security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dfb7aef0b4050111dff63a9281fed3dad2776ada
atomic-red-team/atomics/Indexes/Matrices/matrix.md
T

162 lines
56 KiB
Markdown
Raw Normal View History

yamlize
2018-05-24 08:13:57 -06:00
# All Atomic Tests by ATT&CK Tactic & Technique
OCD :) (#967)
2020-05-01 14:03:32 -06:00
| initial-access | execution | persistence | privilege-escalation | defense-evasion | credential-access | discovery | lateral-movement | collection | exfiltration | command-and-control | impact |
|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-24 15:03:44 +00:00
| [Cloud Accounts](../../T1078.004/T1078.004.md) | [AppleScript](../../T1059.002/T1059.002.md) | [Accessibility Features](../../T1546.008/T1546.008.md) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [/etc/passwd and /etc/shadow](../../T1003.008/T1003.008.md) | Account Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Access Token [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Automated Exfiltration](../../T1020/T1020.md) | Application Layer Protocol [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Account Access Removal](../../T1531/T1531.md) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| Compromise Hardware Supply Chain [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [At (Linux)](../../T1053.001/T1053.001.md) | [Account Manipulation](../../T1098/T1098.md) | Access Token Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Access Token Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Application Window Discovery](../../T1010/T1010.md) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Archive Collected Data](../../T1560/T1560.md) | [Data Transfer Size Limits](../../T1030/T1030.md) | Asymmetric Cryptography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
| Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [At (Windows)](../../T1053.002/T1053.002.md) | Active Setup [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Accessibility Features](../../T1546.008/T1546.008.md) | Application Access Token [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [AS-REP Roasting](../../T1558.004/T1558.004.md) | [Browser Bookmark Discovery](../../T1217/T1217.md) | [Distributed Component Object Model](../../T1021.003/T1021.003.md) | Archive via Custom Method [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Exfiltration Over Alternative Protocol](../../T1048/T1048.md) | Bidirectional Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
| Compromise Software Supply Chain [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Add Office 365 Global Administrator Role [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Active Setup [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Asynchronous Procedure Call](../../T1055.004/T1055.004.md) | [Bash History](../../T1552.003/T1552.003.md) | Cloud Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exploitation of Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Archive via Library](../../T1560.002/T1560.002.md) | [Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](../../T1048.002/T1048.002.md) | Commonly Used Port [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Data Destruction](../../T1485/T1485.md) |
| [Default Accounts](../../T1078.001/T1078.001.md) | Component Object Model [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Add-ins](../../T1137.006/T1137.006.md) | AppCert DLLs [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [BITS Jobs](../../T1197/T1197.md) | Brute Force [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Cloud Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Internal Spearphishing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Communication Through Removable Media [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Data Encrypted for Impact](../../T1486/T1486.md) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-03-24 21:48:07 +00:00
| Domain Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Additional Cloud Credentials](../../T1098.001/T1098.001.md) | [AppInit DLLs](../../T1546.010/T1546.010.md) | [Binary Padding](../../T1027.001/T1027.001.md) | [Cached Domain Credentials](../../T1003.005/T1003.005.md) | Cloud Infrastructure Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Lateral Tool Transfer [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Audio Capture](../../T1123/T1123.md) | [Exfiltration Over C2 Channel](../../T1041/T1041.md) | [DNS](../../T1071.004/T1071.004.md) | Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| Drive-by Compromise [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Container Administration Command](../../T1609/T1609.md) | AppCert DLLs [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Application Shimming](../../T1546.011/T1546.011.md) | Bootkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Cloud Instance Metadata API [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Cloud Service Dashboard [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Pass the Hash](../../T1550.002/T1550.002.md) | [Automated Collection](../../T1119/T1119.md) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | DNS Calculation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Defacement [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
