Skip to content

Latest commit

 

History

History
63 lines (63 loc) · 17.3 KB

windows-matrix.md

File metadata and controls

63 lines (63 loc) · 17.3 KB
Raw

Windows Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control
Drive-by Compromise CONTRIBUTE A TEST CMSTP Accessibility Features Access Token Manipulation Access Token Manipulation Account Manipulation Account Discovery Application Deployment Software CONTRIBUTE A TEST Audio Capture Automated Exfiltration CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Command-Line Interface Account Manipulation Accessibility Features BITS Jobs Brute Force Application Window Discovery Component Object Model and Distributed COM CONTRIBUTE A TEST Automated Collection Data Compressed Communication Through Removable Media CONTRIBUTE A TEST
External Remote Services CONTRIBUTE A TEST Compiled HTML File AppCert DLLs CONTRIBUTE A TEST AppCert DLLs CONTRIBUTE A TEST Binary Padding Credential Dumping Browser Bookmark Discovery Exploitation of Remote Services CONTRIBUTE A TEST Clipboard Data Data Encrypted Connection Proxy
Hardware Additions CONTRIBUTE A TEST Component Object Model and Distributed COM CONTRIBUTE A TEST AppInit DLLs AppInit DLLs Bypass User Account Control Credentials from Web Browsers CONTRIBUTE A TEST Domain Trust Discovery Internal Spearphishing CONTRIBUTE A TEST Data Staged Data Transfer Size Limits Custom Command and Control Protocol CONTRIBUTE A TEST
Replication Through Removable Media CONTRIBUTE A TEST Control Panel Items Application Shimming Application Shimming CMSTP Credentials in Files File and Directory Discovery Logon Scripts Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Custom Cryptographic Protocol CONTRIBUTE A TEST
Spearphishing Attachment Dynamic Data Exchange Authentication Package CONTRIBUTE A TEST Bypass User Account Control Code Signing CONTRIBUTE A TEST Credentials in Registry Network Service Scanning Pass the Hash Data from Local System Exfiltration Over Command and Control Channel CONTRIBUTE A TEST Data Encoding
Spearphishing Link CONTRIBUTE A TEST Execution through API CONTRIBUTE A TEST BITS Jobs DLL Search Order Hijacking Compile After Delivery CONTRIBUTE A TEST Exploitation for Credential Access CONTRIBUTE A TEST Network Share Discovery Pass the Ticket Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration Over Other Network Medium CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Execution through Module Load CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Exploitation for Privilege Escalation CONTRIBUTE A TEST Compiled HTML File Forced Authentication CONTRIBUTE A TEST Network Sniffing Remote Desktop Protocol Data from Removable Media CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST
Supply Chain Compromise CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Browser Extensions Extra Window Memory Injection CONTRIBUTE A TEST Component Firmware CONTRIBUTE A TEST Hooking Password Policy Discovery Remote File Copy Email Collection Scheduled Transfer CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Change Default File Association File System Permissions Weakness CONTRIBUTE A TEST Component Object Model Hijacking Input Capture Peripheral Device Discovery CONTRIBUTE A TEST Remote Services CONTRIBUTE A TEST Input Capture Fallback Channels CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST InstallUtil Component Firmware CONTRIBUTE A TEST Hooking Connection Proxy Input Prompt Permission Groups Discovery Replication Through Removable Media CONTRIBUTE A TEST Man in the Browser CONTRIBUTE A TEST Multi-Stage Channels CONTRIBUTE A TEST
LSASS Driver CONTRIBUTE A TEST Component Object Model Hijacking Image File Execution Options Injection Control Panel Items Kerberoasting CONTRIBUTE A TEST Process Discovery Shared Webroot CONTRIBUTE A TEST Screen Capture Multi-hop Proxy CONTRIBUTE A TEST
