security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mac Indicator Removal on Host

Browse Source 
* Added Mac Defense Evasion / Indicator Removal on Host and updated
Matrix
This commit is contained in:
atmathis
2018-01-01 17:07:42 -05:00
parent a9b36650cd
commit 5802bb2df8
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Mac/Defense_Evasion/Indicator_Removal_On_Host.md
+9
View File
@@ -0,0 +1,9 @@
# Indicator Removal on Host
MITRE ATT&CK Technique: [T1070](https://attack.mitre.org/wiki/Technique/T1070)
### Delete System Logs
rm -rf /private/var/log/system.log*
### Delete BSM Audit Logs
rm -rf /private/var/audit/*
Mac/README.md
+1 -1
View File
@@ -15,7 +15,7 @@
| Logon Scripts | | [Hidden Users](Defense_Evasion/Hidden_Users.md) | Private Keys | System Network Configuration Discovery | | | | | Multiband Communication |
| Plist Modification | | Hidden Window | Securityd Memory | System Network Connections Discovery | | | | | Multilayer Encryption |
| Rc.common | | Indicator Removal from Tools | Two-Factor Authentication Interception | System Owner/User Discovery | | | | | Remote File Copy |
| Re-opened Applications | | Indicator Removal on Host | | | | | | | Standard Application Layer Protocol |
| Re-opened Applications | | [Indicator Removal on Host](Defense_Evasion/Indicator_Removal_On_Host) | | | | | | | Standard Application Layer Protocol |
| Redundant Access | | LC_MAIN Hijacking | | | | | | | Standard Cryptographic Protocol |
| Startup Items | | Launchctl | | | | | | | Standard Non-Application Layer Protocol |
| Trap | | Masquerading | | | | | | | Uncommonly Used Port |