| Exploit Public-Facing Application [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Container Orchestration Job](../../T1053.007/T1053.007.md) | [AppInit DLLs](../../T1546.010/T1546.010.md) | [Asynchronous Procedure Call](../../T1055.004/T1055.004.md) | Build Image on Host [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Container API](../../T1552.007/T1552.007.md) | Cloud Service Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Pass the Ticket](../../T1550.003/T1550.003.md) | [Clipboard Data](../../T1115/T1115.md) | Exfiltration Over Physical Medium [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data Encoding [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Direct Network Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
| [External Remote Services](../../T1133/T1133.md) | [Cron](../../T1053.003/T1053.003.md) | [Application Shimming](../../T1546.011/T1546.011.md) | [At (Linux)](../../T1053.001/T1053.001.md) | [Bypass User Account Control](../../T1548.002/T1548.002.md) | [Credential API Hooking](../../T1056.004/T1056.004.md) | Container and Resource Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [RDP Hijacking](../../T1563.002/T1563.002.md) | Confluence [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration Over Symmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data Obfuscation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disk Content Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-26 20:08:34 +00:00
| Hardware Additions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Deploy Container [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [At (Linux)](../../T1053.001/T1053.001.md) | [At (Windows)](../../T1053.002/T1053.002.md) | [CMSTP](../../T1218.003/T1218.003.md) | [Credential Stuffing](../../T1110.004/T1110.004.md) | [Domain Account](../../T1087.002/T1087.002.md) | [Remote Desktop Protocol](../../T1021.001/T1021.001.md) | [Credential API Hooking](../../T1056.004/T1056.004.md) | [Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol](../../T1048.003/T1048.003.md) | Dead Drop Resolver [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disk Structure Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| [Local Accounts](../../T1078.003/T1078.003.md) | [Dynamic Data Exchange](../../T1559.002/T1559.002.md) | [At (Windows)](../../T1053.002/T1053.002.md) | [Authentication Package](../../T1547.002/T1547.002.md) | [COR_PROFILER](../../T1574.012/T1574.012.md) | [Credentials In Files](../../T1552.001/T1552.001.md) | [Domain Groups](../../T1069.002/T1069.002.md) | Remote Service Session Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data Staged [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Exfiltration Over Web Service](../../T1567/T1567.md) | Domain Fronting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disk Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-03-14 17:38:48 +00:00
| Phishing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exploitation for Client Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Authentication Package](../../T1547.002/T1547.002.md) | [Boot or Logon Autostart Execution](../../T1547/T1547.md) | [Clear Command History](../../T1070.003/T1070.003.md) | [Credentials from Password Stores](../../T1555/T1555.md) | [Domain Trust Discovery](../../T1482/T1482.md) | Remote Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data from Cloud Storage Object [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration over USB [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Generation Algorithms [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Endpoint Denial of Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| [Replication Through Removable Media](../../T1091/T1091.md) | Graphical User Interface [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [BITS Jobs](../../T1197/T1197.md) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Clear Linux or Mac System Logs](../../T1070.002/T1070.002.md) | [Credentials from Web Browsers](../../T1555.003/T1555.003.md) | Email Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Replication Through Removable Media](../../T1091/T1091.md) | Data from Configuration Repository [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration to Cloud Storage [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Dynamic Resolution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | External Defacement [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-03-14 17:38:48 +00:00
| [Spearphishing Attachment](../../T1566.001/T1566.001.md) | Inter-Process Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Boot or Logon Autostart Execution](../../T1547/T1547.md) | [Bypass User Account Control](../../T1548.002/T1548.002.md) | [Clear Windows Event Logs](../../T1070.001/T1070.001.md) | [Credentials in Registry](../../T1552.002/T1552.002.md) | [File and Directory Discovery](../../T1083/T1083.md) | [SMB/Windows Admin Shares](../../T1021.002/T1021.002.md) | Data from Information Repositories [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exfiltration to Code Repository [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Encrypted Channel](../../T1573/T1573.md) | Firmware Corruption [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-24 15:03:44 +00:00
