security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f848fe2c19d948c3ef18f2becedf335fdff3c8e
atomic-red-team/Linux/README.md
T

23 lines
8.1 KiB
Markdown
Raw Normal View History

Initial Commit
2017-10-11 10:35:17 -07:00
## MITRE ATT&CK Matrix - Linux
Updated Linux Matrix
2018-01-16 11:47:24 -07:00
| Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Execution | Collection | Exfiltration | Command and Control |
Initial Commit
2017-10-11 10:35:17 -07:00
|------------------------------|-------------------------------|-------------------------------|----------------------------------------|----------------------------------------|---------------------------------|--------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
Added Linux Execution CLI Test CURL/WGET to bash
2018-02-22 00:45:59 -06:00
| [.bash_profile and .bashrc](Persistence/bash_profile_and_bashrc.md) | Exploitation of Vulnerability | Binary Padding | [Bash History](Credential_Access/Bash_History.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | [Command-Line Interface](Execution/Command-Line_Interface.md) | Audio Capture | Automated Exfiltration | Commonly Used Port |
Added File Deletion, Data Compression/Encryption, Data splitting tests
2018-03-12 01:32:55 -05:00
| Bootkit | [Setuid and Setgid](Privilege_Escalation/Setuid_and_Setgid.md) | [Clear Command History](Defense_Evasion/Clear_Command_History.md) | Brute Force | [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | [Data Compressed](Exfiltration/Data_Compressed.md) | Communication Through Removable Media |
| [Browser Extensions](Persistence/Browser_Extensions.md)| Sudo | [Disabling Security Tools](Defense_Evasion/Disabling_Security_Tools.md) | [Create Account](Credential_Access/Create_Account.md) | [Network Service Scanning](Discovery/Network_Service_Scanning.md) | [Remote File Copy](Lateral_Movement/Remote_File_Copy.md) | Scripting | [Browser Extensions](Collection/Browser_Extensions.md) | [Data Encrypted](Exfiltration/Data_Encrypted.md) | Connection Proxy |
| [Cron Job](Persistence/Cron_Job.md) | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Permission Groups Discovery | Remote Services | Source | Clipboard Data | [Data Transfer Size Limits](Exfiltration/Data_Transfer_Size_Limits.md) | Custom Command and Control Protocol |
| [Hidden Files and Directories](Persistence/Hidden_Files_and_Directories.md) | Web Shell | [File Deletion](Defense_Evasion/File_Deletion.md) | Exploitation of Vulnerability | [Process Discovery](Discovery/Process_Discovery.md) | Third-party Software | Space after Filename | Data Staged | [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) | Custom Cryptographic Protocol |
add linux browser extension docs and payload
2018-02-26 13:13:39 +11:00
| Rc.common | | [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) | Input Capture | [Remote System Discovery](Discovery/Remote_System_Discovery.md) | | Third-party Software | Data from Local System | Exfiltration Over Command and Control Channel | Data Encoding |
Added Hidden Files and Directories checks for Linux
2018-03-08 23:52:30 -06:00
| Redundant Access | | [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories.md) | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation |
add linux browser extension docs and payload
2018-02-26 13:13:39 +11:00
| [Trap](Persistence/Trap.md) | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels |
| Valid Accounts | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Input Capture | Scheduled Transfer | Multi-Stage Channels |
Added test to generate and trust root CA on Linux. Updated README.
2018-03-10 01:27:49 -06:00
| Web Shell | | [Install Root Certificate](Defense_Evasion/Install_Root_Certificate.md) | | System Owner/User Discovery | | | Screen Capture | | Multiband Communication |
Initial Commit
2017-10-11 10:35:17 -07:00
| | | Masquerading | | | | | | | Multilayer Encryption |
updated README with links to Rootkits
2018-02-27 11:13:15 -06:00
| | | Redundant Access |
Added Remote File Copy tests on Linux and relevant README
2018-03-09 21:54:34 -06:00
| | | [Rootkits](Defense_Evasion/Rootkits.md) | | | | | | | [Remote File Copy](Command_and_Control/Remote_File_Copy.md) |
Initial Commit
2017-10-11 10:35:17 -07:00
| | | Scripting | | | | | | | Standard Application Layer Protocol |
| | | Space after Filename | | | | | | | Standard Cryptographic Protocol |
Added test for timestomping on Linux with relevant README changes.
2018-03-09 19:51:46 -06:00
| | | [Timestomp](Defense_Evasion/Timestomp.md) | | | | | | | Standard Non-Application Layer Protocol |
Initial Commit
2017-10-11 10:35:17 -07:00
| | | Valid Accounts | | | | | | | Uncommonly Used Port |
| | | | | | | | | | Web Service |
Reference in New Issue Copy Permalink