security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
029110b694bc5925fe2ed5cb3a7a1b4b80098265
atomic-red-team/atomics/Indexes/Matrices/windows-matrix.md
T
Atomic Red Team doc generator 029110b694 Generated docs from job=generate-docs branch=master [ci skip]
2024-03-01 19:23:30 +00:00

54 KiB
Raw Blame History

Windows Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control impact
External Remote Services Scheduled Task/Job: Scheduled Task Scheduled Task/Job: Scheduled Task Process Injection: Extra Window Memory Injection Process Injection: Extra Window Memory Injection Adversary-in-the-Middle CONTRIBUTE A TEST System Owner/User Discovery Remote Services:VNC CONTRIBUTE A TEST Archive Collected Data: Archive via Utility Exfiltration Over Web Service CONTRIBUTE A TEST Socket Filters CONTRIBUTE A TEST Disk Structure Wipe CONTRIBUTE A TEST
Compromise Software Dependencies and Development Tools CONTRIBUTE A TEST Windows Management Instrumentation Socket Filters CONTRIBUTE A TEST Scheduled Task/Job: Scheduled Task Socket Filters CONTRIBUTE A TEST Input Capture: Keylogging Internet Connection Discovery CONTRIBUTE A TEST Taint Shared Content CONTRIBUTE A TEST Screen Capture Exfiltration Over Webhook CONTRIBUTE A TEST Data Encoding: Standard Encoding Direct Network Flood CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Server Software Component Boot or Logon Initialization Scripts CONTRIBUTE A TEST Boot or Logon Initialization Scripts CONTRIBUTE A TEST Fileless Storage CONTRIBUTE A TEST Brute Force: Password Guessing Permission Groups Discovery CONTRIBUTE A TEST Replication Through Removable Media Adversary-in-the-Middle CONTRIBUTE A TEST Scheduled Transfer CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST External Defacement CONTRIBUTE A TEST
Phishing: Spearphishing Attachment Command and Scripting Interpreter: JavaScript Path Interception by PATH Environment Variable CONTRIBUTE A TEST Path Interception by PATH Environment Variable CONTRIBUTE A TEST Signed Binary Proxy Execution: Rundll32 OS Credential Dumping Group Policy Discovery Remote Services: SMB/Windows Admin Shares Input Capture: Keylogging Exfiltration Over Other Network Medium CONTRIBUTE A TEST Application Layer Protocol: DNS OS Exhaustion Flood CONTRIBUTE A TEST
Compromise Hardware Supply Chain CONTRIBUTE A TEST Inter-Process Communication: Dynamic Data Exchange Event Triggered Execution: PowerShell Profile Event Triggered Execution: PowerShell Profile Embedded Payloads CONTRIBUTE A TEST Steal Web Session Cookie Device Driver Discovery CONTRIBUTE A TEST Use Alternate Authentication Material CONTRIBUTE A TEST Sharepoint CONTRIBUTE A TEST Exfiltration Over Bluetooth CONTRIBUTE A TEST Symmetric Cryptography CONTRIBUTE A TEST Application Exhaustion Flood CONTRIBUTE A TEST
Replication Through Removable Media User Execution: Malicious File Create or Modify System Process CONTRIBUTE A TEST Create or Modify System Process CONTRIBUTE A TEST Signed Script Proxy Execution: Pubprn OS Credential Dumping: Security Account Manager Account Discovery: Domain Account Remote Services CONTRIBUTE A TEST Audio Capture Automated Exfiltration Fast Flux DNS CONTRIBUTE A TEST Disk Wipe CONTRIBUTE A TEST
Supply Chain Compromise Component Object Model CONTRIBUTE A TEST External Remote Services Abuse Elevation Control Mechanism: Bypass User Account Control Path Interception by PATH Environment Variable CONTRIBUTE A TEST Brute Force: Password Cracking Account Discovery: Local Account Remote Service Session Hijacking CONTRIBUTE A TEST Archive via Custom Method CONTRIBUTE A TEST Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST Application Layer Protocol Stored Data Manipulation CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Scheduled Task/Job CONTRIBUTE A TEST Pre-OS Boot: System Firmware Hijack Execution Flow: Services Registry Permissions Weakness Direct Volume Access OS Credential Dumping: LSA Secrets Virtualization/Sandbox Evasion: System Checks Remote Services: Windows Remote Management Email Collection CONTRIBUTE A TEST Exfiltration to Code Repository CONTRIBUTE A TEST Remote Access Software Service Stop
