Default File Associaon Component Firmware
Component Object Model Hijacking
Create Account DLL Search Order Hijacking
Dylib Hijacking Emond
Exploitaon for Privilege Escalaon
Extra Window Memory Injecon
File System Permissions Weakness
Hooking
Image File Execuon Opons Injecon
External Remote Services
Launch Daemon
File System Permissions Weakness
Hidden Files and Directories Hooking
Hypervisor Image File Execuon Opons
Injecon Kernel Modules and Extensions
Launch Agent Launch Daemon
Launchctl LC_LOAD_DYLIB Addion
Local Job Scheduling Login Item
Logon Scripts LSASS Driver Modify Exisng Service Netsh Helper DLL
New Service Parent PID Spoofing
Path Intercepon Plist Modificaon
Port Monitors PowerShell Profile Process Injecon
Scheduled Task Service Registry Permissions
Weakness Setuid and Setgid SID-History Injecon
Startup Items Sudo
Sudo Caching Valid Accounts
Web Shell
New Service
Office Applicaon Startup
Path Intercepon
Plist Modificaon
Port Knocking
Port Monitors
PowerShell Profile
mon
Re-opened Applicaons
Clear Command History CMSTP
Code Signing Compile Aer Delivery
Compiled HTML File Component Firmware
Component Object Model Hijacking Connecon Proxy
Control Panel Items
DCShadow Deobfuscate/Decode Files
or Informaon Disabling Security Tools
DLL Search Order Hijacking
DLL Side-Loading
Execuon Guardrails Exploitaon for Defense Evasion Extra Window
Memory Injecon File and Directory Permissions Modificaon
File Deleon File System Logical Offsets
Gatekeeper Bypass Group Policy Modificaon Hidden Files and Directories
Hidden Users Hidden Window HISTCONTROL Image File Execuon Opons
Injecon Indicator Blocking Indicator Removal from Tools Indicator Removal on Host Indirect Command Execuon Install Root Cerficate
InstallUl Launchctl LC_MAIN Hijacking Masquerading Modify Registry
Redundant Access
Registry Run Keys / Startup Folder
Scheduled Task
Mshta
Network Share Connecon Removal
NTFS File Aributes
Screensaver
Obfuscated Files or Informaon
Security Support Provider
Server Soware Component
Service Registry Permissions Weakness
Setuid and Setgid
Shortcut Modificaon
SIP and Trust Provider Hijacking
Parent PID Spoofing Plist Modificaon
Port Knocking Process Doppelg?nging
Process Hollowing Process Injecon Redundant Access Regsvcs/Regasm
Startup Items
Regsvr32
System Firmware
Rootkit
Systemd Service
Rundll32
Time Providers
Scripng
Trap
Signed Binary Proxy Execuon
Valid Accounts
Signed Script Proxy Execuon
Web Shell
Windows Management Instrumentaon Event
Subscripon
Winlogon Helper DLL
SIP and Trust Provider Hijacking Soware Packing
Space aer Filename Template Injecon
Timestomp
Trusted Developer Ulies
Valid Accounts
Virtualizaon/Sandbox Evasion
Web Service
SOLVING PROBLEMS FOR A SAFER WORLD
XSL Script Processing
Credenal Access
Account Manipulaon Bash History Brute Force
Credenal Dumping Credenals from Web Browsers Credenals in Files
Credenals in Registry Exploitaon for Credenal Access
Forced Authencaon Hooking
Input Capture Input Prompt Kerberoasng
Keychain LLMNR/NBT-NS Poisoning and Relay Network Sniffing Password Filter DLL
Private Keys Securityd Memory Steal Web Session Cookie Two-Factor Authencaon
Intercepon
Discovery
Account Discovery Applicaon Window
Discovery Browser Bookmark
Discovery Domain Trust Discovery
File and Directory Discovery
Network Service Scanning
Network Share Discovery
Network Sniffing Password Policy
Discovery Peripheral Device
Discovery Permission Groups
Discovery Process Discovery
Query Registry Remote System
Discovery Security Soware
Discovery Soware Discovery System Informaon
Discovery System Network Configuraon Discovery System Network Connecons Discovery System Owner/User Discovery
System Service Discovery
System Time Discovery Virtualizaon/Sandbox
Evasion
Lateral Movement
AppleScript Applicaon Deployment Soware Component Object Model and Distributed COM Exploitaon of Remote
Services Internal Spearphishing
Logon Scripts Pass the Hash Pass the Ticket Remote Desktop Protocol Remote File Copy Remote Services Replicaon Through Removable Media Shared Webroot SSH Hijacking Taint Shared Content Third-party Soware Windows Admin Shares Windows Remote Management
Collecon
Audio Capture Automated Collecon
Clipboard Data Data from Informaon
Repositories Data from Local System
Data from Network Shared Drive Data from
Removable Media Data Staged
Email Collecon Input Capture Man in the Browser Screen Capture Video Capture
Command and Control
Commonly Used Port Communicaon Through
Removable Media Connecon Proxy Custom Command and Control Protocol Custom Cryptographic
Protocol Data Encoding Data Obfuscaon Domain Fronng Domain Generaon
Algorithms Fallback Channels Mul-hop Proxy Mul-Stage Channels Mulband Communicaon Mullayer Encrypon
Port Knocking Remote Access Tools
Remote File Copy Standard Applicaon
Layer Protocol Standard Cryptographic Protocol
Standard Non-Applicaon Layer Protocol
Uncommonly Used Port Web Service
Exfiltraon
Automated Exfiltraon
Data Compressed
Data Encrypted
Data Transfer Size Limits Exfiltraon Over
Alternave Protocol Exfiltraon Over Command
and Control Channel Exfiltraon Over
Other Network Medium Exfiltraon Over Physical Medium
Scheduled Transfer
Impact
Account Access Removal Data Destrucon
Data Encrypted for Impact Defacement
Disk Content Wipe Disk Structure Wipe Endpoint Denial of Service Firmware Corrupon Inhibit System Recovery Network Denial of Service Resource Hijacking Runme Data Manipulaon
Service Stop System Shutdown/Reboot Stored Data Manipulaon
Transmied Data Manipulaon
MITRE ATT&CK? Enterprise Framework
attack.
? 2020 MITRE Matrix current as of February 2020
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- how to trust and enable s mime certificates in office 365
- passwordstate automatic backups click studios
- quick start guide manageengine
- running oracle database and applications in docker
- mitre att ck enterprise framework
- vmware workspace one uem troubleshooting and logging
- explanation venango technology center
- microsoft teams rooms managed services monitoring
- tpm firmware version 1 2 to version 2 0 upgrade
Related searches
- framework for customer relationship management
- monitoring and evaluation framework pdf
- theoretical framework social work
- monitoring and evaluation framework example
- 5 component framework information systems
- people process technology framework wikipedia
- evaluation framework template
- framework for monitoring and evaluation
- enterprise risk management framework coso
- enterprise risk management framework template
- enterprise risk management framework examples
- enterprise risk management framework models