| Spearphishing Link [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | JavaScript [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [COR_PROFILER](../../T1574.012/T1574.012.md) | [Cloud Accounts](../../T1078.004/T1078.004.md) | [DCSync](../../T1003.006/T1003.006.md) | Internet Connection Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | SSH [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data from Local System [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Scheduled Transfer [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | External Proxy [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Inhibit System Recovery](../../T1490/T1490.md) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| Spearphishing via Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Launchctl](../../T1569.001/T1569.001.md) | Bootkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Change Default File Association](../../T1546.001/T1546.001.md) | Code Signing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Controller Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Local Account](../../T1087.001/T1087.001.md) | SSH Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data from Network Shared Drive [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Traffic Duplication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Fallback Channels [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Internal Defacement](../../T1491.001/T1491.001.md) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-24 15:03:44 +00:00
| Supply Chain Compromise [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Launchd](../../T1053.004/T1053.004.md) | [Browser Extensions](../../T1176/T1176.md) | [Cloud Accounts](../../T1078.004/T1078.004.md) | Code Signing Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Exploitation for Credential Access [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Local Groups](../../T1069.001/T1069.001.md) | Shared Webroot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Data from Removable Media [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Transfer Data to Cloud Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Fast Flux DNS [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Network Denial of Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-02-07 15:30:23 +00:00
| Trusted Relationship [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Malicious File](../../T1204.002/T1204.002.md) | [COR_PROFILER](../../T1574.012/T1574.012.md) | [Component Object Model Hijacking](../../T1546.015/T1546.015.md) | [Compile After Delivery](../../T1027.004/T1027.004.md) | [Forced Authentication](../../T1187/T1187.md) | [Network Service Scanning](../../T1046/T1046.md) | [Software Deployment Tools](../../T1072/T1072.md) | Email Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | File Transfer Protocols [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | OS Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Malicious Image [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Change Default File Association](../../T1546.001/T1546.001.md) | [Container Orchestration Job](../../T1053.007/T1053.007.md) | [Compiled HTML File](../../T1218.001/T1218.001.md) | Forge Web Credentials [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Network Share Discovery](../../T1135/T1135.md) | Taint Shared Content [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Email Forwarding Rule [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | [Ingress Tool Transfer](../../T1105/T1105.md) | Reflection Amplification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
| | Malicious Link [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Cloud Account](../../T1136.003/T1136.003.md) | [Create Process with Token](../../T1134.002/T1134.002.md) | Component Firmware [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [GUI Input Capture](../../T1056.002/T1056.002.md) | [Network Sniffing](../../T1040/T1040.md) | Use Alternate Authentication Material [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [GUI Input Capture](../../T1056.002/T1056.002.md) | | [Internal Proxy](../../T1090.001/T1090.001.md) | [Resource Hijacking](../../T1496/T1496.md) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-24 15:03:44 +00:00
| | [Native API](../../T1106/T1106.md) | [Cloud Accounts](../../T1078.004/T1078.004.md) | Create or Modify System Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Control Panel](../../T1218.002/T1218.002.md) | [Golden Ticket](../../T1558.001/T1558.001.md) | [Password Policy Discovery](../../T1201/T1201.md) | VNC [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Input Capture [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Junk Data [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Runtime Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | Network Device CLI [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Component Firmware [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Cron](../../T1053.003/T1053.003.md) | Create Cloud Instance [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Group Policy Preferences](../../T1552.006/T1552.006.md) | [Peripheral Device Discovery](../../T1120/T1120.md) | Web Session Cookie [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Keylogging](../../T1056.001/T1056.001.md) | | Mail Protocols [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Service Exhaustion Flood [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-02-07 15:30:23 +00:00