Content Injection CONTRIBUTE A TEST Native API Hijack Execution Flow: Services Registry Permissions Weakness Boot or Logon Autostart Execution Email Hiding Rules CONTRIBUTE A TEST Forge Web Credentials: SAML token CONTRIBUTE A TEST Permission Groups Discovery: Domain Groups Remote Services: Distributed Component Object Model Data from Removable Media CONTRIBUTE A TEST Exfiltration Over Alternative Protocol - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol Content Injection CONTRIBUTE A TEST Application or System Exploitation CONTRIBUTE A TEST
Valid Accounts: Default Accounts Command and Scripting Interpreter Bootkit CONTRIBUTE A TEST Active Setup Rootkit CONTRIBUTE A TEST Password Managers CONTRIBUTE A TEST System Service Discovery Use Alternate Authentication Material: Pass the Ticket Data Staged: Local Data Staging Exfiltration Over C2 Channel Traffic Signaling CONTRIBUTE A TEST Runtime Data Manipulation CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST User Execution CONTRIBUTE A TEST Boot or Logon Autostart Execution Domain Trust Modification CONTRIBUTE A TEST Double File Extension CONTRIBUTE A TEST Network Sniffing Network Sniffing Software Deployment Tools Email Collection: Local Email Collection Exfiltration Over Alternative Protocol Protocol Tunneling Reflection Amplification CONTRIBUTE A TEST
Phishing CONTRIBUTE A TEST Software Deployment Tools Active Setup Create or Modify System Process: Windows Service Abuse Elevation Control Mechanism: Bypass User Account Control Unsecured Credentials: Credentials in Registry Network Share Discovery Exploitation of Remote Services CONTRIBUTE A TEST Automated Collection Exfiltration over USB CONTRIBUTE A TEST Mail Protocols CONTRIBUTE A TEST Service Exhaustion Flood CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Command and Scripting Interpreter: PowerShell Create or Modify System Process: Windows Service Boot or Logon Autostart Execution: Print Processors Pre-OS Boot: System Firmware Modify Authentication Process: Password Filter DLL Peripheral Device Discovery Internal Spearphishing CONTRIBUTE A TEST Clipboard Data Exfiltration Over Web Service: Exfiltration to Text Storage Sites Communication Through Removable Media CONTRIBUTE A TEST Defacement CONTRIBUTE A TEST
Spearphishing Voice CONTRIBUTE A TEST Inter-Process Communication Office Application Startup Hijack Execution Flow: DLL Search Order Hijacking Hijack Execution Flow: Services Registry Permissions Weakness Steal or Forge Kerberos Tickets: AS-REP Roasting System Information Discovery Lateral Tool Transfer Remote Data Staging CONTRIBUTE A TEST Exfiltration Over Web Service: Exfiltration to Cloud Storage External Proxy CONTRIBUTE A TEST Financial Theft CONTRIBUTE A TEST
Compromise Software Supply Chain CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Boot or Logon Autostart Execution: Print Processors Scheduled Task/Job CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Steal or Forge Kerberos Tickets CONTRIBUTE A TEST Wi-Fi Discovery CONTRIBUTE A TEST Remote Service Session Hijacking: RDP Hijacking Data from Local System Data Transfer Size Limits Proxy CONTRIBUTE A TEST Defacement: Internal Defacement
