Skip to content

Available Modules

dweezy-netsec edited this page Apr 15, 2019 · 1 revision

Windows

  • Windows: ADIDNS (PowerMad)
  • Windows: Active Directory Automated Discovery (BloodHound)
  • Windows: Data Compressed (T1002)
  • Windows: Credential Dumping (T1003)
  • Windows: Winlogon Helper DLL (T1004)
  • Windows: Data from Local System (T1005)
  • Windows: System Service Discovery (T1007)
  • Windows: Application Window Discovery (T1010)
  • Windows: Query Registry (T1012)
  • Windows: Port Monitors (T1013)
  • Windows: Accessibility Features (T1015)
  • Windows: System Network Configuration Discovery (T1016)
  • Windows: Remote System Discovery (T1018)
  • Windows: Shortcut Modification (T1023)
  • Windows: Windows Remote Management (T1028)
  • Windows: Modify Existing Service (T1031)
  • Windows: System Owner/User Discovery (T1033)
  • Windows: Path Interception (T1034)
  • Windows: Service Execution (T1035)
  • Windows: Masquerading (T1036)
  • Windows: Logon Scripts (T1037)
  • Windows: File System Permissions Weakness (T1044)
  • Windows: Windows Management Instrumentation (T1047)
  • Windows: System Network Connections Discovery (T1049)
  • Windows: New Service (T1050)
  • Windows: Scheduled Task (T1053)
  • Windows: Process Injection (T1055)
  • Windows: Input Capture (T1056)
  • Windows: Process Discovery (T1057)
  • Windows: Run Keys (T1060)
  • Windows: Security Software Discovery (T1063)
  • Windows: Permission Groups Discovery (T1069)
  • Windows: Indicator Removal from Tools (T1070)
  • Windows: Pass the Hash (T1075)
  • Windows: Windows Admin Shares (T1077)
  • Windows: Valid Accounts (T1078)
  • Windows: Credentials in Files (T1081)
  • Windows: System Information Discovery (T1082)
  • Windows: File and Directory Discovery (T1083)
  • Windows: Windows Management Instrumentation Event Subscription (1084)
  • Windows: Rundll32 (T1085)
  • Windows: PowerShell (T1086)
  • Windows: Account Discovery (T1087)
  • Windows: Bypass UAC (T1088)
  • Windows: Disabling Security Tools (T1089)
  • Windows: Windows NTFS Extended Attributes (T1096)
  • Windows: Account Manipulation (T1098)
  • Windows: Timestomp (T1099)
  • Windows: AppInit DLLs (T1103)
  • Windows: Remote File Copy (T1105)
  • Windows: File Deletion (T1107)
  • Windows: Brute Force (T1110)
  • Windows: Modify Registry (T1112)
  • Windows: Screen Capture (T1113)
  • Windows: Clipboard Data (T1115)
  • Windows: Regsvr32 (T1117)
  • Windows: InstallUtil (T1118)
  • Windows: Automated Collection (T1119)
  • Windows: Peripheral Device Discovery (T1120)
  • Windows: Regsvcs/Regasm (T1121)
  • Windows: Audio Capture (T1123)
  • Windows: System Time Discovery (T1124)
  • Windows: Video Capture (T1125)
  • Windows: Trusted Developer Utilities (T1127)
  • Windows: Install Root Certificate (T1130)
  • Windows: Authentication Package (T1131)
  • Windows: Network Share Discovery (T1135)
  • Windows: Create Account (T1136)
  • Windows: MSHTA (T1170)
  • Windows: Distributed Component Object Model (T1175)
  • Windows: Screensaver (T1180)
  • Windows: CMSTP (T1191)
  • Windows: Control Panel Items (T1196)
  • Windows: BITS jobs (T1197)
  • Windows: Password Policy Discovery (T1201)
  • Windows: Kerberoasting (T1208)
  • Windows: Time Providers (T1209)
  • Windows: Signed Binary Proxy Execution (T1218)

Linux

  • Linux: System Network Configuration Discovery (T1016)
  • Linux: System Owner/User Discovery (T1033)
  • Linux: System Network Connections Discovery (T1049)
  • Linux: Process Discovery (T1057)
  • Linux: Permission Groups Discovery (T1069)
  • Linux: System Information Discovery (T1082)
  • Linux: Account Discovery (T1087)
  • Linux: File Deletion (T1107)
  • Linux: Password Policy Discovery (T1201)

macOS

  • macOS: Data Compressed (T1002)
  • macOS: System Network Configuration Discovery (T1016)
  • macOS: Network Share Discovery (T1135)
  • macOS: Create Account (T1136)
  • macOS: Bash History (T1139)
  • macOS: Password Policy Discovery (T1201)

Multi

  • Multi: Remote System Discovery (T1018)
  • Multi: Network Service Scanning (T1046)
You can’t perform that action at this time.