| | [PowerShell](../../T1059.001/T1059.001.md) | [Component Object Model Hijacking](../../T1546.015/T1546.015.md) | [DLL Search Order Hijacking](../../T1574.001/T1574.001.md) | [Create Process with Token](../../T1134.002/T1134.002.md) | Input Capture [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Windows Remote Management](../../T1021.006/T1021.006.md) | [LLMNR/NBT-NS Poisoning and SMB Relay](../../T1557.001/T1557.001.md) | | Multi-Stage Channels [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Service Stop](../../T1489/T1489.md) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-02-15 13:15:07 +00:00
| | [Python](../../T1059.006/T1059.006.md) | Compromise Client Software Binary [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [DLL Side-Loading](../../T1574.002/T1574.002.md) | Create Snapshot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Kerberoasting](../../T1558.003/T1558.003.md) | [Process Discovery](../../T1057/T1057.md) | | [Local Data Staging](../../T1074.001/T1074.001.md) | | [Multi-hop Proxy](../../T1090.003/T1090.003.md) | Stored Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | [Scheduled Task](../../T1053.005/T1053.005.md) | [Container Orchestration Job](../../T1053.007/T1053.007.md) | [Default Accounts](../../T1078.001/T1078.001.md) | [DLL Search Order Hijacking](../../T1574.001/T1574.001.md) | [Keychain](../../T1555.001/T1555.001.md) | [Query Registry](../../T1012/T1012.md) | | [Local Email Collection](../../T1114.001/T1114.001.md) | | Multiband Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [System Shutdown/Reboot](../../T1529/T1529.md) |
| | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Create Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [DLL Side-Loading](../../T1574.002/T1574.002.md) | [Keylogging](../../T1056.001/T1056.001.md) | [Remote System Discovery](../../T1018/T1018.md) | | Man in the Browser [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | [Non-Application Layer Protocol](../../T1095/T1095.md) | Transmitted Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-26 20:13:37 +00:00
| | Scripting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Create or Modify System Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Default Accounts](../../T1078.001/T1078.001.md) | [LLMNR/NBT-NS Poisoning and SMB Relay](../../T1557.001/T1557.001.md) | [Security Software Discovery](../../T1518.001/T1518.001.md) | | Man-in-the-Middle [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Non-Standard Encoding [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | [Service Execution](../../T1569.002/T1569.002.md) | [Cron](../../T1053.003/T1053.003.md) | [Domain Trust Modification](../../T1484.002/T1484.002.md) | Delete Cloud Instance [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [LSA Secrets](../../T1003.004/T1003.004.md) | [Software Discovery](../../T1518/T1518.md) | | Network Device Configuration Dump [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | [Non-Standard Port](../../T1571/T1571.md) | |
| | Shared Modules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [DLL Search Order Hijacking](../../T1574.001/T1574.001.md) | Dylib Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Deobfuscate/Decode Files or Information](../../T1140/T1140.md) | [LSASS Memory](../../T1003.001/T1003.001.md) | [System Checks](../../T1497.001/T1497.001.md) | | Remote Data Staging [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | One-Way Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-26 20:08:34 +00:00
| | [Software Deployment Tools](../../T1072/T1072.md) | [DLL Side-Loading](../../T1574.002/T1574.002.md) | [Dynamic Linker Hijacking](../../T1574.006/T1574.006.md) | Deploy Container [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Man-in-the-Middle [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [System Information Discovery](../../T1082/T1082.md) | | Remote Email Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Port Knocking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | Source [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Default Accounts](../../T1078.001/T1078.001.md) | [Dynamic-link Library Injection](../../T1055.001/T1055.001.md) | [Direct Volume Access](../../T1006/T1006.md) | Modify Authentication Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | System Location Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | SNMP (MIB Dump) [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Protocol Impersonation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
| | System Services [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Domain Account](../../T1136.002/T1136.002.md) | Elevated Execution with Prompt [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Disable Cloud Logs](../../T1562.008/T1562.008.md) | [NTDS](../../T1003.003/T1003.003.md) | [System Network Configuration Discovery](../../T1016/T1016.md) | | [Screen Capture](../../T1113/T1113.md) | | [Protocol Tunneling](../../T1572/T1572.md) | |
| | [Systemd Timers](../../T1053.006/T1053.006.md) | Domain Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Emond](../../T1546.014/T1546.014.md) | Disable Crypto Hardware [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Network Device Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [System Network Connections Discovery](../../T1049/T1049.md) | | Sharepoint [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Proxy [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-02-21 17:35:33 +00:00