Domain Accounts CONTRIBUTE A TEST Command and Scripting Interpreter: Python CONTRIBUTE A TEST Hijack Execution Flow: DLL Search Order Hijacking Thread Execution Hijacking Mavinject CONTRIBUTE A TEST Credentials from Password Stores Application Window Discovery Use Alternate Authentication Material: Pass the Hash Archive Collected Data: Archive via Library CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Dynamic Resolution CONTRIBUTE A TEST Data Manipulation CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST System Services CONTRIBUTE A TEST Office Application Startup: Add-ins Event Triggered Execution: Application Shimming Masquerading: Match Legitimate Name or Location Unsecured Credentials CONTRIBUTE A TEST Email Account CONTRIBUTE A TEST Remote Services: Remote Desktop Protocol Archive Collected Data Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Web Service CONTRIBUTE A TEST Account Access Removal
Drive-by Compromise CONTRIBUTE A TEST Command and Scripting Interpreter: Windows Command Shell Server Software Component: Transport Agent Boot or Logon Autostart Execution: Port Monitors Masquerade File Type CONTRIBUTE A TEST Hybrid Identity CONTRIBUTE A TEST Time Based Evasion CONTRIBUTE A TEST Browser Session Hijacking CONTRIBUTE A TEST DNS Calculation CONTRIBUTE A TEST Data Encrypted for Impact
Spearphishing via Service CONTRIBUTE A TEST Command and Scripting Interpreter: Visual Basic Scheduled Task/Job CONTRIBUTE A TEST Process Injection Hide Artifacts Credentials from Password Stores: Credentials from Web Browsers Browser Bookmark Discovery DHCP Spoofing CONTRIBUTE A TEST Multi-Stage Channels CONTRIBUTE A TEST Endpoint Denial of Service CONTRIBUTE A TEST
Valid Accounts: Local Accounts Malicious Link CONTRIBUTE A TEST Modify Authentication Process: Password Filter DLL Escape to Host CONTRIBUTE A TEST Domain Trust Modification CONTRIBUTE A TEST DHCP Spoofing CONTRIBUTE A TEST System Network Configuration Discovery Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay Port Knocking CONTRIBUTE A TEST Resource Hijacking CONTRIBUTE A TEST
System Services: Service Execution Server Software Component: Terminal Services DLL Boot or Logon Autostart Execution: Shortcut Modification Impair Defenses: Safe Boot Mode Unsecured Credentials: Private Keys Account Discovery CONTRIBUTE A TEST Web Portal Capture CONTRIBUTE A TEST File Transfer Protocols CONTRIBUTE A TEST Transmitted Data Manipulation CONTRIBUTE A TEST
Scheduled Task/Job: At Browser Extensions Boot or Logon Autostart Execution: Security Support Provider Virtualization/Sandbox Evasion: System Checks Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay Domain Trust Discovery Video Capture One-Way Communication CONTRIBUTE A TEST Data Destruction
Outlook Rules CONTRIBUTE A TEST Hijack Execution Flow: Path Interception by Search Order Hijacking Signed Binary Proxy Execution: InstallUtil OS Credential Dumping: LSASS Memory File and Directory Discovery Email Collection: Email Forwarding Rule CONTRIBUTE A TEST Proxy: Multi-hop Proxy Network Denial of Service CONTRIBUTE A TEST
Event Triggered Execution: Application Shimming Domain Policy Modification: Group Policy Modification Stripped Payloads CONTRIBUTE A TEST Brute Force: Password Spraying System Network Connections Discovery Data Staged CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST Firmware Corruption CONTRIBUTE A TEST
Boot or Logon Autostart Execution: Port Monitors Valid Accounts: Default Accounts Hijack Execution Flow: DLL Search Order Hijacking Web Portal Capture CONTRIBUTE A TEST Virtualization/Sandbox Evasion CONTRIBUTE A TEST Input Capture: GUI Input Capture Non-Standard Port Inhibit System Recovery
Traffic Signaling CONTRIBUTE A TEST Time Providers Code Signing CONTRIBUTE A TEST OS Credential Dumping: Cached Domain Credentials Log Enumeration Data from Network Shared Drive Encrypted Channel Disk Content Wipe CONTRIBUTE A TEST
Boot or Logon Autostart Execution: Shortcut Modification Abuse Elevation Control Mechanism CONTRIBUTE A TEST File and Directory Permissions Modification: Windows File and Directory Permissions Modification Steal or Forge Kerberos Tickets: Golden Ticket Process Discovery Remote Email Collection CONTRIBUTE A TEST Bidirectional Communication CONTRIBUTE A TEST System Shutdown/Reboot
