Atomic Red Team doc generator
17 KiB
17 KiB
ESXi Atomic Tests by ATT&CK Tactic & Technique
persistence
- T1037 Boot or Logon Initialization Scripts CONTRIBUTE A TEST
- T1053.003 Scheduled Task/Job: Cron CONTRIBUTE A TEST
- T1053 Scheduled Task/Job CONTRIBUTE A TEST
- T1078.001 Valid Accounts: Default Accounts CONTRIBUTE A TEST
- T1136.001 Create Account: Local Account CONTRIBUTE A TEST
- T1098.004 SSH Authorized Keys CONTRIBUTE A TEST
- T1554 Compromise Host Software Binary CONTRIBUTE A TEST
- T1098 Account Manipulation CONTRIBUTE A TEST
- T1078 Valid Accounts CONTRIBUTE A TEST
- T1078.002 Domain Accounts CONTRIBUTE A TEST
- T1505 Server Software Component CONTRIBUTE A TEST
- T1037.004 Boot or Logon Initialization Scripts: Rc.common CONTRIBUTE A TEST
- T1136 Create Account CONTRIBUTE A TEST
- T1505.006 vSphere Installation Bundles CONTRIBUTE A TEST
- T1078.003 Valid Accounts: Local Accounts CONTRIBUTE A TEST
privilege-escalation
- T1037 Boot or Logon Initialization Scripts CONTRIBUTE A TEST
- T1053.003 Scheduled Task/Job: Cron CONTRIBUTE A TEST
- T1053 Scheduled Task/Job CONTRIBUTE A TEST
- T1611 Escape to Host CONTRIBUTE A TEST
- T1078.001 Valid Accounts: Default Accounts CONTRIBUTE A TEST
- T1098.004 SSH Authorized Keys CONTRIBUTE A TEST
- T1098 Account Manipulation CONTRIBUTE A TEST
- T1078 Valid Accounts CONTRIBUTE A TEST
- T1078.002 Domain Accounts CONTRIBUTE A TEST
- T1037.004 Boot or Logon Initialization Scripts: Rc.common CONTRIBUTE A TEST
- T1078.003 Valid Accounts: Local Accounts CONTRIBUTE A TEST
command-and-control
- T1132.001 Data Encoding: Standard Encoding CONTRIBUTE A TEST
- T1568.002 Domain Generation Algorithms CONTRIBUTE A TEST
- T1071.004 Application Layer Protocol: DNS CONTRIBUTE A TEST
- T1573.001 Symmetric Cryptography CONTRIBUTE A TEST
- T1568.001 Fast Flux DNS CONTRIBUTE A TEST
- T1071 Application Layer Protocol CONTRIBUTE A TEST
- T1572 Protocol Tunneling CONTRIBUTE A TEST
- T1090.002 External Proxy CONTRIBUTE A TEST
- T1090 Proxy CONTRIBUTE A TEST
- T1568 Dynamic Resolution CONTRIBUTE A TEST
- T1102 Web Service CONTRIBUTE A TEST
- T1568.003 DNS Calculation CONTRIBUTE A TEST
- T1104 Multi-Stage Channels CONTRIBUTE A TEST
- T1071.002 File Transfer Protocols CONTRIBUTE A TEST
- T1102.003 One-Way Communication CONTRIBUTE A TEST
- T1090.003 Proxy: Multi-hop Proxy CONTRIBUTE A TEST
- T1001 Data Obfuscation CONTRIBUTE A TEST
- T1571 Non-Standard Port CONTRIBUTE A TEST
- T1573 Encrypted Channel CONTRIBUTE A TEST
- T1102.002 Bidirectional Communication CONTRIBUTE A TEST
- T1573.002 Asymmetric Cryptography CONTRIBUTE A TEST
- T1095 Non-Application Layer Protocol CONTRIBUTE A TEST
- T1001.003 Protocol or Service Impersonation CONTRIBUTE A TEST
- T1090.004 Domain Fronting CONTRIBUTE A TEST
- T1132 Data Encoding CONTRIBUTE A TEST
- T1132.002 Non-Standard Encoding CONTRIBUTE A TEST
- T1071.001 Application Layer Protocol: Web Protocols CONTRIBUTE A TEST
- T1105 Ingress Tool Transfer CONTRIBUTE A TEST
- T1665 Hide Infrastructure CONTRIBUTE A TEST
- T1001.002 Data Obfuscation via Steganography CONTRIBUTE A TEST
- T1008 Fallback Channels CONTRIBUTE A TEST
- T1090.001 Proxy: Internal Proxy CONTRIBUTE A TEST
- T1102.001 Dead Drop Resolver CONTRIBUTE A TEST
- T1001.001 Junk Data CONTRIBUTE A TEST
credential-access
- T1110.001 Brute Force: Password Guessing CONTRIBUTE A TEST
- T1110.003 Brute Force: Password Spraying CONTRIBUTE A TEST
- T1110 Brute Force CONTRIBUTE A TEST
- T1110.004 Brute Force: Credential Stuffing CONTRIBUTE A TEST
discovery
- T1016.001 System Network Configuration Discovery: Internet Connection Discovery CONTRIBUTE A TEST
- T1087.001 Account Discovery: Local Account CONTRIBUTE A TEST
- T1082 System Information Discovery CONTRIBUTE A TEST
- T1673 Virtual Machine Discovery CONTRIBUTE A TEST
- T1016 System Network Configuration Discovery CONTRIBUTE A TEST
- T1087 Account Discovery CONTRIBUTE A TEST
- T1083 File and Directory Discovery CONTRIBUTE A TEST
