From ccf60ee7b80ac615ef3955ce300c0fe8e894ecaa Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Wed, 23 May 2018 23:17:49 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=uppercase-everything --- atomics/index.md | 566 +++++++++++++++++++++++----------------------- atomics/matrix.md | 118 +++++----- 2 files changed, 342 insertions(+), 342 deletions(-) diff --git a/atomics/index.md b/atomics/index.md index 6e5fac6a..15f553a3 100644 --- a/atomics/index.md +++ b/atomics/index.md @@ -1,97 +1,97 @@ # persistence -- [T1156 .bash_profile and .bashrc](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1156?T1156.md) -- [T1015 Accessibility Features](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1015?T1015.md) -- [T1182 AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1182?T1182.md) -- [T1103 AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1103?T1103.md) -- [T1138 Application Shimming](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1138?T1138.md) -- [T1131 Authentication Package](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1131?T1131.md) -- [T1197 BITS Jobs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1197?T1197.md) -- [T1067 Bootkit](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1067?T1067.md) -- [T1176 Browser Extensions](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1176/T1176.md) +- [T1156 .bash_profile and .bashrc](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1015 Accessibility Features](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1182 AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1103 AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1138 Application Shimming](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1131 Authentication Package](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1197 BITS Jobs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1067 Bootkit](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1176 Browser Extensions](./T1176/T1176.md) - Atomic Test #1: Chrome (Developer Mode) - Atomic Test #2: Chrome (Chrome Web Store) - Atomic Test #3: Firefox -- [T1042 Change Default File Association](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1042?T1042.md) -- [T1109 Component Firmware](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1109?T1109.md) -- [T1122 Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1122?T1122.md) -- [T1136 Create Account](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1136/T1136.md) +- [T1042 Change Default File Association](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1109 Component Firmware](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1122 Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1136 Create Account](./T1136/T1136.md) - Atomic Test #1: Create a user account on a Linux system - Atomic Test #2: Create a user account on a MacOS system -- [T1038 DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1038?T1038.md) -- [T1157 Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1157?T1157.md) -- [T1133 External Remote Services](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1133?T1133.md) -- [T1044 File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1044?T1044.md) -- [T1158 Hidden Files and Directories](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1158/T1158.md) +- [T1038 DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1157 Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1133 External Remote Services](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1044 File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1158 Hidden Files and Directories](./T1158/T1158.md) - Atomic Test #1: Create a hidden file in a hidden directory -- [T1179 Hooking](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179/T1179.md) +- [T1179 Hooking](./T1179/T1179.md) - Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages -- [T1062 Hypervisor](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1062?T1062.md) -- [T1183 Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1183?T1183.md) -- [T1215 Kernel Modules and Extensions](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1215?T1215.md) -- [T1161 LC_LOAD_DYLIB Addition](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1161?T1161.md) -- [T1177 LSASS Driver](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1177?T1177.md) -- [T1159 Launch Agent](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1159?T1159.md) -- [T1160 Launch Daemon](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1160?T1160.md) -- [T1152 Launchctl](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1152?T1152.md) -- [T1168 Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1168?T1168.md) -- [T1162 Login Item](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1162?T1162.md) -- [T1037 Logon Scripts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1037?T1037.md) -- [T1031 Modify Existing Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1031?T1031.md) -- [T1128 Netsh Helper DLL](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1128?T1128.md) -- [T1050 New Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1050?T1050.md) -- [T1137 Office Application Startup](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1137?T1137.md) -- [T1034 Path Interception](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1034?T1034.md) -- [T1150 Plist Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1150?T1150.md) -- [T1205 Port Knocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1205?T1205.md) -- [T1013 Port Monitors](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1013?T1013.md) -- [T1163 Rc.common](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1163?T1163.md) -- [T1164 Re-opened Applications](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1164?T1164.md) -- [T1108 Redundant Access](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1108?T1108.md) -- [T1060 Registry Run Keys / Start Folder](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1060?T1060.md) -- [T1198 SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1198?T1198.md) -- [T1053 Scheduled Task](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1053?T1053.md) -- [T1180 Screensaver](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1180?T1180.md) -- [T1101 Security Support Provider](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1101?T1101.md) -- [T1058 Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1058?T1058.md) -- [T1023 Shortcut Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1023?T1023.md) -- [T1165 Startup Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1165?T1165.md) -- [T1019 System Firmware](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1019?T1019.md) -- [T1209 Time Providers](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1209?T1209.md) -- [T1154 Trap](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1154?T1154.md) -- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) -- [T1100 Web Shell](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1100?T1100.md) -- [T1084 Windows Management Instrumentation Event Subscription](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1084?T1084.md) -- [T1004 Winlogon Helper DLL](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1004?T1004.md) +- [T1062 Hypervisor](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1183 Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1215 Kernel Modules and Extensions](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1161 LC_LOAD_DYLIB Addition](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1177 LSASS Driver](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1159 Launch Agent](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1160 Launch Daemon](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1152 Launchctl](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1168 Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1162 Login Item](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1037 Logon Scripts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1031 Modify Existing Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1128 Netsh Helper DLL](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1050 New Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1137 Office Application Startup](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1034 Path Interception](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1150 Plist Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1205 Port Knocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1013 Port Monitors](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1163 Rc.common](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1164 Re-opened Applications](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1108 Redundant Access](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1060 Registry Run Keys / Start Folder](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1198 SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1053 Scheduled Task](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1180 Screensaver](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1101 Security Support Provider](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1058 Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1023 Shortcut Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1165 Startup Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1019 System Firmware](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1209 Time Providers](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1154 Trap](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1100 Web Shell](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1084 Windows Management Instrumentation Event Subscription](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1004 Winlogon Helper DLL](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # defense-evasion -- [T1134 Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1134?T1134.md) -- [T1197 BITS Jobs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1197?T1197.md) -- [T1009 Binary Padding](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1009?T1009.md) -- [T1088 Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1088?T1088.md) -- [T1191 CMSTP](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1191?T1191.md) -- [T1146 Clear Command History](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1146/T1146.md) +- [T1134 Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1197 BITS Jobs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1009 Binary Padding](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1088 Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1191 CMSTP](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1146 Clear Command History](./T1146/T1146.md) - Atomic Test #1: Clear Bash history (rm) - Atomic Test #2: Clear Bash history (echo) - Atomic Test #3: Clear Bash history (cat dev/null) - Atomic Test #4: Clear Bash history (ln dev/null) - Atomic Test #5: Clear Bash history (truncate) - Atomic Test #6: Clear history of a bunch of shells -- [T1116 Code Signing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1116?T1116.md) -- [T1109 Component Firmware](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1109?T1109.md) -- [T1122 Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1122?T1122.md) -- [T1196 Control Panel Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1196?T1196.md) -- [T1207 DCShadow](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1207?T1207.md) -- [T1038 DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1038?T1038.md) -- [T1073 DLL Side-Loading](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1073?T1073.md) -- [T1140 