atomic-red-team

Files

T

caseysmithrc bd3170421e Merge pull request #135 from redcanaryco/yaml-spec

Proposed YAML spec and validation script

2018-05-09 18:29:49 -04:00

Defense_Evasion

start yamlizing a bunch of techniques

2018-04-17 00:13:12 -07:00

Discovery

start yamlizing a bunch of techniques

2018-04-17 00:13:12 -07:00

Execution

Added Linux Execution CLI Test CURL/WGET to bash

2018-02-22 00:45:59 -06:00

Exfiltration

Added test to exfil data over HTTP

2018-03-15 17:03:14 -05:00

Lateral_Movement

Added Remote File Copy tests on Linux and relevant README

2018-03-09 21:54:34 -06:00

Payloads

add linux browser extension docs and payload

2018-02-26 13:13:39 +11:00

Persistence

Added Hidden Files and Directories checks for Linux

2018-03-08 23:52:30 -06:00

Privilege_Escalation

fix formatting issue

2018-02-19 14:32:10 +11:00

README.md

update link based on Mitre April update

2018-04-16 18:07:57 +08:00

README.md

MITRE ATT&CK Matrix - Linux

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control
Drive-by Compromise	Command-Line Interface	.bash_profile and .bashrc	Exploitation for Privilege Escalation	Binary Padding	Bash History	Account Discovery	Application Deployment Software	Audio Capture	Automated Exfiltration	Commonly Used Port
Exploit Public-Facing Application	Exploitation for Client Execution	Bootkit	Process Injection	Clear Command History	Brute Force	Browser Bookmark Discovery	Exploitation of Remote Services	Automated Collection	Data Compressed	Communication Through Removable Media
Hardware Additions	Graphical User Interface	Browser Extensions	Setuid and Setgid	Disabling Security Tools	Credentials in Files	File and Directory Discovery	Remote File Copy	Clipboard Data	Data Encrypted	Connection Proxy
Spearphishing Attachment	Local Job Scheduling/Cron_Job	Create Account	Sudo	Exploitation for Defense Evasion	Exploitation for Credential Access	Network Service Scanning	Remote Services	Data Staged	Data Transfer Size Limits	Custom Command and Control Protocoll
Spearphishing Link	Scripting	Hidden Files and Directories	Sudo Caching	File Deletion	Input Capture	Password Policy Discovery	SSH Hijacking	Data from Information Repositories	Exfiltration Over Alternative Protocol	Custom Cryptographic Protocol
Spearphishing via Service	Source	Kernel Modules and Extensions	Valid Accounts	HISTCONTROL	Network Sniffing	Permission Groups Discovery	Third-party Software	Data from Local System	Exfiltration Over Command and Control Channel	Data Encoding
Supply Chain Compromise	Space after Filename	Local Job Scheduling	Web Shell	Hidden Files and Directories	Private Keys	Process Discovery		Data from Network Shared Drive	Exfiltration Over Other Network Medium	Data Obfuscation
Trusted Relationship	Third-party Software	Port Knocking		Indicator Removal from Tools	Two-Factor Authentication Interception	Remote System Discovery		Data from Removable Media	Exfiltration Over Physical Medium	Domain Fronting
Valid Accounts	Trap	Redundant Access		Indicator Removal on Host		System Information Discovery		Input Capture	Scheduled Transfer	Fallback Channels
	User Execution	Trap		Install Root Certificate		System Network Configuration Discovery		Screen Capture		Multi-Stage Channels
		Valid Accounts		Masquerading		System Network Connection Discovery				Multi-hop Proxy
		Web Shell		Obfuscated Files or Information		System Owner/User Discovery				Multiband Communication
				Port Knocking						Multilayer Encryption
				Process Injection						Port Knocking
				Redundant Access						Remote Access Tools
				Rootkit						Remote File Copy
				Scripting						Standard Application Layer Protocol
				Space after Filename						Standard Cryptographic Protocol
				Timestomp						Standard Non-Application Layer Protocol
				Valid Account						Uncommonly Used Port
				Web Service						Web Service