Scribd
Upload
177 views1 page

Mitre Att&Ck Enterprise Framework: Solving Problems For A Safer World

The document lists various techniques across different phases of cyber attacks including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration and impact. Specific techniques mentioned include drive-by compromise, AppleScript, modifying bash profiles, token manipulation, binary padding, accessing application windows and clipboard data.

Uploaded by

Seguridad Informatica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
177 views1 page

Mitre Att&Ck Enterprise Framework: Solving Problems For A Safer World

The document lists various techniques across different phases of cyber attacks including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration and impact. Specific techniques mentioned include drive-by compromise, AppleScript, modifying bash profiles, token manipulation, binary padding, accessing application windows and clipboard data.

Uploaded by

Seguridad Informatica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Ini�al Access Execu�on Persistence Privilege Escala�on Defense Evasion Creden�al Access Discovery Lateral Movement Collec�on Command

nse Evasion Creden�al Access Discovery Lateral Movement Collec�on Command and Control Exfiltra�on Impact
Drive-by Compromise AppleScript .bash_profile and .bashrc Access Token Manipula�on Access Token Manipula�on Account Manipula�on Account Discovery AppleScript Audio Capture Commonly Used Port Automated Exfiltra�on Account Access Removal
Exploit Public-Facing Applica�on CMSTP Accessibility Features Accessibility Features Binary Padding Bash History Applica�on Window Applica�on Automated Collec�on Communica�on Through Data Compressed Data Destruc�on
Discovery Deployment So�ware Removable Media
External Remote Services Command-Line Interface Account Manipula�on AppCert DLLs BITS Jobs Brute Force Clipboard Data Data Encrypted Data Encrypted for Impact
Browser Bookmark Component Object Model Connec�on Proxy
Hardware Addi�ons Compiled HTML File AppCert DLLs AppInit DLLs Bypass User Account Control Creden�al Dumping Data from Informa�on Data Transfer Size Limits Defacement
Discovery and Distributed COM Custom Command
Replica�on Through Component Object Model and Creden�als from Repositories Exfiltra�on Over
AppInit DLLs Applica�on Shimming Clear Command History Disk Content Wipe
Domain Trust Discovery Exploita�on of Remote and Control Protocol
Removable Media Distributed COM Web Browsers Data from Local System Alterna�ve Protocol
Applica�on Shimming Bypass User Account Control CMSTP Services Disk Structure Wipe
File and Directory Discovery Custom Cryptographic
Spearphishing A�achment Control Panel Items Creden�als in Files Data from Network Exfiltra�on Over Command
Authen�ca�on Package DLL Search Order Hijacking Code Signing Internal Spearphishing Protocol Endpoint Denial of Service
Network Service Scanning Shared Drive and Control Channel
Spearphishing Link Dynamic Data Exchange Creden�als in Registry Logon Scripts
BITS Jobs Dylib Hijacking Compile A�er Delivery Data Encoding Firmware Corrup�on
Network Share Discovery Data from Exfiltra�on Over
Spearphishing via Service Execu�on through API Exploita�on for Pass the Hash
Bootkit Elevated Execu�on with Prompt Compiled HTML File Removable Media Data Obfusca�on Other Network Medium Inhibit System Recovery
Creden�al Access Network Sniffing
Supply Chain Compromise Execu�on through Pass the Ticket
Browser Extensions Emond Component Firmware Data Staged Domain Fron�ng Exfiltra�on Over Network Denial of Service
Module Load Forced Authen�ca�on Password Policy
Trusted Rela�onship Remote Desktop Protocol Physical Medium
Change Default File Associa�on Exploita�on for Privilege Component Object Discovery Email Collec�on Domain Genera�on Resource Hijacking
Exploita�on for Hooking
Valid Accounts Escala�on Model Hijacking Remote File Copy Algorithms Scheduled Transfer
Client Execu�on Component Firmware Peripheral Device Input Capture Run�me Data Manipula�on
Input Capture
Extra Window Memory Connec�on Proxy Discovery Remote Services Fallback Channels
Graphical User Interface Component Object Model Man in the Browser Service Stop
Injec�on Input Prompt
Hijacking Control Panel Items Permission Groups Replica�on Through Mul�-hop Proxy
InstallU�l Screen Capture System Shutdown/Reboot
File System Permissions Kerberoas�ng Discovery
Create Account DCShadow Removable Media Mul�-Stage Channels
Launchctl Weakness Video Capture Stored Data Manipula�on
Keychain Process Discovery Shared Webroot
DLL Search Order Hijacking Deobfuscate/Decode Files Mul�band Communica�on
Local Job Scheduling Hooking Transmi�ed Data
LLMNR/NBT-NS Query Registry SSH Hijacking
Dylib Hijacking or Informa�on Mul�layer Encryp�on Manipula�on
LSASS Driver Image File Execu�on Op�ons Poisoning and Relay Remote System Taint Shared Content
Emond Injec�on Disabling Security Tools Port Knocking
Mshta Network Sniffing Discovery
External Remote Services Launch Daemon DLL Search Order Hijacking Third-party So�ware Remote Access Tools
PowerShell Password Filter DLL Security So�ware
File System Permissions New Service DLL Side-Loading Discovery Windows Admin Shares Remote File Copy
Regsvcs/Regasm Private Keys
Weakness Windows Remote Standard Applica�on
Parent PID Spoofing So�ware Discovery
Regsvr32 Execu�on Guardrails Securityd Memory
Hidden Files and Directories Management Layer Protocol
Path Intercep�on System Informa�on
Rundll32 Exploita�on for Steal Web Session Cookie
Hooking Discovery Standard Cryptographic Protocol
Plist Modifica�on Defense Evasion
Scheduled Task Two-Factor Authen�ca�on
Hypervisor System Network Standard Non-Applica�on
Port Monitors Extra Window Intercep�on
Scrip�ng Configura�on Discovery Layer Protocol
Image File Execu�on Op�ons Memory Injec�on
PowerShell Profile
Service Execu�on Injec�on System Network Uncommonly Used Port
File and Directory
Process Injec�on Connec�ons Discovery
Signed Binary Proxy Execu�on Kernel Modules and Extensions Permissions Modifica�on Web Service
Scheduled Task System Owner/User Discovery
Signed Script Proxy Execu�on Launch Agent File Dele�on
Service Registry Permissions System Service Discovery
Source Launch Daemon File System Logical Offsets
Weakness
System Time Discovery
Space a�er Filename Launchctl Gatekeeper Bypass
Setuid and Setgid
Virtualiza�on/Sandbox
Third-party So�ware LC_LOAD_DYLIB Addi�on Group Policy Modifica�on
SID-History Injec�on Evasion
Trap Local Job Scheduling Hidden Files and Directories
Startup Items
Trusted Developer U�li�es Login Item Hidden Users
Sudo
User Execu�on Logon Scripts Hidden Window
Sudo Caching
Windows Management LSASS Driver HISTCONTROL
Valid Accounts
Instrumenta�on
Modify Exis�ng Service Image File Execu�on Op�ons
Web Shell
Windows Remote Injec�on
Netsh Helper DLL
Management
Indicator Blocking
New Service
XSL Script Processing
Indicator Removal from Tools
Office Applica�on Startup
Indicator Removal on Host
Path Intercep�on
Indirect Command Execu�on
Plist Modifica�on
Install Root Cer�ficate
Port Knocking
InstallU�l
Port Monitors
Launchctl
PowerShell Profile