Deobfuscate/Decode Files or Information](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1140?T1140.md) -- [T1089 Disabling Security Tools](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1089/T1089.md) +- [T1116 Code Signing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1109 Component Firmware](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1122 Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1196 Control Panel Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1207 DCShadow](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1038 DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1073 DLL Side-Loading](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1140 Deobfuscate/Decode Files or Information](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1089 Disabling Security Tools](./T1089/T1089.md) - Atomic Test #1: Disable iptables firewall - Atomic Test #2: Disable syslog - Atomic Test #3: Disable Cb Response - Atomic Test #4: Disable SELinux -- [T1211 Exploitation for Defense Evasion](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1211?T1211.md) -- [T1181 Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1181?T1181.md) -- [T1107 File Deletion](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1107/T1107.md) +- [T1211 Exploitation for Defense Evasion](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1181 Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1107 File Deletion](./T1107/T1107.md) - Atomic Test #1: Victim configuration - Atomic Test #2: Delete a single file - Atomic Test #3: Delete an entire folder @@ -105,280 +105,280 @@ - Atomic Test #11: Delete VSS - wmic - Atomic Test #12: bcdedit - Atomic Test #13: wbadmin -- [T1006 File System Logical Offsets](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1006?T1006.md) -- [T1144 Gatekeeper Bypass](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1144?T1144.md) -- [T1148 HISTCONTROL](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1148/T1148.md) -- [T1158 Hidden Files and Directories](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1158/T1158.md) +- [T1006 File System Logical Offsets](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1144 Gatekeeper Bypass](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1148 HISTCONTROL](./T1148/T1148.md) +- [T1158 Hidden Files and Directories](./T1158/T1158.md) - Atomic Test #1: Create a hidden file in a hidden directory -- [T1147 Hidden Users](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1147?T1147.md) -- [T1143 Hidden Window](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1143?T1143.md) -- [T1183 Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1183?T1183.md) -- [T1054 Indicator Blocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1054?T1054.md) -- [T1066 Indicator Removal from Tools](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1066?T1066.md) -- [T1070 Indicator Removal on Host](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1070?T1070.md) -- [T1202 Indirect Command Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1202?T1202.md) -- [T1130 Install Root Certificate](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1130/T1130.md) +- [T1147 Hidden Users](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1143 Hidden Window](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1183 Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1054 Indicator Blocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1066 Indicator Removal from Tools](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1070 Indicator Removal on Host](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1202 Indirect Command Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1130 Install Root Certificate](./T1130/T1130.md) - Atomic Test #1: Install root CA on CentOS/RHEL -- [T1118 InstallUtil](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1118/T1118.md) +- [T1118 InstallUtil](./T1118/T1118.md) - Atomic Test #1: InstallUtil uninstall method call -- [T1149 LC_MAIN Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1149?T1149.md) -- [T1152 Launchctl](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1152?T1152.md) -- [T1036 Masquerading](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1036?T1036.md) -- [T1112 Modify Registry](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1112?T1112.md) -- [T1170 Mshta](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1170/T1170.md) +- [T1149 LC_MAIN Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1152 Launchctl](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1036 Masquerading](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1112 Modify Registry](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1170 Mshta](./T1170/T1170.md) - Atomic Test #1: Mshta executes JavaScript Scheme Fetch Remote Payload With GetObject -- [T1096 NTFS File Attributes](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1096?T1096.md) -- [T1126 Network Share Connection Removal](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1126?T1126.md) -- [T1027 Obfuscated Files or Information](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1027?T1027.md) -- [T1150 Plist Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1150?T1150.md) -- [T1205 Port Knocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1205?T1205.md) -- [T1186 Process Doppelgänging](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1186?T1186.md) -- [T1093 Process Hollowing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1093?T1093.md) -- [T1055 Process Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1055?T1055.md) -- [T1108 Redundant Access](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1108?T1108.md) -- [T1121 Regsvcs/Regasm](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1121/T1121.md) +- [T1096 NTFS File Attributes](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1126 Network Share Connection Removal](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1027 Obfuscated Files or Information](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1150 Plist Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1205 Port Knocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1186 Process Doppelgänging](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1093 Process Hollowing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1055 Process Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1108 Redundant Access](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1121 Regsvcs/Regasm](./T1121/T1121.md) - Atomic Test #1: Regasm Uninstall Method Call Test - Atomic Test #2: Regsvs Uninstall Method Call Test -- [T1117 Regsvr32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1117/T1117.md) +- [T1117 Regsvr32](./T1117/T1117.md) - Atomic Test #1: Regsvr32 local COM scriptlet execution - Atomic Test #2: Regsvr32 remote COM scriptlet execution - Atomic Test #3: Regsvr32 local DLL execution -- [T1014 Rootkit](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1014?T1014.md) -- [T1085 Rundll32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1085/T1085.md) +- [T1014 Rootkit](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1085 Rundll32](./T1085/T1085.md) - Atomic Test #1: Rundll32 execute JavaScript Remote Payload With GetObject -- [T1198 SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1198?T1198.md) -- [T1064 Scripting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1064?T1064.md) -- [T1218 Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1218?T1218.md) -- [T1216 Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1216?T1216.md) -- [T1045 Software Packing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1045?T1045.md) -- [T1151 Space after Filename](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1151?T1151.md) -- [T1099 Timestomp](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1099/T1099.md) +- [T1198 SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1064 Scripting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1218 Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1216 Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1045 Software Packing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1151 Space after Filename](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1099 Timestomp](./T1099/T1099.md) - Atomic Test #1: Set a file's access timestamp - Atomic Test #2: Set a file's modification timestamp - Atomic Test #3: Set a file's creation timestamp -- [T1127 Trusted Developer Utilities](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1127/T1127.md) +- [T1127 Trusted Developer Utilities](./T1127/T1127.md) - Atomic Test #1: MSBuild Bypass Using Inline Tasks -- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) -- [T1102 Web Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1102?T1102.md) +- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1102 Web Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # privilege-escalation -- [T1134 Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1134?T1134.md) -- [T1015 Accessibility Features](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1015?T1015.md) -- [T1182 AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1182?T1182.md) -- [T1103 AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1103?T1103.md) -- [T1138 Application Shimming](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1138?T1138.md) -- [T1088 Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1088?T1088.md) -- [T1038 DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1038?T1038.md) -- [T1157 Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1157?T1157.md) -- [T1068 Exploitation for Privilege Escalation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1068?T1068.md) -- [T1181 Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1181?T1181.md) -- [T1044 File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1044?T1044.md) -- [T1179 Hooking](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179/T1179.md) +- [T1134 Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1015 Accessibility Features](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1182 AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1103 AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1138 Application Shimming](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1088 Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1038 DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1157 Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1068 Exploitation for Privilege Escalation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1181 Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1044 File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1179 Hooking](./T1179/T1179.md) - Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages -- [T1183 Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1183?T1183.md) -- [T1160 Launch Daemon](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1160?T1160.md) -- [T1050 New Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1050?T1050.md) -- [T1034 Path Interception](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1034?T1034.md) -- [T1150 Plist Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1150?T1150.md) -- [T1013 Port Monitors](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1013?T1013.md) -- [T1055 Process Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1055?T1055.md) -- [T1178 SID-History Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1178?T1178.md) -- [T1053 Scheduled Task](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1053?T1053.md) -- [T1058 Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1058?T1058.md) -- [T1166 Setuid and