- T1049 System Network Connections Discovery CONTRIBUTE A TEST
- T1654 Log Enumeration CONTRIBUTE A TEST
- T1057 Process Discovery CONTRIBUTE A TEST
- T1018 Remote System Discovery CONTRIBUTE A TEST
- T1518 Software Discovery CONTRIBUTE A TEST
- T1680 Local Storage Discovery CONTRIBUTE A TEST
- T1124 System Time Discovery CONTRIBUTE A TEST
collection
- T1074.001 Data Staged: Local Data Staging CONTRIBUTE A TEST
- T1074.002 Remote Data Staging CONTRIBUTE A TEST
- T1005 Data from Local System CONTRIBUTE A TEST
- T1074 Data Staged CONTRIBUTE A TEST
defense-evasion
- T1036.005 Masquerading: Match Legitimate Name or Location CONTRIBUTE A TEST
- T1564 Hide Artifacts CONTRIBUTE A TEST
- T1070.003 Indicator Removal on Host: Clear Command History CONTRIBUTE A TEST
- T1140 Deobfuscate/Decode Files or Information CONTRIBUTE A TEST
- T1562 Impair Defenses CONTRIBUTE A TEST
- T1036 Masquerading CONTRIBUTE A TEST
- T1070.006 Indicator Removal on Host: Timestomp CONTRIBUTE A TEST
- T1562.004 Impair Defenses: Disable or Modify System Firewall CONTRIBUTE A TEST
- T1078.001 Valid Accounts: Default Accounts CONTRIBUTE A TEST
- T1222 File and Directory Permissions Modification CONTRIBUTE A TEST
- T1562.006 Impair Defenses: Indicator Blocking CONTRIBUTE A TEST
- T1070 Indicator Removal on Host CONTRIBUTE A TEST
- T1480 Execution Guardrails CONTRIBUTE A TEST
- T1562.003 Impair Defenses: Impair Command History Logging CONTRIBUTE A TEST
- T1078 Valid Accounts CONTRIBUTE A TEST
- T1027 Obfuscated Files or Information CONTRIBUTE A TEST
- T1564.006 Run Virtual Instance CONTRIBUTE A TEST
- T1078.002 Domain Accounts CONTRIBUTE A TEST
- T1070.009 Clear Persistence CONTRIBUTE A TEST
- T1070.004 Indicator Removal on Host: File Deletion CONTRIBUTE A TEST
- T1078.003 Valid Accounts: Local Accounts CONTRIBUTE A TEST
impact
- T1489 Service Stop CONTRIBUTE A TEST
- T1491 Defacement CONTRIBUTE A TEST
- T1491.001 Defacement: Internal Defacement CONTRIBUTE A TEST
- T1531 Account Access Removal CONTRIBUTE A TEST
- T1486 Data Encrypted for Impact CONTRIBUTE A TEST
- T1485 Data Destruction CONTRIBUTE A TEST
- T1490 Inhibit System Recovery CONTRIBUTE A TEST
- T1529 System Shutdown/Reboot CONTRIBUTE A TEST
execution
- T1053.003 Scheduled Task/Job: Cron CONTRIBUTE A TEST
- T1675 ESXi Administration Command CONTRIBUTE A TEST
- T1053 Scheduled Task/Job CONTRIBUTE A TEST
- T1059 Command and Scripting Interpreter CONTRIBUTE A TEST
- T1059.004 Command and Scripting Interpreter: Bash CONTRIBUTE A TEST
- T1059.006 Command and Scripting Interpreter: Python CONTRIBUTE A TEST
- T1059.012 Hypervisor CLI CONTRIBUTE A TEST
lateral-movement
- T1021.004 Remote Services: SSH CONTRIBUTE A TEST
- T1021 Remote Services CONTRIBUTE A TEST
- T1210 Exploitation of Remote Services CONTRIBUTE A TEST
- T1570 Lateral Tool Transfer CONTRIBUTE A TEST
initial-access
- T1190 Exploit Public-Facing Application CONTRIBUTE A TEST
- T1078.001 Valid Accounts: Default Accounts CONTRIBUTE A TEST
- T1078 Valid Accounts CONTRIBUTE A TEST
- T1078.002 Domain Accounts CONTRIBUTE A TEST
- T1078.003 Valid Accounts: Local Accounts CONTRIBUTE A TEST
exfiltration
- T1567 Exfiltration Over Web Service CONTRIBUTE A TEST
- T1567.004 Exfiltration Over Webhook CONTRIBUTE A TEST
- T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST
- T1567.001 Exfiltration to Code Repository CONTRIBUTE A TEST
- T1048.002 Exfiltration Over Alternative Protocol - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST
- T1041 Exfiltration Over C2 Channel CONTRIBUTE A TEST
- T1048 Exfiltration Over Alternative Protocol CONTRIBUTE A TEST
- T1567.003 Exfiltration Over Web Service: Exfiltration to Text Storage Sites CONTRIBUTE A TEST
- T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage CONTRIBUTE A TEST
- T1030 Data Transfer Size Limits CONTRIBUTE A TEST
- T1048.003 Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol CONTRIBUTE A TEST