Linux/README.md

## MITRE ATT&CK Matrix - Linux

| Initial Access	| Execution	| Persistence	| Privilege Escalation	| Defense Evasion	| Credential Access	| Discovery	| Lateral Movement	| Collection	| Exfiltration	| Command and Control|
|-------------------------------------------------------|----------------------------------------|-----------------------------------------|----------------------------------------|----------------------------------------|-------------------------------------|------------------------------------|--------------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
| Drive-by Compromise	| Command-Line Interface	| [.bash_profile and .bashrc](Persistence/bash_profile_and_bashrc.md)	| Exploitation for Privilege Escalation	| Binary Padding	| [Bash History](Credential_Access/Bash_History.md) 	| [Account Discovery](Discovery/Account_Discovery.md) 	| Application Deployment Software	| Audio Capture	| Automated Exfiltration	| Commonly Used Port| 
| Exploit Public-Facing Application	| Exploitation for Client Execution	| Bootkit	| Process Injection	| [Clear Command History](Defense_Evasion/Clear_Command_History.md)	| Brute Force	| Browser Bookmark Discovery | Exploitation of Remote Services	| Automated Collection	| Data Compressed	| Communication Through Removable Media| 
| Hardware Additions	| Graphical User Interface	| [Browser Extensions](Persistence/Browser_Extensions.md)  	| [Setuid and Setgid](Privilege_Escalation/Setuid_and_Setgid.md) 	|[Disabling Security Tools](Defense_Evasion/Disabling_Security_Tools.md)	| [Credentials in Files](Credential_Access/Credentials_in_Files.md)  	| [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md)	| Remote File Copy	| Clipboard Data	| Data Encrypted	| Connection Proxy| 
| Spearphishing Attachment	| [Local Job Scheduling/Cron_Job](Persistence/Cron_Job.md)	| [Create Account](Persistence/Create_Account.md)	| Sudo	| Exploitation for Defense Evasion	| Exploitation for Credential Access	| [Network Service Scanning](Discovery/Network_Service_Scanning.md)	|  Remote Services	| Data Staged	 | Data Transfer Size Limits	| [Custom Command and Control Protocol](Command_and_Control/Custom_Command_and_Control_Protocol.md)l| 
| Spearphishing Link	| Scripting	| [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories)	| Sudo Caching	| File Deletion	| Input Capture	|  Password Policy Discovery	| SSH Hijacking	| Data from Information Repositories	| [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) 	| Custom Cryptographic Protocol| 
| Spearphishing via Service	| 	Source	| Kernel Modules and Extensions	| Valid Accounts	|  [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) |  Network Sniffing 	| [Permission Groups Discovery](Discovery/Permissions_Groups_Discovery.md)	| Third-party Software	| Data from Local System	| Exfiltration Over Command and Control Channel	| Data Encoding| 
| Supply Chain Compromise	| [Space after Filename](Execution/Space_After_Filename.md)	| [Local Job Scheduling](Persistence/Local_Job_Scheduling.md)	| Web Shell	| [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories) 	| Private Keys	| [Process Discovery](Discovery/Process_Discovery.md)	| 		| 	Data from Network Shared Drive	| Exfiltration Over Other Network Medium	| Data Obfuscation| 
| Trusted Relationship	| Third-party Software	| Port Knocking	|  	| Indicator Removal from Tools 	| Two-Factor Authentication Interception	|[Remote System Discovery](Discovery/Remote_System_Discovery.md) 	| 			| Data from Removable Media	| Exfiltration Over Physical Medium	| Domain Fronting| 