Setgid](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1166?T1166.md) -- [T1165 Startup Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1165?T1165.md) -- [T1169 Sudo](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1169?T1169.md) -- [T1206 Sudo Caching](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1206?T1206.md) -- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) -- [T1100 Web Shell](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1100?T1100.md) +- [T1183 Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1160 Launch Daemon](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1050 New Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1034 Path Interception](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1150 Plist Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1013 Port Monitors](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1055 Process Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1178 SID-History Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1053 Scheduled Task](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1058 Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1166 Setuid and Setgid](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1165 Startup Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1169 Sudo](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1206 Sudo Caching](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1100 Web Shell](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # discovery -- [T1087 Account Discovery](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1087/T1087.md) +- [T1087 Account Discovery](./T1087/T1087.md) - Atomic Test #1: List all accounts - Atomic Test #2: View sudoers access - Atomic Test #3: View accounts with UID 0 - Atomic Test #4: List opened files by user - Atomic Test #5: Show if a user account has ever logger in remotely -- [T1010 Application Window Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1010?T1010.md) -- [T1217 Browser Bookmark Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1217?T1217.md) -- [T1083 File and Directory Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1083?T1083.md) -- [T1046 Network Service Scanning](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1046/T1046.md) +- [T1010 Application Window Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1217 Browser Bookmark Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1083 File and Directory Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1046 Network Service Scanning](./T1046/T1046.md) - Atomic Test #1: Scan a bunch of ports to see if they are open -- [T1135 Network Share Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1135?T1135.md) -- [T1201 Password Policy Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1201?T1201.md) -- [T1120 Peripheral Device Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1120?T1120.md) -- [T1069 Permission Groups Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1069?T1069.md) -- [T1057 Process Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1057?T1057.md) -- [T1012 Query Registry](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1012?T1012.md) -- [T1018 Remote System Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1018?T1018.md) -- [T1063 Security Software Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1063?T1063.md) -- [T1082 System Information Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1082?T1082.md) -- [T1016 System Network Configuration Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1016?T1016.md) -- [T1049 System Network Connections Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1049?T1049.md) -- [T1033 System Owner/User Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1033?T1033.md) -- [T1007 System Service Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1007?T1007.md) -- [T1124 System Time Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1124?T1124.md) +- [T1135 Network Share Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1201 Password Policy Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1120 Peripheral Device Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1069 Permission Groups Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1057 Process Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1012 Query Registry](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1018 Remote System Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1063 Security Software Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1082 System Information Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1016 System Network Configuration Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1049 System Network Connections Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1033 System Owner/User Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1007 System Service Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1124 System Time Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # credential-access -- [T1098 Account Manipulation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1098?T1098.md) -- [T1139 Bash History](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1139/T1139.md) +- [T1098 Account Manipulation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1139 Bash History](./T1139/T1139.md) - Atomic Test #1: xxxx -- [T1110 Brute Force](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1110/T1110.md) +- [T1110 Brute Force](./T1110/T1110.md) - Atomic Test #1: Brute Force Credentials -- [T1003 Credential Dumping](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1003/T1003.md) +- [T1003 Credential Dumping](./T1003/T1003.md) - Atomic Test #1: Powershell Mimikatz - Atomic Test #2: Gsecdump - Atomic Test #3: Windows Credential Editor - Atomic Test #4: Registry dump of SAM, creds, and secrets -- [T1081 Credentials in Files](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1081?T1081.md) -- [T1214 Credentials in Registry](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1214?T1214.md) -- [T1212 Exploitation for Credential Access](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1212?T1212.md) -- [T1187 Forced Authentication](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1187?T1187.md) -- [T1179 Hooking](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179/T1179.md) +- [T1081 Credentials in Files](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1214 Credentials in Registry](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1212 Exploitation for Credential Access](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1187 Forced Authentication](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1179 Hooking](./T1179/T1179.md) - Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages -- [T1056 Input Capture](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1056?T1056.md) -- [T1141 Input Prompt](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1141?T1141.md) -- [T1208 Kerberoasting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1208?T1208.md) -- [T1142 Keychain](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1142?T1142.md) -- [T1171 LLMNR/NBT-NS Poisoning](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1171?T1171.md) -- [T1040 Network Sniffing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1040?T1040.md) -- [T1174 Password Filter DLL](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1174?T1174.md) -- [T1145 Private Keys](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1145?T1145.md) -- [T1091 Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1091?T1091.md) -- [T1167 Securityd Memory](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1167?T1167.md) -- [T1111 Two-Factor Authentication Interception](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1111?T1111.md) +- [T1056 Input Capture](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1141 Input Prompt](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1208 Kerberoasting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1142 Keychain](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1171 LLMNR/NBT-NS Poisoning](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1040 Network Sniffing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1174 Password Filter DLL](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1145 Private Keys](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1091 Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1167 Securityd Memory](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1111 Two-Factor Authentication Interception](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # execution -- [T1155 AppleScript](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1155?T1155.md) -- [T1191 CMSTP](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1191?T1191.md) -- [T1059 Command-Line Interface](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1059?T1059.md) -- [T1196 Control Panel Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1196?T1196.md) -- [T1173 Dynamic Data Exchange](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1173?T1173.md) -- [T1106 Execution through API](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1106?T1106.md) -- [T1129 Execution through Module Load](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1129?T1129.md) -- [T1203 Exploitation for Client Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1203?T1203.md) -- [T1061 Graphical User Interface](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1061?T1061.md) -- [T1118 InstallUtil](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1118/T1118.md) +- [T1155 AppleScript](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1191 CMSTP](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1059 Command-Line Interface](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1196 Control Panel Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1173 Dynamic Data Exchange](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1106 Execution through API](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1129 Execution through Module Load](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1203 Exploitation for Client Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1061 Graphical User Interface](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1118 InstallUtil](./T1118/T1118.md) - Atomic Test #1: InstallUtil uninstall method call -- [T1177 LSASS Driver](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1177?T1177.md) -- [T1152 Launchctl](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1152?T1152.md) -- [T1168 Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1168?T1168.md) -- [T1170 Mshta](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1170/T1170.md) +- [T1177 LSASS Driver](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1152 Launchctl](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1168 Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1170 Mshta](./T1170/T1170.md) - Atomic Test #1: Mshta executes JavaScript Scheme Fetch Remote Payload With GetObject -- [T1086 PowerShell](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1086?T1086.md) -- [T1121 Regsvcs/Regasm](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1121/T1121.md) +- [T1086 PowerShell](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1121 Regsvcs/Regasm](./T1121/T1121.md) - Atomic Test #1: Regasm Uninstall Method Call Test - Atomic Test #2: Regsvs Uninstall Method Call Test -- [T1117 Regsvr32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1117/T1117.md) +- [T1117 Regsvr32](./T1117/T1117.md) - Atomic Test #1: Regsvr32 local COM scriptlet execution - Atomic Test #2: Regsvr32 remote COM scriptlet execution - Atomic Test #3: Regsvr32 local DLL execution -- [T1085 Rundll32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1085/T1085.md) +- [T1085 Rundll32](./T1085/T1085.md) - Atomic Test #1: Rundll32 execute JavaScript Remote Payload With GetObject -- [T1053 Scheduled Task](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1053?T1053.md) -- [T1064 Scripting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1064?T1064.md) -- [T1035 Service Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1035?T1035.md) -- [T1218 Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1218?T1218.md) -- [T1216 Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1216?T1216.md) -- [T1153 Source](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1153?T1153.md) -- [T1151 Space after Filename](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1151?T1151.md) -- [T1072 Third-party Software](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1072?T1072.md) -- [T1154 Trap](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1154?T1154.md) -- [T1127 Trusted Developer Utilities](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1127/T1127.md) +- [T1053 Scheduled Task](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1064 Scripting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1035 Service Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1218 Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1216 Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1153 Source](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1151 Space after Filename](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1072 Third-party Software](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1154 Trap](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1127 Trusted Developer Utilities](./T1127/T1127.md) - Atomic Test #1: MSBuild Bypass Using Inline Tasks -- [T1204 User Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1204?T1204.md) -- [T1047 Windows Management Instrumentation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1047?T1047.md) -- [T1028 Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1028?T1028.md) +- [T1204 User Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1047 Windows Management Instrumentation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1028 Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # lateral-movement -- [T1155 AppleScript](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1155?T1155.md) -- [T1017 Application Deployment Software](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1017?T1017.md) -- [T1175 Distributed Component Object Model](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1175?T1175.md) -- [T1210 Exploitation of Remote Services](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1210?T1210.md) -- [T1037 Logon Scripts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1037?T1037.md) -- [T1075 Pass the Hash](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1075?T1075.md) -- [T1097 Pass the Ticket](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1097?T1097.md) -- [T1076 Remote Desktop Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1076?T1076.md) -- [T1105 Remote File Copy](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1105/T1105.md) +- [T1155 AppleScript](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1017 Application Deployment Software](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1175 Distributed Component Object Model](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1210 Exploitation of Remote Services](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1037 Logon Scripts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1075 Pass the Hash](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1097 Pass the Ticket](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1076 Remote Desktop Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1105 Remote File Copy](./T1105/T1105.md) - Atomic Test #1: xxxx -- [T1021 Remote Services](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1021?T1021.md) -- [T1091 Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1091?T1091.md) -- [T1184 SSH Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1184?T1184.md) -- [T1051 Shared Webroot](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1051?T1051.md) -- [T1080 Taint Shared Content](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1080?T1080.md) -- [T1072 Third-party Software](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1072?T1072.md) -- [T1077 Windows Admin Shares](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1077?T1077.md) -- [T1028 Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1028?T1028.md) +- [T1021 Remote Services](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1091 Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1184 SSH Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1051 Shared Webroot](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1080 Taint Shared Content](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1072 Third-party Software](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1077 Windows Admin Shares](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1028 Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # collection -- [T1123 Audio Capture](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1123/T1123.md) +- [T1123 Audio Capture](./T1123/T1123.md) - Atomic Test #1: SourceRecorder via Windows command prompt - Atomic Test #2: PowerShell Cmdlet via Windows command prompt -- [T1119 Automated Collection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1119?T1119.md) -- [T1115 Clipboard Data](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1115/T1115.md) +- [T1119 Automated Collection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1115 Clipboard Data](./T1115/T1115.md) - Atomic Test #1: Utilize Clipboard to store or execute commands from - Atomic Test #2: PowerShell -- [T1074 Data Staged](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1074?T1074.md) -- [T1213 Data from Information Repositories](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1213?T1213.md) -- [T1005 Data from Local System](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1005?T1005.md) -- [T1039 Data from Network Shared Drive](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1039?T1039.md) -- [T1025 Data from Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1025?T1025.md) -- [T1114 Email Collection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1114?T1114.md) -- [T1056 Input Capture](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1056?T1056.md) -- [T1185 Man in the Browser](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1185?T1185.md) -- [T1113 Screen Capture](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1113/T1113.md) +- [T1074 Data Staged](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1213 Data from Information Repositories](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1005 Data from Local System](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1039 Data from Network Shared Drive](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1025 Data from Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1114 Email Collection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1056 Input Capture](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1185 Man in the Browser](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1113 Screen Capture](./T1113/T1113.md) - Atomic Test #1: Screencapture - Atomic Test #2: Screencapture (silent) - Atomic Test #3: X Windows Capture - Atomic Test #4: Import -- [T1125 Video Capture](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1125?T1125.md) +- [T1125 Video Capture](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # exfiltration -- [T1020 Automated Exfiltration](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1020?T1020.md) -- [T1002 Data Compressed](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1002/T1002.md) +- [T1020 Automated Exfiltration](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1002 Data Compressed](./T1002/T1002.md) - Atomic Test #1: Compress Data for Exfiltration With PowerShell - Atomic Test #2: Compress Data for Exfiltration With Rar -- [T1022 Data Encrypted](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1022?T1022.md) -- [T1030 Data Transfer Size Limits](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1030?T1030.md) -- [T1048 Exfiltration Over Alternative Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1048?T1048.md) -- [T1041 Exfiltration Over Command and Control Channel](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1041?T1041.md) -- [T1011 Exfiltration Over Other Network Medium](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1011?T1011.md) -- [T1052 Exfiltration Over Physical Medium](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1052?T1052.md) -- [T1029 Scheduled Transfer](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1029?T1029.md) +- [T1022 Data Encrypted](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1030 Data Transfer Size Limits](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1048 Exfiltration Over Alternative Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1041 Exfiltration Over Command and Control Channel](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1011 Exfiltration Over Other Network Medium](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1052 Exfiltration Over Physical Medium](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1029 Scheduled Transfer](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # command-and-control -- [T1043 Commonly Used Port](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1043?T1043.md) -- [T1092 Communication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1092?T1092.md) -- [T1090 Connection Proxy](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1090?T1090.md) -- [T1094 Custom Command and Control Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1094?T1094.md) -- [T1024 Custom Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1024?T1024.md) -- [T1132 Data Encoding](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1132?T1132.md) -- [T1001 Data Obfuscation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1001?T1001.md) -- [T1172 Domain Fronting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1172?T1172.md) -- [T1008 Fallback Channels](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1008?T1008.md) -- [T1104 Multi-Stage Channels](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1104?T1104.md) -- [T1188 Multi-hop Proxy](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1188?T1188.md) -- [T1026 Multiband Communication](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1026?T1026.md) -- [T1079 Multilayer Encryption](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1079?T1079.md) -- [T1205 Port Knocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1205?T1205.md) -- [T1219 Remote Access Tools](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1219?T1219.md) -- [T1105 Remote File Copy](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1105/T1105.md) +- [T1043 Commonly Used Port](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1092 Communication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1090 Connection Proxy](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1094 Custom Command and Control Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1024 Custom Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1132 Data Encoding](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1001 Data Obfuscation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1172 Domain