Mshta Create Account New Service DCShadow LLMNR/NBT-NS Poisoning and Relay CONTRIBUTE A TEST Query Registry Taint Shared Content CONTRIBUTE A TEST Video Capture CONTRIBUTE A TEST Multiband Communication CONTRIBUTE A TEST
PowerShell DLL Search Order Hijacking Parent PID Spoofing CONTRIBUTE A TEST DLL Search Order Hijacking Network Sniffing Remote System Discovery Third-party Software CONTRIBUTE A TEST Multilayer Encryption CONTRIBUTE A TEST
Regsvcs/Regasm External Remote Services CONTRIBUTE A TEST Path Interception CONTRIBUTE A TEST DLL Side-Loading CONTRIBUTE A TEST Password Filter DLL Security Software Discovery Windows Admin Shares Remote Access Tools CONTRIBUTE A TEST
Regsvr32 File System Permissions Weakness CONTRIBUTE A TEST Port Monitors CONTRIBUTE A TEST Deobfuscate/Decode Files or Information Private Keys Software Discovery Windows Remote Management Remote File Copy
Rundll32 Hidden Files and Directories PowerShell Profile CONTRIBUTE A TEST Disabling Security Tools Steal Web Session Cookie CONTRIBUTE A TEST System Information Discovery Standard Application Layer Protocol
Scheduled Task Hooking Process Injection Execution Guardrails CONTRIBUTE A TEST Two-Factor Authentication Interception CONTRIBUTE A TEST System Network Configuration Discovery Standard Cryptographic Protocol CONTRIBUTE A TEST
Scripting Hypervisor SID-History Injection CONTRIBUTE A TEST Exploitation for Defense Evasion CONTRIBUTE A TEST System Network Connections Discovery Standard Non-Application Layer Protocol CONTRIBUTE A TEST
Service Execution Image File Execution Options Injection Scheduled Task Extra Window Memory Injection CONTRIBUTE A TEST System Owner/User Discovery Uncommonly Used Port
Signed Binary Proxy Execution LSASS Driver CONTRIBUTE A TEST Service Registry Permissions Weakness CONTRIBUTE A TEST File Deletion System Service Discovery Web Service CONTRIBUTE A TEST
Signed Script Proxy Execution Logon Scripts Valid Accounts CONTRIBUTE A TEST File System Logical Offsets CONTRIBUTE A TEST System Time Discovery
Third-party Software CONTRIBUTE A TEST Modify Existing Service Web Shell File and Directory Permissions Modification Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Trusted Developer Utilities Netsh Helper DLL Group Policy Modification CONTRIBUTE A TEST
User Execution CONTRIBUTE A TEST New Service Hidden Files and Directories
Windows Management Instrumentation Office Application Startup Hidden Window CONTRIBUTE A TEST
Windows Remote Management Path Interception CONTRIBUTE A TEST Image File Execution Options Injection
XSL Script Processing Port Monitors CONTRIBUTE A TEST Indicator Blocking CONTRIBUTE A TEST
PowerShell Profile CONTRIBUTE A TEST Indicator Removal from Tools CONTRIBUTE A TEST
Redundant Access CONTRIBUTE A TEST Indicator Removal on Host
Registry Run Keys / Startup Folder Indirect Command Execution
SIP and Trust Provider Hijacking CONTRIBUTE A TEST Install Root Certificate
Scheduled Task InstallUtil
Screensaver Masquerading
Security Support Provider Modify Registry
Server Software Component Mshta
Service Registry Permissions Weakness CONTRIBUTE A TEST NTFS File Attributes
Shortcut Modification CONTRIBUTE A TEST Network Share Connection Removal
System Firmware CONTRIBUTE A TEST Obfuscated Files or Information
Time Providers CONTRIBUTE A TEST Parent PID Spoofing CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Process Doppelgänging CONTRIBUTE A TEST
Web Shell Process Hollowing CONTRIBUTE A TEST
Windows Management Instrumentation Event Subscription Process Injection
Winlogon Helper DLL Redundant Access CONTRIBUTE A TEST
Regsvcs/Regasm
Regsvr32
Rootkit
Rundll32
SIP and Trust Provider Hijacking CONTRIBUTE A TEST
Scripting
Signed Binary Proxy Execution
Signed Script Proxy Execution
Software Packing CONTRIBUTE A TEST
Template Injection CONTRIBUTE A TEST
Timestomp
Trusted Developer Utilities
Valid Accounts CONTRIBUTE A TEST
Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Web Service CONTRIBUTE A TEST
XSL Script Processing