| | [Unix Shell](../../T1059.004/T1059.004.md) | Domain Controller Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Escape to Host](../../T1611/T1611.md) | [Disable Windows Event Logging](../../T1562.002/T1562.002.md) | [Network Sniffing](../../T1040/T1040.md) | [System Owner/User Discovery](../../T1033/T1033.md) | | [Video Capture](../../T1125/T1125.md) | | [Remote Access Software](../../T1219/T1219.md) | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | User Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Dylib Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Event Triggered Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Disable or Modify Cloud Firewall [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [OS Credential Dumping](../../T1003/T1003.md) | [System Service Discovery](../../T1007/T1007.md) | | Web Portal Capture [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | [Standard Encoding](../../T1132.001/T1132.001.md) | |
| | [Visual Basic](../../T1059.005/T1059.005.md) | [Dynamic Linker Hijacking](../../T1574.006/T1574.006.md) | Executable Installer File Permissions Weakness [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Disable or Modify System Firewall](../../T1562.004/T1562.004.md) | [Password Cracking](../../T1110.002/T1110.002.md) | [System Time Discovery](../../T1124/T1124.md) | | | | Steganography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
| | [Windows Command Shell](../../T1059.003/T1059.003.md) | [Emond](../../T1546.014/T1546.014.md) | Exploitation for Privilege Escalation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Disable or Modify Tools](../../T1562.001/T1562.001.md) | [Password Filter DLL](../../T1556.002/T1556.002.md) | Time Based Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | Symmetric Cryptography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
| | [Windows Management Instrumentation](../../T1047/T1047.md) | Event Triggered Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Extra Window Memory Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Password Guessing](../../T1110.001/T1110.001.md) | User Activity Based Checks [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | Traffic Signaling [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
| | | Exchange Email Delegate Permissions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Group Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Controller Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Password Managers [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | [Web Protocols](../../T1071.001/T1071.001.md) | |
| | | Executable Installer File Permissions Weakness [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Domain Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Password Spraying](../../T1110.003/T1110.003.md) | | | | | Web Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-11-03 18:57:08 +00:00
| | | [External Remote Services](../../T1133/T1133.md) | [Image File Execution Options Injection](../../T1546.012/T1546.012.md) | [Domain Trust Modification](../../T1484.002/T1484.002.md) | [Pluggable Authentication Modules](../../T1556.003/T1556.003.md) | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Kernel Modules and Extensions](../../T1547.006/T1547.006.md) | Downgrade System Image [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Private Keys](../../T1552.004/T1552.004.md) | | | | | | |
| | | Hypervisor [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | LC_LOAD_DYLIB Addition [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Dylib Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Proc Filesystem](../../T1003.007/T1003.007.md) | | | | | | |
| | | [Image File Execution Options Injection](../../T1546.012/T1546.012.md) | LSASS Driver [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Dynamic Linker Hijacking](../../T1574.006/T1574.006.md) | [SAML Tokens](../../T1606.002/T1606.002.md) | | | | | | |
| | | Implant Internal Image [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Launch Agent](../../T1543.001/T1543.001.md) | [Dynamic-link Library Injection](../../T1055.001/T1055.001.md) | [Security Account Manager](../../T1003.002/T1003.002.md) | | | | | | |
| | | [Kernel Modules and Extensions](../../T1547.006/T1547.006.md) | [Launch Daemon](../../T1543.004/T1543.004.md) | Elevated Execution with Prompt [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Securityd Memory [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | LC_LOAD_DYLIB Addition [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Launchd](../../T1053.004/T1053.004.md) | Environmental Keying [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Silver Ticket [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | LSASS Driver [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Local Accounts](../../T1078.003/T1078.003.md) | Executable Installer File Permissions Weakness [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Steal Application Access Token [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | [Launch Agent](../../T1543.001/T1543.001.md) | [Logon Script (Mac)](../../T1037.002/T1037.002.md) | Execution Guardrails [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Steal Web Session Cookie [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | [Launch Daemon](../../T1543.004/T1543.004.md) | [Logon Script (Windows)](../../T1037.001/T1037.001.md) | Exploitation for Defense Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Steal or Forge Kerberos Tickets [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | [Launchd](../../T1053.004/T1053.004.md) | Make and Impersonate Token [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Extra Window Memory Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Two-Factor Authentication Interception [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | [Local Account](../../T1136.001/T1136.001.md) | [Netsh Helper DLL](../../T1546.007/T1546.007.md) | [File Deletion](../../T1070.004/T1070.004.md) | Unsecured Credentials [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | [Local Accounts](../../T1078.003/T1078.003.md) | Network Logon Script [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | File and Directory Permissions Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Web Cookies [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | [Logon Script (Mac)](../../T1037.002/T1037.002.md) | [Parent PID Spoofing](../../T1134.004/T1134.004.md) | [Gatekeeper Bypass](../../T1553.001/T1553.001.md) | Web Portal Capture [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | [Logon Script (Windows)](../../T1037.001/T1037.001.md) | Path Interception [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Group Policy Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Windows Credential Manager [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | |
| | | Modify Authentication Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Hidden File System [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Netsh Helper DLL](../../T1546.007/T1546.007.md) | Path Interception by Search Order Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Hidden Files and Directories](../../T1564.001/T1564.001.md) | | | | | | | |
| | | Network Device Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Path Interception by Unquoted Path](../../T1574.009/T1574.009.md) | [Hidden Users](../../T1564.002/T1564.002.md) | | | | | | | |
| | | Network Logon Script [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Plist Modification](../../T1547.011/T1547.011.md) | [Hidden Window](../../T1564.003/T1564.003.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [Office Application Startup](../../T1137/T1137.md) | [Port Monitors](../../T1547.010/T1547.010.md) | [Hide Artifacts](../../T1564/T1564.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | Office Template Macros [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Portable Executable Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [Office Test](../../T1137.002/T1137.002.md) | [PowerShell Profile](../../T1546.013/T1546.013.md) | [Impair Command History Logging](../../T1562.003/T1562.003.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | Outlook Forms [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Print Processors [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Impair Defenses [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Outlook Home Page](../../T1137.004/T1137.004.md) | Proc Memory [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Indicator Blocking](../../T1562.006/T1562.006.md) | | | | | | | |
| | | Outlook Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Process Doppelgänging [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Indicator Removal from Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [Password Filter DLL](../../T1556.002/T1556.002.md) | [Process Hollowing](../../T1055.012/T1055.012.md) | [Indicator Removal on Host](../../T1070/T1070.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | Path Interception [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Process Injection](../../T1055/T1055.md) | [Indirect Command Execution](../../T1202/T1202.md) | | | | | | | |
| | | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Ptrace System Calls [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Install Root Certificate](../../T1553.004/T1553.004.md) | | | | | | | |
| | | Path Interception by Search Order Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [RC Scripts](../../T1037.004/T1037.004.md) | [InstallUtil](../../T1218.004/T1218.004.md) | | | | | | | |
| | | [Path Interception by Unquoted Path](../../T1574.009/T1574.009.md) | [Re-opened Applications](../../T1547.007/T1547.007.md) | Invalid Code Signature [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Plist Modification](../../T1547.011/T1547.011.md) | [Registry Run Keys / Startup Folder](../../T1547.001/T1547.001.md) | LC_MAIN Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Pluggable Authentication Modules](../../T1556.003/T1556.003.md) | SID-History Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Linux and Mac File and Directory Permissions Modification](../../T1222.002/T1222.002.md) | | | | | | | |
| | | Port Knocking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Scheduled Task](../../T1053.005/T1053.005.md) | [Local Accounts](../../T1078.003/T1078.003.md) | | | | | | | |
| | | [Port Monitors](../../T1547.010/T1547.010.md) | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [MSBuild](../../T1127.001/T1127.001.md) | | | | | | | |