Fronting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1008 Fallback Channels](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1104 Multi-Stage Channels](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1188 Multi-hop Proxy](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1026 Multiband Communication](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1079 Multilayer Encryption](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1205 Port Knocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1219 Remote Access Tools](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1105 Remote File Copy](./T1105/T1105.md) - Atomic Test #1: xxxx -- [T1071 Standard Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1071?T1071.md) -- [T1032 Standard Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1032?T1032.md) -- [T1095 Standard Non-Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1095?T1095.md) -- [T1065 Uncommonly Used Port](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1065?T1065.md) -- [T1102 Web Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1102?T1102.md) +- [T1071 Standard Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1032 Standard Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1095 Standard Non-Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1065 Uncommonly Used Port](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1102 Web Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) # initial-access -- [T1189 Drive-by Compromise](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1189?T1189.md) -- [T1190 Exploit Public-Facing Application](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1190?T1190.md) -- [T1200 Hardware Additions](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1200?T1200.md) -- [T1091 Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1091?T1091.md) -- [T1193 Spearphishing Attachment](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1193?T1193.md) -- [T1192 Spearphishing Link](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1192?T1192.md) -- [T1194 Spearphishing via Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1194?T1194.md) -- [T1195 Supply Chain Compromise](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1195?T1195.md) -- [T1199 Trusted Relationship](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1199?T1199.md) -- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) +- [T1189 Drive-by Compromise](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1190 Exploit Public-Facing Application](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1200 Hardware Additions](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1091 Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1193 Spearphishing Attachment](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1192 Spearphishing Link](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1194 Spearphishing via Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1195 Supply Chain Compromise](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1199 Trusted Relationship](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) +- [T1078 Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) diff --git a/atomics/matrix.md b/atomics/matrix.md index 5868fbbc..eff85872 100644 --- a/atomics/matrix.md +++ b/atomics/matrix.md @@ -1,61 +1,61 @@ | initial-access | execution | persistence | privilege-escalation | defense-evasion | credential-access | discovery | lateral-movement | collection | exfiltration | command-and-control | |-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| -| [Drive-by Compromise](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1189?T1189.md) | [AppleScript](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1155?T1155.md) | [.bash_profile and .bashrc](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1156?T1156.md) | [Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1134?T1134.md) | [Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1134?T1134.md) | [Account Manipulation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1098?T1098.md) | [Account Discovery](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1087/T1087.md) | [AppleScript](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1155?T1155.md) | [Audio Capture](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1123/T1123.md) | [Automated Exfiltration](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1020?T1020.md) | [Commonly Used Port](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1043?T1043.md) | -| [Exploit Public-Facing Application](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1190?T1190.md) | [CMSTP](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1191?T1191.md) | [Accessibility Features](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1015?T1015.md) | [Accessibility Features](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1015?T1015.md) | [BITS Jobs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1197?T1197.md) | [Bash History](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1139/T1139.md) | [Application Window Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1010?T1010.md) | [Application Deployment Software](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1017?T1017.md) | [Automated Collection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1119?T1119.md) | [Data Compressed](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1002/T1002.md) | [Communication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1092?T1092.md) | -| [Hardware Additions](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1200?T1200.md) | [Command-Line Interface](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1059?T1059.md) | [AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1182?T1182.md) | [AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1182?T1182.md) | [Binary Padding](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1009?T1009.md) | [Brute Force](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1110/T1110.md) | [Browser Bookmark Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1217?T1217.md) | [Distributed Component Object Model](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1175?T1175.md) | [Clipboard Data](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1115/T1115.md) | [Data Encrypted](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1022?T1022.md) | [Connection Proxy](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1090?T1090.md) | -| [Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1091?T1091.md) | [Control Panel Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1196?T1196.md) | [AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1103?T1103.md) | [AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1103?T1103.md) | [Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1088?T1088.md) | [Credential Dumping](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1003/T1003.md) | [File and Directory Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1083?T1083.md) | [Exploitation of Remote Services](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1210?T1210.md) | [Data Staged](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1074?T1074.md) | [Data Transfer Size Limits](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1030?T1030.md) | [Custom Command and Control Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1094?T1094.md) | -| [Spearphishing Attachment](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1193?T1193.md) | [Dynamic Data Exchange](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1173?T1173.md) | [Application Shimming](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1138?T1138.md) | [Application Shimming](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1138?T1138.md) | [CMSTP](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1191?T1191.md) | [Credentials in Files](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1081?T1081.md) | [Network Service Scanning](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1046/T1046.md) | [Logon Scripts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1037?T1037.md) | [Data from Information Repositories](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1213?T1213.md) | [Exfiltration Over Alternative Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1048?T1048.md) | [Custom Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1024?T1024.md) | -| [Spearphishing Link](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1192?T1192.md) | [Execution through API](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1106?T1106.md) | [Authentication Package](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1131?T1131.md) | [Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1088?T1088.md) | [Clear Command History](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1146/T1146.md) | [Credentials in Registry](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1214?T1214.md) | [Network Share Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1135?T1135.md) | [Pass the Hash](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1075?T1075.md) | [Data from Local System](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1005?T1005.md) | [Exfiltration Over Command and Control Channel](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1041?T1041.md) | [Data Encoding](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1132?T1132.md) | -| [Spearphishing via Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1194?T1194.md) | [Execution through Module Load](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1129?T1129.md) | [BITS Jobs](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1197?T1197.md) | [DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1038?T1038.md) | [Code Signing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1116?T1116.md) | [Exploitation for Credential Access](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1212?T1212.md) | [Password Policy Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1201?T1201.md) | [Pass the Ticket](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1097?T1097.md) | [Data from Network Shared Drive](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1039?T1039.md) | [Exfiltration Over Other Network Medium](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1011?T1011.md) | [Data Obfuscation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1001?T1001.md) | -| [Supply Chain Compromise](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1195?T1195.md) | [Exploitation for Client Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1203?T1203.md) | [Bootkit](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1067?T1067.md) | [Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1157?T1157.md) | [Component Firmware](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1109?T1109.md) | [Forced Authentication](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1187?T1187.md) | [Peripheral Device Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1120?T1120.md) | [Remote Desktop Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1076?T1076.md) | [Data from Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1025?T1025.md) | [Exfiltration Over Physical Medium](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1052?T1052.md) | [Domain Fronting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1172?T1172.md) | -| [Trusted Relationship](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1199?T1199.md) | [Graphical User Interface](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1061?T1061.md) | [Browser Extensions](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1176/T1176.md) | [Exploitation