Boot or Logon Autostart Execution: Security Support Provider Create Process with Token Signed Binary Proxy Execution: Msiexec Steal or Forge Authentication Certificates User Activity Based Checks CONTRIBUTE A TEST Input Capture CONTRIBUTE A TEST Asymmetric Cryptography CONTRIBUTE A TEST
Hybrid Identity CONTRIBUTE A TEST Boot or Logon Autostart Execution: Winlogon Helper DLL Modify Authentication Process: Password Filter DLL Unsecured Credentials: Credentials In Files Permission Groups Discovery: Local Groups ARP Cache Poisoning CONTRIBUTE A TEST Non-Application Layer Protocol
Hijack Execution Flow: Path Interception by Search Order Hijacking Event Triggered Execution: Image File Execution Options Injection Clear Network Connection History and Configurations CONTRIBUTE A TEST Web Cookies CONTRIBUTE A TEST Password Policy Discovery Data from Information Repositories CONTRIBUTE A TEST Protocol Impersonation CONTRIBUTE A TEST
Server Software Component: Web Shell Process Doppelgänging CONTRIBUTE A TEST Indicator Removal on Host: Clear Command History Unsecured Credentials: Group Policy Preferences System Location Discovery: System Language Discovery Input Capture: Credential API Hooking Domain Fronting CONTRIBUTE A TEST
Valid Accounts: Default Accounts Executable Installer File Permissions Weakness CONTRIBUTE A TEST Indirect Command Execution Network Provider DLL CONTRIBUTE A TEST Query Registry Data Encoding CONTRIBUTE A TEST
Time Providers Event Triggered Execution: Accessibility Features Deobfuscate/Decode Files or Information Forge Web Credentials CONTRIBUTE A TEST System Location Discovery CONTRIBUTE A TEST Non-Standard Encoding CONTRIBUTE A TEST
Create Account: Local Account Process Injection: Asynchronous Procedure Call Impair Defenses Multi-Factor Authentication Request Generation CONTRIBUTE A TEST Software Discovery: Security Software Discovery Application Layer Protocol: Web Protocols
Boot or Logon Autostart Execution: Winlogon Helper DLL Event Triggered Execution: AppCert DLLs Thread Execution Hijacking Exploitation for Credential Access CONTRIBUTE A TEST Remote System Discovery Ingress Tool Transfer
Event Triggered Execution: Image File Execution Options Injection Device Registration CONTRIBUTE A TEST Masquerading Input Capture: GUI Input Capture Network Service Discovery Steganography CONTRIBUTE A TEST
Executable Installer File Permissions Weakness CONTRIBUTE A TEST Process Injection: Portable Executable Injection Email Collection: Mailbox Manipulation Brute Force CONTRIBUTE A TEST Software Discovery Fallback Channels CONTRIBUTE A TEST
Event Triggered Execution: Accessibility Features Access Token Manipulation: Token Impersonation/Theft Process Injection Brute Force: Credential Stuffing Debugger Evasion CONTRIBUTE A TEST Proxy: Internal Proxy
Create Account: Domain Account Make and Impersonate Token CONTRIBUTE A TEST Traffic Signaling CONTRIBUTE A TEST Multi-Factor Authentication CONTRIBUTE A TEST System Time Discovery Dead Drop Resolver CONTRIBUTE A TEST
Component Firmware CONTRIBUTE A TEST Event Triggered Execution: Windows Management Instrumentation Event Subscription Signed Binary Proxy Execution Forced Authentication Junk Data CONTRIBUTE A TEST
Office Application Startup: Office Template Macros. Access Token Manipulation: Parent PID Spoofing Indicator Removal on Host: Timestomp Input Capture CONTRIBUTE A TEST
Event Triggered Execution: AppCert DLLs Event Triggered Execution: Change Default File Association Reflective Code Loading ARP Cache Poisoning CONTRIBUTE A TEST
Device Registration CONTRIBUTE A TEST Services File Permissions Weakness CONTRIBUTE A TEST Ignore Process Interrupts CONTRIBUTE A TEST Steal or Forge Kerberos Tickets: Silver Ticket
