Skip to content

Latest commit

 

History

History
32 lines (32 loc) · 10.4 KB

linux-matrix.md

File metadata and controls

32 lines (32 loc) · 10.4 KB
Raw

Linux Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control
Drive-by Compromise CONTRIBUTE A TEST Command-Line Interface .bash_profile and .bashrc Exploitation for Privilege Escalation CONTRIBUTE A TEST Application Access Token CONTRIBUTE A TEST Account Manipulation Account Discovery Application Access Token CONTRIBUTE A TEST Audio Capture Automated Exfiltration CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Account Manipulation Process Injection Binary Padding Bash History Browser Bookmark Discovery Application Deployment Software CONTRIBUTE A TEST Automated Collection Data Compressed Communication Through Removable Media CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Setuid and Setgid Clear Command History Brute Force Cloud Service Dashboard CONTRIBUTE A TEST Exploitation of Remote Services CONTRIBUTE A TEST Clipboard Data Data Encrypted Connection Proxy
Spearphishing Attachment Local Job Scheduling Browser Extensions Sudo Compile After Delivery CONTRIBUTE A TEST Cloud Instance Metadata API CONTRIBUTE A TEST Cloud Service Discovery CONTRIBUTE A TEST Internal Spearphishing CONTRIBUTE A TEST Data Staged Data Transfer Size Limits Custom Command and Control Protocol CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Scripting Create Account Sudo Caching Connection Proxy Credential Dumping File and Directory Discovery Remote File Copy Data from Cloud Storage Object CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Custom Cryptographic Protocol CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Source Hidden Files and Directories Valid Accounts CONTRIBUTE A TEST Disabling Security Tools Credentials from Web Browsers CONTRIBUTE A TEST Network Service Scanning Remote Services CONTRIBUTE A TEST Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Command and Control Channel CONTRIBUTE A TEST Data Encoding
Supply Chain Compromise CONTRIBUTE A TEST Space after Filename Implant Container Image CONTRIBUTE A TEST Web Shell Execution Guardrails CONTRIBUTE A TEST Credentials in Files Network Share Discovery SSH Hijacking CONTRIBUTE A TEST Data from Local System Exfiltration Over Other Network Medium CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Third-party Software CONTRIBUTE A TEST Kernel Modules and Extensions Exploitation for Defense Evasion CONTRIBUTE A TEST Exploitation for Credential Access CONTRIBUTE A TEST Network Sniffing Third-party Software CONTRIBUTE A TEST Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Trap Local Job Scheduling File Deletion Input Capture Password Policy Discovery Web Session Cookie CONTRIBUTE A TEST Data from Removable Media CONTRIBUTE A TEST Scheduled Transfer CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST
User Execution CONTRIBUTE A TEST Office Application Startup File and Directory Permissions Modification Network Sniffing Permission Groups Discovery Email Collection Transfer Data to Cloud Account CONTRIBUTE A TEST Fallback Channels CONTRIBUTE A TEST
Port Knocking CONTRIBUTE A TEST HISTCONTROL Private Keys Process Discovery Input Capture Multi-Stage Channels CONTRIBUTE A TEST
Redundant Access CONTRIBUTE A TEST Hidden Files and Directories Steal Application Access Token CONTRIBUTE A TEST Remote System Discovery Screen Capture Multi-hop Proxy CONTRIBUTE A TEST
Server Software Component Indicator Removal from Tools CONTRIBUTE A TEST Steal Web Session Cookie CONTRIBUTE A TEST Software Discovery Multiband Communication CONTRIBUTE A TEST
Setuid and Setgid Indicator Removal on Host Two-Factor Authentication Interception CONTRIBUTE A TEST System Information Discovery Multilayer Encryption CONTRIBUTE A TEST
Systemd Service Install Root Certificate System Network Configuration Discovery Port Knocking CONTRIBUTE A TEST
Trap Masquerading System Network Connections Discovery Remote Access Tools CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Obfuscated Files or Information System Owner/User Discovery Remote File Copy
Web Shell Port Knocking CONTRIBUTE A TEST Standard Application Layer Protocol
Process Injection Standard Cryptographic Protocol CONTRIBUTE A TEST
Redundant Access CONTRIBUTE A TEST Standard Non-Application Layer Protocol CONTRIBUTE A TEST
Revert Cloud Instance CONTRIBUTE A TEST Uncommonly Used Port
Rootkit Web Service CONTRIBUTE A TEST
Scripting
Space after Filename
Timestomp
Unused/Unsupported Cloud Regions CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST
Web Service CONTRIBUTE A TEST
Web Session Cookie CONTRIBUTE A TEST