for Privilege Escalation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1068?T1068.md) | [Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1122?T1122.md) | [Hooking](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179/T1179.md) | [Permission Groups Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1069?T1069.md) | [Remote File Copy](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1105/T1105.md) | [Email Collection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1114?T1114.md) | [Scheduled Transfer](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1029?T1029.md) | [Fallback Channels](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1008?T1008.md) | -| [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) | [InstallUtil](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1118/T1118.md) | [Change Default File Association](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1042?T1042.md) | [Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1181?T1181.md) | [Control Panel Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1196?T1196.md) | [Input Capture](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1056?T1056.md) | [Process Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1057?T1057.md) | [Remote Services](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1021?T1021.md) | [Input Capture](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1056?T1056.md) | | [Multi-Stage Channels](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1104?T1104.md) | -| | [LSASS Driver](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1177?T1177.md) | [Component Firmware](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1109?T1109.md) | [File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1044?T1044.md) | [DCShadow](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1207?T1207.md) | [Input Prompt](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1141?T1141.md) | [Query Registry](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1012?T1012.md) | [Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1091?T1091.md) | [Man in the Browser](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1185?T1185.md) | | [Multi-hop Proxy](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1188?T1188.md) | -| | [Launchctl](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1152?T1152.md) | [Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1122?T1122.md) | [Hooking](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179/T1179.md) | [DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1038?T1038.md) | [Kerberoasting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1208?T1208.md) | [Remote System Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1018?T1018.md) | [SSH Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1184?T1184.md) | [Screen Capture](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1113/T1113.md) | | [Multiband Communication](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1026?T1026.md) | -| | [Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1168?T1168.md) | [Create Account](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1136/T1136.md) | [Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1183?T1183.md) | [DLL Side-Loading](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1073?T1073.md) | [Keychain](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1142?T1142.md) | [Security Software Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1063?T1063.md) | [Shared Webroot](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1051?T1051.md) | [Video Capture](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1125?T1125.md) | | [Multilayer Encryption](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1079?T1079.md) | -| | [Mshta](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1170/T1170.md) | [DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1038?T1038.md) | [Launch Daemon](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1160?T1160.md) | [Deobfuscate/Decode Files or Information](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1140?T1140.md) | [LLMNR/NBT-NS Poisoning](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1171?T1171.md) | [System Information Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1082?T1082.md) | [Taint Shared Content](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1080?T1080.md) | | | [Port Knocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1205?T1205.md) | -| | [PowerShell](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1086?T1086.md) | [Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1157?T1157.md) | [New Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1050?T1050.md) | [Disabling Security Tools](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1089/T1089.md) | [Network Sniffing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1040?T1040.md) | [System Network Configuration Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1016?T1016.md) | [Third-party Software](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1072?T1072.md) | | | [Remote Access Tools](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1219?T1219.md) | -| | [Regsvcs/Regasm](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1121/T1121.md) | [External Remote Services](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1133?T1133.md) | [Path Interception](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1034?T1034.md) | [Exploitation for Defense Evasion](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1211?T1211.md) | [Password Filter DLL](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1174?T1174.md) | [System Network Connections Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1049?T1049.md) | [Windows Admin Shares](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1077?T1077.md) | | | [Remote File Copy](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1105/T1105.md) | -| | [Regsvr32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1117/T1117.md) | [File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1044?T1044.md) | [Plist Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1150?T1150.md) | [Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1181?T1181.md) | [Private Keys](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1145?T1145.md) | [System Owner/User Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1033?T1033.md) | [Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1028?T1028.md) | | | [Standard Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1071?T1071.md) | -| | [Rundll32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1085/T1085.md) | [Hidden Files and Directories](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1158/T1158.md) | [Port Monitors](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1013?T1013.md) | [File Deletion](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1107/T1107.md) | [Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1091?T1091.md) | [System Service Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1007?T1007.md) | | | | [Standard Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1032?T1032.md) | -| | [Scheduled Task](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1053?T1053.md) | [Hooking](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179/T1179.md) | [Process Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1055?T1055.md) | [File System Logical Offsets](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1006?T1006.md) | [Securityd Memory](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1167?T1167.md) | [System Time Discovery](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1124?T1124.md) | | | | [Standard Non-Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1095?T1095.md) | -| | [Scripting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1064?T1064.md) | [Hypervisor](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1062?T1062.md) | [SID-History Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1178?T1178.md) | [Gatekeeper Bypass](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1144?T1144.md) | [Two-Factor Authentication Interception](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1111?T1111.md) | | | | | [Uncommonly Used Port](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1065?T1065.md) | -| | [Service Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1035?T1035.md) | [Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1183?T1183.md) | [Scheduled Task](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1053?T1053.md) | [HISTCONTROL](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1148/T1148.md) | | | | | | [Web Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1102?T1102.md) | -| | [Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1218?T1218.md) | [Kernel Modules and Extensions](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1215?T1215.md) | [Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1058?T1058.md) | [Hidden Files and Directories](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1158/T1158.md) | | | | | | | -| | [Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1216?T1216.md) | [LC_LOAD_DYLIB Addition](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1161?T1161.md) | [Setuid and Setgid](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1166?T1166.md) | [Hidden Users](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1147?T1147.md) | | | | | | | -| | [Source](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1153?T1153.md) | [LSASS Driver](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1177?T1177.md) | [Startup Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1165?T1165.md) | [Hidden Window](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1143?T1143.md) | | | | | | | -| | [Space after Filename](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1151?T1151.md) | [Launch Agent](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1159?T1159.md) | [Sudo](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1169?T1169.md) | [Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1183?T1183.md) | | | | | | | -| | [Third-party Software](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1072?T1072.md) | [Launch Daemon](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1160?T1160.md) | [Sudo Caching](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1206?T1206.md) | [Indicator Blocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1054?T1054.md) | | | | | | | -| | [Trap](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1154?T1154.md) | [Launchctl](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1152?T1152.md) | [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) | [Indicator Removal from Tools](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1066?T1066.md) | | | | | | | -| | [Trusted Developer Utilities](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1127/T1127.md) | [Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1168?T1168.md) | [Web Shell](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1100?T1100.md) | [Indicator Removal on Host](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1070?T1070.md) | | | | | | | -| | [User Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1204?T1204.md) | [Login Item](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1162?T1162.md) | | [Indirect Command Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1202?T1202.md) | | | | | | | -| | [Windows Management Instrumentation](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1047?T1047.md) | [Logon Scripts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1037?T1037.md) | | [Install Root