| Valid Accounts	| Trap	| Redundant Access 	| 		| [Indicator Removal on Host](Defense_Evasion/Indicator_Removal_On_Host.md) | 			|[System Information Discovery](Discovery/System_Information_Discovery.md)	| 		| Input Capture | Scheduled Transfer | Fallback Channels| 
| 		| User Execution	| Trap	| 		| Install Root Certificate	| 		| [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | 		| Screen Capture |  	| Multi-Stage Channels|
| 		| 		| Valid Accounts |  	| Masquerading | 		| System Network Connection Discovery | 		| 		| 		|  Multi-hop Proxy|
| 		| 		| Web Shell	| 			| Obfuscated Files or Information | 		|  System Owner/User Discovery | 		| 		| 		|  Multiband Communication | 
| 		| 		| 			| 			| Port Knocking	| 				| 			| 			| 			| 			| Multilayer Encryption|
| 		| 		| 			| 			| Process Injection	| 				| 			| 			| 			| 			| 	Port Knocking|
| 		| 		| 			| 			| Redundant Access	| 				| 			| 			| 			| 			| Remote Access Tools|
| 		| 		| 			| 			| [Rootkit](Defense_Evasion/Rootkits.md)	| 				| 			| 			| 			| 			| Remote File Copy |
| 		| 		| 			| 			| Scripting	| 				| 			| 			| 			| 			| Standard Application Layer Protocol|
| 		| 		| 			| 			|[Space after Filename](Execution/Space_After_Filename.md)	| 				| 			| 			| 			| 			| Standard Cryptographic Protocol|
| 		| 		| 			| 			| [Timestomp](Defense_Evasion/Timestomp.md)	| 				| 			| 			| 			| 			| Standard Non-Application Layer Protocol
| 		| 		| 			| 			| Valid Account	| 				| 			| 			| 			| 			| Uncommonly Used Port|
| 		| 		| 			| 			| Web Service	| 				| 			| 			| 			| 			| Web Service|
Initial Commit 2017-10-11 10:35:17 -07:00			`## MITRE ATT&CK Matrix - Linux`

update based on Mitre April update 2018-04-16 18:01:06 +08:00			`\| Initial Access \| Execution \| Persistence \| Privilege Escalation \| Defense Evasion \| Credential Access \| Discovery \| Lateral Movement \| Collection \| Exfiltration \| Command and Control\|`
			`\|-------------------------------------------------------\|----------------------------------------\|-----------------------------------------\|----------------------------------------\|----------------------------------------\|-------------------------------------\|------------------------------------\|--------------------------------\|--------------------------------\|-----------------------------------------------\|-----------------------------------------\|`
			`\| Drive-by Compromise \| Command-Line Interface \| [.bash_profile and .bashrc](Persistence/bash_profile_and_bashrc.md) \| Exploitation for Privilege Escalation \| Binary Padding \| [Bash History](Credential_Access/Bash_History.md) \| [Account Discovery](Discovery/Account_Discovery.md) \| Application Deployment Software \| Audio Capture \| Automated Exfiltration \| Commonly Used Port\|`
			`\| Exploit Public-Facing Application \| Exploitation for Client Execution \| Bootkit \| Process Injection \| [Clear Command History](Defense_Evasion/Clear_Command_History.md) \| Brute Force \| Browser Bookmark Discovery \| Exploitation of Remote Services \| Automated Collection \| Data Compressed \| Communication Through Removable Media\|`
			`\| Hardware Additions \| Graphical User Interface \| [Browser Extensions](Persistence/Browser_Extensions.md) \| [Setuid and Setgid](Privilege_Escalation/Setuid_and_Setgid.md) \|[Disabling Security Tools](Defense_Evasion/Disabling_Security_Tools.md) \| [Credentials in Files](Credential_Access/Credentials_in_Files.md) \| [File and Directory Discovery](Discovery/File_and_Directory_Discovery.md) \| Remote File Copy \| Clipboard Data \| Data Encrypted \| Connection Proxy\|`