| | | [PowerShell Profile](../../T1546.013/T1546.013.md) | [Screensaver](../../T1546.002/T1546.002.md) | Make and Impersonate Token [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | Pre-OS Boot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Security Support Provider](../../T1547.005/T1547.005.md) | [Mark-of-the-Web Bypass](../../T1553.005/T1553.005.md) | | | | | | | |
| | | Print Processors [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Services File Permissions Weakness [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Masquerade Task or Service](../../T1036.004/T1036.004.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [RC Scripts](../../T1037.004/T1037.004.md) | [Services Registry Permissions Weakness](../../T1574.011/T1574.011.md) | [Masquerading](../../T1036/T1036.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | ROMMONkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Setuid and Setgid](../../T1548.001/T1548.001.md) | [Match Legitimate Name or Location](../../T1036.005/T1036.005.md) | | | | | | | |
| | | [Re-opened Applications](../../T1547.007/T1547.007.md) | [Shortcut Modification](../../T1547.009/T1547.009.md) | Modify Authentication Process [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | Redundant Access [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Startup Items](../../T1037.005/T1037.005.md) | Modify Cloud Compute Infrastructure [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [Registry Run Keys / Startup Folder](../../T1547.001/T1547.001.md) | [Sudo and Sudo Caching](../../T1548.003/T1548.003.md) | [Modify Registry](../../T1112/T1112.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | SQL Stored Procedures [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Systemd Service](../../T1543.002/T1543.002.md) | Modify System Image [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [SSH Authorized Keys](../../T1098.004/T1098.004.md) | [Systemd Timers](../../T1053.006/T1053.006.md) | [Mshta](../../T1218.005/T1218.005.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | [Scheduled Task](../../T1053.005/T1053.005.md) | Thread Execution Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Msiexec](../../T1218.007/T1218.007.md) | | | | | | | |
| | | Scheduled Task/Job [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Thread Local Storage [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [NTFS File Attributes](../../T1564.004/T1564.004.md) | | | | | | | |
| | | [Screensaver](../../T1546.002/T1546.002.md) | Time Providers [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Network Address Translation Traversal [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Security Support Provider](../../T1547.005/T1547.005.md) | [Token Impersonation/Theft](../../T1134.001/T1134.001.md) | Network Boundary Bridging [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | Server Software Component [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Trap](../../T1546.005/T1546.005.md) | Network Device Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | Services File Permissions Weakness [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Unix Shell Configuration Modification](../../T1546.004/T1546.004.md) | [Network Share Connection Removal](../../T1070.005/T1070.005.md) | | | | | | | |
| | | [Services Registry Permissions Weakness](../../T1574.011/T1574.011.md) | VDSO Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Obfuscated Files or Information](../../T1027/T1027.md) | | | | | | | |
| | | [Shortcut Modification](../../T1547.009/T1547.009.md) | Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Odbcconf](../../T1218.008/T1218.008.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [Startup Items](../../T1037.005/T1037.005.md) | [Windows Management Instrumentation Event Subscription](../../T1546.003/T1546.003.md) | [Parent PID Spoofing](../../T1134.004/T1134.004.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | System Firmware [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Windows Service](../../T1543.003/T1543.003.md) | [Pass the Hash](../../T1550.002/T1550.002.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [Systemd Service](../../T1543.002/T1543.002.md) | [Winlogon Helper DLL](../../T1547.004/T1547.004.md) | [Pass the Ticket](../../T1550.003/T1550.003.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | [Systemd Timers](../../T1053.006/T1053.006.md) | XDG Autostart Entries [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Password Filter DLL](../../T1556.002/T1556.002.md) | | | | | | | |
| | | TFTP Boot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Patch System Image [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | Time Providers [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | Traffic Signaling [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Path Interception by Search Order Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
| | | [Transport Agent](../../T1505.002/T1505.002.md) | | [Path Interception by Unquoted Path](../../T1574.009/T1574.009.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-08-27 15:57:14 +00:00
| | | [Trap](../../T1546.005/T1546.005.md) | | [Pluggable Authentication Modules](../../T1556.003/T1556.003.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | [Unix Shell Configuration Modification](../../T1546.004/T1546.004.md) | | Port Knocking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | Portable Executable Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Web Shell](../../T1505.003/T1505.003.md) | | Pre-OS Boot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Windows Management Instrumentation Event Subscription](../../T1546.003/T1546.003.md) | | Proc Memory [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | [Windows Service](../../T1543.003/T1543.003.md) | | Process Doppelgänging [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-21 20:26:14 +00:00