Pre-OS Boot CONTRIBUTE A TEST Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder Time Based Evasion CONTRIBUTE A TEST Credentials from Password Stores: Windows Credential Manager
Port Knocking CONTRIBUTE A TEST Account Manipulation Signed Binary Proxy Execution: CMSTP Domain Controller Authentication CONTRIBUTE A TEST
Network Provider DLL CONTRIBUTE A TEST KernelCallbackTable CONTRIBUTE A TEST Impair Defenses: Disable Windows Event Logging Reversible Encryption CONTRIBUTE A TEST
Event Triggered Execution: Windows Management Instrumentation Event Subscription Hijack Execution Flow CONTRIBUTE A TEST Signed Binary Proxy Execution: Control Panel Multi-Factor Authentication Interception CONTRIBUTE A TEST
Compromise Client Software Binary CONTRIBUTE A TEST Valid Accounts CONTRIBUTE A TEST Use Alternate Authentication Material CONTRIBUTE A TEST OS Credential Dumping: NTDS
Event Triggered Execution: Change Default File Association Process Injection: Process Hollowing Impair Defenses: Disable or Modify System Firewall Steal or Forge Kerberos Tickets: Kerberoasting
Services File Permissions Weakness CONTRIBUTE A TEST Exploitation for Privilege Escalation CONTRIBUTE A TEST Subvert Trust Controls: SIP and Trust Provider Hijacking OS Credential Dumping: DCSync
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder Event Triggered Execution Hybrid Identity CONTRIBUTE A TEST Modify Authentication Process CONTRIBUTE A TEST
Account Manipulation Access Token Manipulation: SID-History Injection Rogue Domain Controller Input Capture: Credential API Hooking
KernelCallbackTable CONTRIBUTE A TEST Authentication Package Code Signing Policy Modification CONTRIBUTE A TEST
Outlook Forms CONTRIBUTE A TEST Event Triggered Execution: Component Object Model Hijacking Modify Registry
Hijack Execution Flow CONTRIBUTE A TEST Hijack Execution Flow: Path Interception by Unquoted Path Hijack Execution Flow: Path Interception by Search Order Hijacking
Valid Accounts CONTRIBUTE A TEST Domain Accounts CONTRIBUTE A TEST Obfuscated Files or Information: Binary Padding CONTRIBUTE A TEST
Multi-Factor Authentication CONTRIBUTE A TEST Network Logon Script CONTRIBUTE A TEST Domain Policy Modification: Group Policy Modification
IIS Components Event Triggered Execution: AppInit DLLs Valid Accounts: Default Accounts
Event Triggered Execution Event Triggered Execution: Screensaver Indicator Removal on Host: Clear Windows Event Logs
Authentication Package Installer Packages CONTRIBUTE A TEST File and Directory Permissions Modification CONTRIBUTE A TEST
Event Triggered Execution: Component Object Model Hijacking Access Token Manipulation CONTRIBUTE A TEST Abuse Elevation Control Mechanism CONTRIBUTE A TEST
Office Application Startup: Outlook Home Page Thread Local Storage CONTRIBUTE A TEST Create Process with Token
Hijack Execution Flow: Path Interception by Unquoted Path Hijack Execution Flow: DLL Side-Loading Signed Binary Proxy Execution: Odbcconf
Domain Accounts CONTRIBUTE A TEST Account Manipulation: Additional Email Delegate Permissions CONTRIBUTE A TEST Process Doppelgänging CONTRIBUTE A TEST
Network Logon Script CONTRIBUTE A TEST Boot or Logon Initialization Scripts: Logon Script (Windows) Executable Installer File Permissions Weakness CONTRIBUTE A TEST
BITS Jobs Process Injection: ListPlanting Impair Defenses: Indicator Blocking
Event Triggered Execution: AppInit DLLs Domain Policy Modification CONTRIBUTE A TEST Right-to-Left Override CONTRIBUTE A TEST
Event Triggered Execution: Screensaver Boot or Logon Autostart Execution: LSASS Driver Component Firmware CONTRIBUTE A TEST
Server Software Component CONTRIBUTE A TEST Scheduled Task/Job: At Indicator Removal on Host
Domain Controller Authentication CONTRIBUTE A TEST Process Injection: Dynamic-link Library Injection Use Alternate Authentication Material: Pass the Ticket
Reversible Encryption CONTRIBUTE A TEST Event Triggered Execution: Netsh Helper DLL Masquerading: Masquerade Task or Service