MITRE ATT&CK
LC_MAIN Hijacking
Rc.common
Re-opened Masquerading ®
Applica�ons Modify Registry
Redundant Access Mshta

Enterprise Framework
Registry Run Keys / Network Share Connec�on
Startup Folder Removal
Scheduled Task NTFS File A�ributes
Screensaver Obfuscated Files or Informa�on
Security Support Provider Parent PID Spoofing
Server So�ware Plist Modifica�on
Component
Port Knocking
Service Registry
Process Doppelgänging
Permissions Weakness
Process Hollowing
Setuid and Setgid

attack.mitre.org
Process Injec�on
Shortcut Modifica�on
SIP and Trust Redundant Access
Provider Hijacking Regsvcs/Regasm
Startup Items Regsvr32
System Firmware Rootkit
Systemd Service Rundll32
Time Providers Scrip�ng
Trap Signed Binary Proxy Execu�on
Valid Accounts Signed Script Proxy Execu�on
Web Shell SIP and Trust Provider Hijacking
Windows Management So�ware Packing
Instrumenta�on Event
Space a�er Filename
Subscrip�on
Winlogon Helper DLL Template Injec�on
Timestomp
Trusted Developer U�li�es
Valid Accounts
Virtualiza�on/Sandbox Evasion
Web Service
XSL Script Processing
SOLVING PROBLEMS
FOR A SAFER WORLD
© 2020 MITRE Matrix current as of February 2020

You might also like