Permalink
318 lines (306 sloc) 18.4 KB

macOS Atomic Tests by ATT&CK Tactic & Technique

persistence

discovery

execution

lateral-movement

  • T1155 AppleScript
    • Atomic Test #1: AppleScript [macos]
  • T1017 Application Deployment Software CONTRIBUTE A TEST
  • T1210 Exploitation of Remote Services CONTRIBUTE A TEST
  • T1037 Logon Scripts
    • Atomic Test #2: Logon Scripts - Mac [macos]
  • T1105 Remote File Copy
    • Atomic Test #1: rsync remote file copy (push) [linux, macos]
    • Atomic Test #2: rsync remote file copy (pull) [linux, macos]
    • Atomic Test #3: scp remote file copy (push) [linux, macos]
    • Atomic Test #4: scp remote file copy (pull) [linux, macos]
    • Atomic Test #5: sftp remote file copy (push) [linux, macos]
    • Atomic Test #6: sftp remote file copy (pull) [linux, macos]
  • T1021 Remote Services CONTRIBUTE A TEST
  • T1184 SSH Hijacking CONTRIBUTE A TEST
  • T1072 Third-party Software CONTRIBUTE A TEST

collection

exfiltration

credential-access

defense-evasion

command-and-control

initial-access

privilege-escalation