Installer Packages CONTRIBUTE A TEST Valid Accounts: Local Accounts Process Injection: Asynchronous Procedure Call
Create Account CONTRIBUTE A TEST Hijack Execution Flow: COR_PROFILER Subvert Trust Controls: Mark-of-the-Web Bypass
Hijack Execution Flow: DLL Side-Loading Pre-OS Boot CONTRIBUTE A TEST
Account Manipulation: Additional Email Delegate Permissions CONTRIBUTE A TEST Process Injection: Portable Executable Injection
Power Settings CONTRIBUTE A TEST Verclsid CONTRIBUTE A TEST
Boot or Logon Initialization Scripts: Logon Script (Windows) Impair Defenses: Downgrade Attack
Office Application Startup: Office Test Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Boot or Logon Autostart Execution: LSASS Driver Signed Binary Proxy Execution: Mshta
Scheduled Task/Job: At Execution Guardrails CONTRIBUTE A TEST
Modify Authentication Process CONTRIBUTE A TEST Access Token Manipulation: Token Impersonation/Theft
Event Triggered Execution: Netsh Helper DLL Port Knocking CONTRIBUTE A TEST
SQL Stored Procedures CONTRIBUTE A TEST LNK Icon Smuggling CONTRIBUTE A TEST
Valid Accounts: Local Accounts Hide Artifacts: Hidden Users
Hijack Execution Flow: COR_PROFILER Make and Impersonate Token CONTRIBUTE A TEST
Impair Defenses: HISTCONTROL CONTRIBUTE A TEST
Network Provider DLL CONTRIBUTE A TEST
User Activity Based Checks CONTRIBUTE A TEST
Access Token Manipulation: Parent PID Spoofing
Services File Permissions Weakness CONTRIBUTE A TEST
KernelCallbackTable CONTRIBUTE A TEST
Signed Binary Proxy Execution: Compiled HTML File
Indicator Removal on Host: Network Share Connection Removal
Impair Defenses: Disable or Modify Tools
Hijack Execution Flow CONTRIBUTE A TEST
Indicator Removal from Tools CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST
Process Injection: Process Hollowing
Obfuscated Files or Information
Multi-Factor Authentication CONTRIBUTE A TEST
Invalid Code Signature CONTRIBUTE A TEST
Run Virtual Instance
Access Token Manipulation: SID-History Injection
Subvert Trust Controls CONTRIBUTE A TEST
Signed Binary Proxy Execution: Regsvr32
Masquerading: Rename System Utilities
Spoof Security Alerting CONTRIBUTE A TEST
Hijack Execution Flow: Path Interception by Unquoted Path
Steganography CONTRIBUTE A TEST
Domain Accounts CONTRIBUTE A TEST
Signed Binary Proxy Execution: Regsvcs/Regasm
Subvert Trust Controls: Install Root Certificate
Obfuscated Files or Information: Compile After Delivery
VBA Stomping CONTRIBUTE A TEST
BITS Jobs
Trusted Developer Utilities Proxy Execution: MSBuild
Impersonation CONTRIBUTE A TEST
Hide Artifacts: Hidden Window
Clear Persistence CONTRIBUTE A TEST
Domain Controller Authentication CONTRIBUTE A TEST
HTML Smuggling
Reversible Encryption CONTRIBUTE A TEST
Command Obfuscation CONTRIBUTE A TEST
Indicator Removal on Host: File Deletion
Template Injection
Access Token Manipulation CONTRIBUTE A TEST
Obfuscated Files or Information: Software Packing CONTRIBUTE A TEST
Hidden File System CONTRIBUTE A TEST
Thread Local Storage CONTRIBUTE A TEST
Debugger Evasion CONTRIBUTE A TEST
Use Alternate Authentication Material: Pass the Hash
Hijack Execution Flow: DLL Side-Loading
Obfuscated Files or Information: Dynamic API Resolution
Process Injection: ListPlanting
Domain Policy Modification CONTRIBUTE A TEST
XSL Script Processing
Hide Artifacts: Hidden Files and Directories
Environmental Keying CONTRIBUTE A TEST
Hide Artifacts: NTFS File Attributes
Process Injection: Dynamic-link Library Injection
Modify Authentication Process CONTRIBUTE A TEST
Signed Script Proxy Execution
Valid Accounts: Local Accounts
Exploitation for Defense Evasion CONTRIBUTE A TEST
Trusted Developer Utilities Proxy Execution
MMC CONTRIBUTE A TEST
Process Argument Spoofing CONTRIBUTE A TEST
Hijack Execution Flow: COR_PROFILER
Reference in New Issue View Git Blame Copy Permalink