Certificate](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1130/T1130.md) | | | | | | | -| | [Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1028?T1028.md) | [Modify Existing Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1031?T1031.md) | | [InstallUtil](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1118/T1118.md) | | | | | | | -| | | [Netsh Helper DLL](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1128?T1128.md) | | [LC_MAIN Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1149?T1149.md) | | | | | | | -| | | [New Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1050?T1050.md) | | [Launchctl](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1152?T1152.md) | | | | | | | -| | | [Office Application Startup](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1137?T1137.md) | | [Masquerading](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1036?T1036.md) | | | | | | | -| | | [Path Interception](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1034?T1034.md) | | [Modify Registry](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1112?T1112.md) | | | | | | | -| | | [Plist Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1150?T1150.md) | | [Mshta](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1170/T1170.md) | | | | | | | -| | | [Port Knocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1205?T1205.md) | | [NTFS File Attributes](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1096?T1096.md) | | | | | | | -| | | [Port Monitors](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1013?T1013.md) | | [Network Share Connection Removal](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1126?T1126.md) | | | | | | | -| | | [Rc.common](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1163?T1163.md) | | [Obfuscated Files or Information](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1027?T1027.md) | | | | | | | -| | | [Re-opened Applications](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1164?T1164.md) | | [Plist Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1150?T1150.md) | | | | | | | -| | | [Redundant Access](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1108?T1108.md) | | [Port Knocking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1205?T1205.md) | | | | | | | -| | | [Registry Run Keys / Start Folder](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1060?T1060.md) | | [Process Doppelgänging](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1186?T1186.md) | | | | | | | -| | | [SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1198?T1198.md) | | [Process Hollowing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1093?T1093.md) | | | | | | | -| | | [Scheduled Task](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1053?T1053.md) | | [Process Injection](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1055?T1055.md) | | | | | | | -| | | [Screensaver](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1180?T1180.md) | | [Redundant Access](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1108?T1108.md) | | | | | | | -| | | [Security Support Provider](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1101?T1101.md) | | [Regsvcs/Regasm](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1121/T1121.md) | | | | | | | -| | | [Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1058?T1058.md) | | [Regsvr32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1117/T1117.md) | | | | | | | -| | | [Shortcut Modification](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1023?T1023.md) | | [Rootkit](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1014?T1014.md) | | | | | | | -| | | [Startup Items](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1165?T1165.md) | | [Rundll32](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1085/T1085.md) | | | | | | | -| | | [System Firmware](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1019?T1019.md) | | [SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1198?T1198.md) | | | | | | | -| | | [Time Providers](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1209?T1209.md) | | [Scripting](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1064?T1064.md) | | | | | | | -| | | [Trap](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1154?T1154.md) | | [Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1218?T1218.md) | | | | | | | -| | | [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) | | [Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1216?T1216.md) | | | | | | | -| | | [Web Shell](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1100?T1100.md) | | [Software Packing](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1045?T1045.md) | | | | | | | -| | | [Windows Management Instrumentation Event Subscription](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1084?T1084.md) | | [Space after Filename](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1151?T1151.md) | | | | | | | -| | | [Winlogon Helper DLL](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1004?T1004.md) | | [Timestomp](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1099/T1099.md) | | | | | | | -| | | | | [Trusted Developer Utilities](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1127/T1127.md) | | | | | | | -| | | | | [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1078?T1078.md) | | | | | | | -| | | | | [Web Service](https://github.com/redcanaryco/atomic-red-team/new/master/atomics/T1102?T1102.md) | | | | | | | +| [Drive-by Compromise](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [AppleScript](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [.bash_profile and .bashrc](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Access Token Manipulation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Account Manipulation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Account Discovery](./T1087/T1087.md) | [AppleScript](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Audio Capture](./T1123/T1123.md) | [Automated Exfiltration](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Commonly Used Port](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Exploit Public-Facing Application](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [CMSTP](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Accessibility Features](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Accessibility Features](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [BITS Jobs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Bash History](./T1139/T1139.md) | [Application Window Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Application Deployment Software](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Automated Collection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data Compressed](./T1002/T1002.md) | [Communication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Hardware Additions](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Command-Line Interface](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [AppCert DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Binary Padding](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Brute Force](./T1110/T1110.md) | [Browser Bookmark Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Distributed Component Object Model](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Clipboard Data](./T1115/T1115.md) | [Data Encrypted](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Connection Proxy](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Control Panel Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [AppInit DLLs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Credential Dumping](./T1003/T1003.md) | [File and Directory Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exploitation of Remote Services](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data Staged](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data Transfer Size Limits](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Custom Command and Control Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Spearphishing Attachment](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Dynamic Data Exchange](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Application Shimming](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Application Shimming](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [CMSTP](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Credentials in Files](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Network Service Scanning](./T1046/T1046.md) | [Logon Scripts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data from Information Repositories](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exfiltration Over Alternative Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Custom Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Spearphishing Link](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Execution through API](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Authentication Package](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Bypass User Account Control](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Clear Command History](./T1146/T1146.md) | [Credentials in Registry](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Network Share Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Pass the Hash](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data from Local System](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exfiltration Over Command and Control Channel](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data Encoding](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Spearphishing via Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Execution through Module Load](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [BITS Jobs](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Code Signing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exploitation for Credential Access](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Password Policy Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Pass the Ticket](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data from Network Shared Drive](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exfiltration Over Other Network Medium](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data Obfuscation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Supply Chain Compromise](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exploitation for Client Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Bootkit](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Component Firmware](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Forced Authentication](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Peripheral Device Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Remote Desktop Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Data from Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exfiltration Over Physical Medium](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Domain Fronting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Trusted Relationship](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Graphical User Interface](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Browser Extensions](./T1176/T1176.md) | [Exploitation for Privilege Escalation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Hooking](./T1179/T1179.md) | [Permission Groups Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Remote File Copy](./T1105/T1105.md) | [Email Collection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Scheduled Transfer](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Fallback