security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3e4ba89cf472aa88518eea3a85b4469bcc3bbcb5
atomic-red-team/Mac
T
History

README.md

MITRE ATT&CK Matrix - Mac

Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command and Control
.bash_profile and .bashrc Dylib Hijacking Binary Padding Bash History Account Discovery AppleScript AppleScript Audio Capture Automated Exfiltration Commonly Used Port
Browser Extensions Exploitation of Vulnerability Clear Command History Brute Force Application Window Discovery Application Deployment Software Command-Line Interface Automated Collection Data Compressed Communication Through Removable Media
Create Account Launch Daemon Code Signing Credentials in Files File and Directory Discovery Exploitation of Vulnerability Graphical User Interface Browser Extensions Data Encrypted Connection Proxy
Dylib Hijacking Plist Modification Disabling Security Tools Exploitation of Vulnerability Network Service Scanning Logon Scripts Launchctl Clipboard Data Data Transfer Size Limits Custom Command and Control Protocol
Hidden Files and Directories Process Injection Exploitation of Vulnerability Input Capture Network Share Discovery Remote File Copy Local Job Scheduling Data Staged Exfiltration Over Alternative Protocol Custom Cryptographic Protocol
LC_LOAD_DYLIB Addition Setuid and Setgid File Deletion Input Prompt Permission Groups Discovery Remote Services Scripting Data from Local System Exfiltration Over Command and Control Channel Data Encoding
Launch Agent Startup Items Gatekeeper Bypass Keychain Process Discovery SSH Hijacking Source Data from Network Shared Drive Exfiltration Over Other Network Medium Data Obfuscation
Launch Daemon Sudo HISTCONTROL Network Sniffing Remote System Discovery Third-party Software Space after Filename Data from Removable Media Exfiltration Over Physical Medium Domain Fronting
Launchctl Valid Accounts Hidden Files and Directories Private Keys Security Software Discovery Third-party Software Input Capture Scheduled Transfer Fallback Channels
Local Job Scheduling Web Shell Hidden Users Securityd Memory System Information Discovery Trap Screen Capture Multi-Stage Channels
Login Item Hidden Window Two-Factor Authentication Interception System Network Configuration Discovery Multi-hop Proxy
Logon Scripts Indicator Removal from Tools System Network Connections Discovery Multiband Communication
Plist Modification Indicator Removal on Host System Owner/User Discovery Multilayer Encryption
Rc.common LC_MAIN Hijacking Remote File Copy
Re-opened Applications Launchctl Standard Application Layer Protocol
Redundant Access Masquerading Standard Cryptographic Protocol
Startup Items Obfuscated Files or Information Standard Non-Application Layer Protocol
Trap Plist Modification Uncommonly Used Port
Valid Accounts Process Injection Web Service
Web Shell Redundant Access
Rootkit
Scripting
Space after Filename
Valid Accounts
Reference in New Issue View Git Blame Copy Permalink