security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated link for April update

Browse Source
This commit is contained in:
Ye Yint @ Rolan
2018-04-16 16:08:36 +08:00
committed by GitHub
parent 4e228bdf9d
commit 7ffbd63d28
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Windows/README.md
+3 -3
View File
@@ -2,12 +2,12 @@
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control|
|-------------------------------------------------------|----------------------------------------|-----------------------------------------|----------------------------------------|----------------------------------------|-------------------------------------|------------------------------------|--------------------------------|--------------------------------|-----------------------------------------------|-----------------------------------------|
| Drive-by Compromise | CMSTP | [Accessibility Features](Persistence/Accessibility_Features.md) | Access Token Manipulation | Access Token Manipulation | [Account Manipulation](Credential_Access/Account_Manipulation.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | [Audio Capture](Collection/Audio_Capture.md) | Automated Exfiltration | Commonly Used Port |
| Drive-by Compromise | CMSTP | [Accessibility Features](Persistence/Accessibility_Features.md)(Persistence/Accessibility_Features.md) | Access Token Manipulation | Access Token Manipulation | [Account Manipulation](Credential_Access/Account_Manipulation.md) | [Account Discovery](Discovery/Account_Discovery.md) | Application Deployment Software | [Audio Capture](Collection/Audio_Capture.md) | Automated Exfiltration | Commonly Used Port |
| Exploit Public-Facing Application | Command-Line Interface | AppCert DLLs | [Accessibility Features](Persistence/Accessibility_Features.md) | [BITS Jobs](Execution/Bitsadmin.md) | [Brute Force](Credential_Access/Brute_Force.md) | Application Window Discovery | Distributed Component Object Model | [Automated Collection](Collection/Automated_Collection.md) | [Data Compressed](Exfiltration/Data_Compressed.md) | Communication Through Removable Media |
| Hardware Additions | Control Panel Items | [AppInit DLLs](Persistence/AppInit_DLLs.md) | AppCert DLLs | Binary Padding | Credential Dumping | Browser Bookmark Discovery | Exploitation of Remote Services | [Clipboard Data](Collection/Clipboard_Data.md) | Data Encrypted | Connection Proxy|
| Replication Through Removable Media | [Dynamic Data Exchange](Execution/Dynamic_Data_Exchange.md) | Application Shimming | [AppInit DLLs](Persistence/AppInit_DLLs.md) | [Bypass User Account Control](Privilege_Escalation/Bypass_User_Account_Control.md) | [Credentials in Files](Credential_Access/Credentials_in_Files.md) | File and Directory Discovery | [Logon Scripts](Persistence/Logon_Scripts.md) | [Data Staged](Collection/Data_Staged.md) | Data Transfer Size Limits | Custom Command and Control Protocol |
| Spearphishing Attachment Execution through API | [Authentication Package](Persistence/Authentication_Package.md) | Application Shimming | CMSTP | Credentials in Registry | Network Service Scanning | [Pass the Hash](Lateral_Movement/Pass_the_Hash.md) | Data from Information Repositories | Exfiltration Over Alternative Protocol | Custom Cryptographic Protocol |
| Spearphishing Link | Execution through Module Load | [BITS Jobs](Execution/Bitsadmin.md) | [Bypass User Account Control](Privilege_Escalation/Bypass_User_Account_Control.md) | Code Signing | Exploitation for Credential Access | Network Share Discovery | Pass the Ticket Data from Local System | Exfiltration Over Command and Control Channel |Data Encoding |
| Spearphishing Attachment Execution through API | [Authentication Package](Persistence/Authentication_Package.md) | Application Shimming | CMSTP | Credentials in Registry | Network Service Scanning | [Pass the Hash](Lateral_Movement/Pass_the_Hash.md) | Data from Information Repositories | Exfiltration Over Alternative Protocol | Custom Cryptographic Protocol | |
| Spearphishing Link | Execution through Module Load | [BITS Jobs](Execution/Bitsadmin.md) | [Bypass User Account Control](Privilege_Escalation/Bypass_User_Account_Control.md) | Code Signing | Exploitation for Credential Access | Network Share Discovery | Pass the Ticket Data from Local System | Exfiltration Over Command and Control Channel |Data Encoding | |
| Spearphishing via Service | Exploitation for Client Execution | Bootkit |DLL Search Order Hijacking | Component Firmware | Forced Authentication | Password Policy Discovery | [Remote Desktop Protocol](Lateral_Movement/Remote_Desktop_Protocol.md) | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation |
| Supply Chain Compromise | Graphical User Interface | [Browser Extensions](Persistence/Browser_Extensions.md) | Exploitation for Privilege Escalation | [Component Object Model Hijacking](Persistence/Component_Object_Model_Hijacking.md) | Hooking | Peripheral Device Discovery | Remote File Copy | Data from Removable Media | Exfiltration Over Physical Medium | Domain Fronting |
|Trusted Relationship | [InstallUtil](Execution/InstallUtil.md) | [Change Default File Association](Persistence/Change_Default_File_Association.md) | Extra Window Memory Injection | Control Panel Items | [Input Capture](Collection/Input_Capture.md) | Permission Groups Discovery | Remote Services | Email Collection | Scheduled Transfer | Fallback Channels |