Channels](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [InstallUtil](./T1118/T1118.md) | [Change Default File Association](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Control Panel Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Input Capture](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Process Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Remote Services](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Input Capture](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Multi-Stage Channels](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [LSASS Driver](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Component Firmware](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [DCShadow](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Input Prompt](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Query Registry](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Man in the Browser](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Multi-hop Proxy](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Launchctl](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Component Object Model Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Hooking](./T1179/T1179.md) | [DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Kerberoasting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Remote System Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [SSH Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Screen Capture](./T1113/T1113.md) | | [Multiband Communication](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Create Account](./T1136/T1136.md) | [Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [DLL Side-Loading](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Keychain](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Security Software Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Shared Webroot](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Video Capture](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Multilayer Encryption](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Mshta](./T1170/T1170.md) | [DLL Search Order Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Launch Daemon](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Deobfuscate/Decode Files or Information](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [LLMNR/NBT-NS Poisoning](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [System Information Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Taint Shared Content](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | [Port Knocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [PowerShell](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Dylib Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [New Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Disabling Security Tools](./T1089/T1089.md) | [Network Sniffing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [System Network Configuration Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Third-party Software](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | [Remote Access Tools](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Regsvcs/Regasm](./T1121/T1121.md) | [External Remote Services](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Path Interception](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Exploitation for Defense Evasion](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Password Filter DLL](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [System Network Connections Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Windows Admin Shares](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | [Remote File Copy](./T1105/T1105.md) | +| | [Regsvr32](./T1117/T1117.md) | [File System Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Plist Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Extra Window Memory Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Private Keys](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [System Owner/User Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | [Standard Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Rundll32](./T1085/T1085.md) | [Hidden Files and Directories](./T1158/T1158.md) | [Port Monitors](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [File Deletion](./T1107/T1107.md) | [Replication Through Removable Media](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [System Service Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | [Standard Cryptographic Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Scheduled Task](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Hooking](./T1179/T1179.md) | [Process Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [File System Logical Offsets](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Securityd Memory](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [System Time Discovery](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | [Standard Non-Application Layer Protocol](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Scripting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Hypervisor](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [SID-History Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Gatekeeper Bypass](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Two-Factor Authentication Interception](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | [Uncommonly Used Port](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Service Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Scheduled Task](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [HISTCONTROL](./T1148/T1148.md) | | | | | | [Web Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | +| | [Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Kernel Modules and Extensions](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Hidden Files and Directories](./T1158/T1158.md) | | | | | | | +| | [Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [LC_LOAD_DYLIB Addition](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Setuid and Setgid](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Hidden Users](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | [Source](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [LSASS Driver](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Startup Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Hidden Window](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | [Space after Filename](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Launch Agent](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Sudo](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Image File Execution Options Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | [Third-party Software](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Launch Daemon](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Sudo Caching](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Indicator Blocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | [Trap](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Launchctl](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Indicator Removal from Tools](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | [Trusted Developer Utilities](./T1127/T1127.md) | [Local Job Scheduling](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Web Shell](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Indicator Removal on Host](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | [User Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Login Item](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Indirect Command Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | [Windows Management Instrumentation](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Logon Scripts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Install Root Certificate](./T1130/T1130.md) | | | | | | | +| | [Windows Remote Management](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | [Modify Existing Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [InstallUtil](./T1118/T1118.md) | | | | | | | +| | | [Netsh Helper DLL](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [LC_MAIN Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [New Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Launchctl](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Office Application Startup](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Masquerading](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Path Interception](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Modify Registry](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Plist Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Mshta](./T1170/T1170.md) | | | | | | | +| | | [Port Knocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [NTFS File Attributes](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Port Monitors](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Network Share Connection Removal](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Rc.common](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Obfuscated Files or Information](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Re-opened Applications](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Plist Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Redundant Access](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Port Knocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Registry Run Keys / Start Folder](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Process Doppelgänging](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Process Hollowing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Scheduled Task](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Process Injection](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Screensaver](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Redundant Access](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Security Support Provider](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Regsvcs/Regasm](./T1121/T1121.md) | | | | | | | +| | | [Service Registry Permissions Weakness](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Regsvr32](./T1117/T1117.md) | | | | | | | +| | | [Shortcut Modification](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Rootkit](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Startup Items](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Rundll32](./T1085/T1085.md) | | | | | | | +| | | [System Firmware](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [SIP and Trust Provider Hijacking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Time Providers](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Scripting](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Trap](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Signed Binary Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Signed Script Proxy Execution](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Web Shell](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Software Packing](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Windows Management Instrumentation Event Subscription](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Space after Filename](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | [Winlogon Helper DLL](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | [Timestomp](./T1099/T1099.md) | | | | | | | +| | | | | [Trusted Developer Utilities](./T1127/T1127.md) | | | | | | | +| | | | | [Valid Accounts](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | | +| | | | | [Web Service](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md) | | | | | | |