Permalink
0d9f652 Dec 5, 2018
4 contributors

Users who have contributed to this file

@ForensicITGuy @caseysmithrc @MHaggis @brianebeyer
26 lines (25 sloc) 8.43 KB

Linux Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control
Drive-by Compromise CONTRIBUTE A TEST Command-Line Interface .bash_profile and .bashrc Exploitation for Privilege Escalation CONTRIBUTE A TEST Binary Padding Bash History Account Discovery Application Deployment Software CONTRIBUTE A TEST Audio Capture Automated Exfiltration CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Process Injection Clear Command History Brute Force Browser Bookmark Discovery Exploitation of Remote Services CONTRIBUTE A TEST Automated Collection Data Compressed Communication Through Removable Media CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Browser Extensions Setuid and Setgid Disabling Security Tools Credential Dumping File and Directory Discovery Remote File Copy Clipboard Data Data Encrypted Connection Proxy
Spearphishing Attachment Local Job Scheduling Create Account Sudo Exploitation for Defense Evasion CONTRIBUTE A TEST Credentials in Files Network Service Scanning Remote Services CONTRIBUTE A TEST Data Staged Data Transfer Size Limits Custom Command and Control Protocol CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Scripting Hidden Files and Directories Sudo Caching File Deletion Exploitation for Credential Access CONTRIBUTE A TEST Network Sniffing SSH Hijacking CONTRIBUTE A TEST Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Custom Cryptographic Protocol CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Source Kernel Modules and Extensions CONTRIBUTE A TEST Valid Accounts CONTRIBUTE A TEST File Permissions Modification Input Capture Password Policy Discovery Third-party Software CONTRIBUTE A TEST Data from Local System CONTRIBUTE A TEST Exfiltration Over Command and Control Channel CONTRIBUTE A TEST Data Encoding
Supply Chain Compromise CONTRIBUTE A TEST Space after Filename Local Job Scheduling Web Shell CONTRIBUTE A TEST HISTCONTROL Network Sniffing Permission Groups Discovery Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration Over Other Network Medium CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Third-party Software CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST Hidden Files and Directories Private Keys Process Discovery Data from Removable Media CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Trap Redundant Access CONTRIBUTE A TEST Indicator Removal from Tools CONTRIBUTE A TEST Two-Factor Authentication Interception CONTRIBUTE A TEST Remote System Discovery Input Capture Scheduled Transfer CONTRIBUTE A TEST Fallback Channels CONTRIBUTE A TEST
User Execution CONTRIBUTE A TEST Setuid and Setgid Indicator Removal on Host System Information Discovery Screen Capture Multi-Stage Channels CONTRIBUTE A TEST
Trap Install Root Certificate System Network Configuration Discovery Multi-hop Proxy CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Masquerading System Network Connections Discovery Multiband Communication CONTRIBUTE A TEST
Web Shell CONTRIBUTE A TEST Obfuscated Files or Information System Owner/User Discovery Multilayer Encryption CONTRIBUTE A TEST
Port Knocking CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST
Process Injection Remote Access Tools CONTRIBUTE A TEST
Redundant Access CONTRIBUTE A TEST Remote File Copy
Rootkit Standard Application Layer Protocol CONTRIBUTE A TEST
Scripting Standard Cryptographic Protocol CONTRIBUTE A TEST
Space after Filename Standard Non-Application Layer Protocol CONTRIBUTE A TEST
Timestomp Uncommonly Used Port
Valid Accounts CONTRIBUTE A TEST Web Service CONTRIBUTE A TEST
Web Service CONTRIBUTE A TEST