| | | [Winlogon Helper DLL](../../T1547.004/T1547.004.md) | | [Process Hollowing](../../T1055.012/T1055.012.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | XDG Autostart Entries [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | [Process Injection](../../T1055/T1055.md) | | | | | | | |
| | | | | Ptrace System Calls [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
| | | | | [PubPrn](../../T1216.001/T1216.001.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | | | ROMMONkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Reduce Key Space [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Redundant Access [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Fix T1551 to T1070 (#1161)
2020-08-01 09:46:06 -06:00
| | | | | [Regsvcs/Regasm](../../T1218.009/T1218.009.md) | | | | | | | |
| | | | | [Regsvr32](../../T1218.010/T1218.010.md) | | | | | | | |
| | | | | [Rename System Utilities](../../T1036.003/T1036.003.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | | | Revert Cloud Instance [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Right-to-Left Override [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Fix T1551 to T1070 (#1161)
2020-08-01 09:46:06 -06:00
| | | | | [Rogue Domain Controller](../../T1207/T1207.md) | | | | | | | |
Convert to Mitre ATT&CK sub-technique schema (#1056)
2020-06-17 12:55:46 -06:00
| | | | | [Rootkit](../../T1014/T1014.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-02-12 20:02:51 +00:00
| | | | | [Run Virtual Instance](../../T1564.006/T1564.006.md) | | | | | | | |
Convert to Mitre ATT&CK sub-technique schema (#1056)
2020-06-17 12:55:46 -06:00
| | | | | [Rundll32](../../T1218.011/T1218.011.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | | | SID-History Injection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | SIP and Trust Provider Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Scripting [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Services File Permissions Weakness [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Convert to Mitre ATT&CK sub-technique schema (#1056)
2020-06-17 12:55:46 -06:00
| | | | | [Services Registry Permissions Weakness](../../T1574.011/T1574.011.md) | | | | | | | |
| | | | | [Setuid and Setgid](../../T1548.001/T1548.001.md) | | | | | | | |
| | | | | [Signed Binary Proxy Execution](../../T1218/T1218.md) | | | | | | | |
| | | | | [Signed Script Proxy Execution](../../T1216/T1216.md) | | | | | | | |
| | | | | [Software Packing](../../T1027.002/T1027.002.md) | | | | | | | |
| | | | | [Space after Filename](../../T1036.006/T1036.006.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | | | Steganography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Subvert Trust Controls [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Convert to Mitre ATT&CK sub-technique schema (#1056)
2020-06-17 12:55:46 -06:00
| | | | | [Sudo and Sudo Caching](../../T1548.003/T1548.003.md) | | | | | | | |
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
| | | | | [System Checks](../../T1497.001/T1497.001.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | | | System Firmware [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | TFTP Boot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-18 03:57:42 +00:00
| | | | | [Template Injection](../../T1221/T1221.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | | | Thread Execution Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Thread Local Storage [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Time Based Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Fix T1551 to T1070 (#1161)
2020-08-01 09:46:06 -06:00
| | | | | [Timestomp](../../T1070.006/T1070.006.md) | | | | | | | |
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
| | | | | [Token Impersonation/Theft](../../T1134.001/T1134.001.md) | | | | | | | |
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-01-18 21:57:11 +00:00
| | | | | Traffic Signaling [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Trusted Developer Utilities Proxy Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Unused/Unsupported Cloud Regions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Use Alternate Authentication Material [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | User Activity Based Checks [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | VBA Stomping [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | VDSO Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Verclsid [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Weaken Encryption [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
| | | | | Web Session Cookie [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | | | | | | | |
Convert to Mitre ATT&CK sub-technique schema (#1056)
2020-06-17 12:55:46 -06:00
| | | | | [Windows File and Directory Permissions Modification](../../T1222.001/T1222.001.md) | | | | | | | |
OCD :) (#967)
2020-05-01 14:03:32 -06:00
| | | | | [XSL Script Processing](../../T1220/T1220.md) | | | | | | | |
Reference in New Issue Copy Permalink