update link based on Mitre April update 2018-04-16 18:07:57 +08:00			`\| Spearphishing Attachment \| [Local Job Scheduling/Cron_Job](Persistence/Cron_Job.md) \| [Create Account](Persistence/Create_Account.md) \| Sudo \| Exploitation for Defense Evasion \| Exploitation for Credential Access \| [Network Service Scanning](Discovery/Network_Service_Scanning.md) \| Remote Services \| Data Staged \| Data Transfer Size Limits \| [Custom Command and Control Protocol](Command_and_Control/Custom_Command_and_Control_Protocol.md)l\|`
update based on Mitre April update 2018-04-16 18:01:06 +08:00			`\| Spearphishing Link \| Scripting \| [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories) \| Sudo Caching \| File Deletion \| Input Capture \| Password Policy Discovery \| SSH Hijacking \| Data from Information Repositories \| [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) \| Custom Cryptographic Protocol\|`
			`\| Spearphishing via Service \| Source \| Kernel Modules and Extensions \| Valid Accounts \| [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) \| Network Sniffing \| [Permission Groups Discovery](Discovery/Permissions_Groups_Discovery.md) \| Third-party Software \| Data from Local System \| Exfiltration Over Command and Control Channel \| Data Encoding\|`
			`\| Supply Chain Compromise \| [Space after Filename](Execution/Space_After_Filename.md) \| [Local Job Scheduling](Persistence/Local_Job_Scheduling.md) \| Web Shell \| [Hidden Files and Directories](Defense_Evasion/Hidden_Files_and_Directories) \| Private Keys \| [Process Discovery](Discovery/Process_Discovery.md) \| \| Data from Network Shared Drive \| Exfiltration Over Other Network Medium \| Data Obfuscation\|`
			`\| Trusted Relationship \| Third-party Software \| Port Knocking \| \| Indicator Removal from Tools \| Two-Factor Authentication Interception \|[Remote System Discovery](Discovery/Remote_System_Discovery.md) \| \| Data from Removable Media \| Exfiltration Over Physical Medium \| Domain Fronting\|`
			`\| Valid Accounts \| Trap \| Redundant Access \| \| [Indicator Removal on Host](Defense_Evasion/Indicator_Removal_On_Host.md) \| \|[System Information Discovery](Discovery/System_Information_Discovery.md) \| \| Input Capture \| Scheduled Transfer \| Fallback Channels\|`
updated based on Mitre April update 2018-04-16 18:02:46 +08:00			`\| \| User Execution \| Trap \| \| Install Root Certificate \| \| [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) \| \| Screen Capture \| \| Multi-Stage Channels\|`
update based on Mitre April update 2018-04-16 18:01:06 +08:00			`\| \| \| Valid Accounts \| \| Masquerading \| \| System Network Connection Discovery \| \| \| \| Multi-hop Proxy\|`
			`\| \| \| Web Shell \| \| Obfuscated Files or Information \| \| System Owner/User Discovery \| \| \| \| Multiband Communication \|`
			`\| \| \| \| \| Port Knocking \| \| \| \| \| \| Multilayer Encryption\|`
			`\| \| \| \| \| Process Injection \| \| \| \| \| \| Port Knocking\|`
			`\| \| \| \| \| Redundant Access \| \| \| \| \| \| Remote Access Tools\|`
update link based on Mitre April update 2018-04-16 18:07:57 +08:00			`\| \| \| \| \| [Rootkit](Defense_Evasion/Rootkits.md) \| \| \| \| \| \| Remote File Copy \|`
update based on Mitre April update 2018-04-16 18:01:06 +08:00			`\| \| \| \| \| Scripting \| \| \| \| \| \| Standard Application Layer Protocol\|`
			`\| \| \| \| \|[Space after Filename](Execution/Space_After_Filename.md) \| \| \| \| \| \| Standard Cryptographic Protocol\|`
update link based on Mitre April update 2018-04-16 18:07:57 +08:00			`\| \| \| \| \| [Timestomp](Defense_Evasion/Timestomp.md) \| \| \| \| \| \| Standard Non-Application Layer Protocol`
update based on Mitre April update 2018-04-16 18:01:06 +08:00			`\| \| \| \| \| Valid Account \| \| \| \| \| \| Uncommonly Used Port\|`
			`\| \| \| \| \| Web Service \| \| \| \| \| \| Web Service\|`