security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f475cbdaaf28f2e286bb166afa549891a13e5a4
atomic-red-team/atomics/Indexes/Matrices/linux-matrix.md
T
CircleCI Atomic Red Team doc generator 94d442bcd6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-04 17:14:26 +00:00

33 KiB
Raw Blame History

Linux Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control impact
Cloud Accounts CONTRIBUTE A TEST At (Linux) Account Manipulation CONTRIBUTE A TEST Abuse Elevation Control Mechanism CONTRIBUTE A TEST Abuse Elevation Control Mechanism CONTRIBUTE A TEST /etc/passwd and /etc/shadow Account Discovery CONTRIBUTE A TEST Application Access Token CONTRIBUTE A TEST ARP Cache Poisoning CONTRIBUTE A TEST Automated Exfiltration CONTRIBUTE A TEST Application Layer Protocol CONTRIBUTE A TEST Account Access Removal CONTRIBUTE A TEST
Compromise Hardware Supply Chain CONTRIBUTE A TEST Command and Scripting Interpreter CONTRIBUTE A TEST Add Office 365 Global Administrator Role CONTRIBUTE A TEST At (Linux) Application Access Token CONTRIBUTE A TEST ARP Cache Poisoning CONTRIBUTE A TEST Browser Bookmark Discovery Exploitation of Remote Services CONTRIBUTE A TEST Archive Collected Data CONTRIBUTE A TEST Data Transfer Size Limits Asymmetric Cryptography CONTRIBUTE A TEST Application Exhaustion Flood CONTRIBUTE A TEST
Compromise Software Dependencies and Development Tools CONTRIBUTE A TEST Container Administration Command Add-ins CONTRIBUTE A TEST Boot or Logon Autostart Execution CONTRIBUTE A TEST Binary Padding Bash History Cloud Account CONTRIBUTE A TEST Internal Spearphishing CONTRIBUTE A TEST Archive via Custom Method CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Bidirectional Communication CONTRIBUTE A TEST Application or System Exploitation CONTRIBUTE A TEST
Compromise Software Supply Chain CONTRIBUTE A TEST Container Orchestration Job Additional Cloud Credentials CONTRIBUTE A TEST Boot or Logon Initialization Scripts CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Brute Force CONTRIBUTE A TEST Cloud Groups CONTRIBUTE A TEST Lateral Tool Transfer CONTRIBUTE A TEST Archive via Library Exfiltration Over Asymmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST Data Destruction
Default Accounts CONTRIBUTE A TEST Cron At (Linux) Cloud Accounts CONTRIBUTE A TEST Build Image on Host CONTRIBUTE A TEST Cloud Instance Metadata API CONTRIBUTE A TEST Cloud Infrastructure Discovery CONTRIBUTE A TEST Remote Service Session Hijacking CONTRIBUTE A TEST Archive via Utility Exfiltration Over Bluetooth CONTRIBUTE A TEST Communication Through Removable Media CONTRIBUTE A TEST Data Encrypted for Impact
Domain Accounts CONTRIBUTE A TEST Deploy Container Boot or Logon Autostart Execution CONTRIBUTE A TEST Container Orchestration Job Clear Command History Container API Cloud Service Dashboard CONTRIBUTE A TEST Remote Services CONTRIBUTE A TEST Audio Capture CONTRIBUTE A TEST Exfiltration Over C2 Channel CONTRIBUTE A TEST DNS CONTRIBUTE A TEST Data Manipulation CONTRIBUTE A TEST
Drive-by Compromise CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Boot or Logon Initialization Scripts CONTRIBUTE A TEST Create or Modify System Process CONTRIBUTE A TEST Clear Linux or Mac System Logs Credential Stuffing CONTRIBUTE A TEST Cloud Service Discovery CONTRIBUTE A TEST SSH CONTRIBUTE A TEST Automated Collection CONTRIBUTE A TEST Exfiltration Over Other Network Medium CONTRIBUTE A TEST DNS Calculation CONTRIBUTE A TEST Defacement CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Cron Cloud Accounts CONTRIBUTE A TEST Credentials In Files Container and Resource Discovery CONTRIBUTE A TEST SSH Hijacking CONTRIBUTE A TEST Clipboard Data CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Data Encoding CONTRIBUTE A TEST Direct Network Flood CONTRIBUTE A TEST
External Remote Services CONTRIBUTE A TEST JavaScript CONTRIBUTE A TEST Browser Extensions Default Accounts CONTRIBUTE A TEST Compile After Delivery CONTRIBUTE A TEST Credentials from Password Stores CONTRIBUTE A TEST Domain Account CONTRIBUTE A TEST Software Deployment Tools CONTRIBUTE A TEST Confluence CONTRIBUTE A TEST Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST Disk Content Wipe CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST Malicious File CONTRIBUTE A TEST Cloud Account CONTRIBUTE A TEST Domain Accounts CONTRIBUTE A TEST Create Cloud Instance CONTRIBUTE A TEST Credentials from Web Browsers CONTRIBUTE A TEST Domain Groups CONTRIBUTE A TEST Use Alternate Authentication Material CONTRIBUTE A TEST Data Staged CONTRIBUTE A TEST Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Dead Drop Resolver CONTRIBUTE A TEST Disk Structure Wipe CONTRIBUTE A TEST
Local Accounts CONTRIBUTE A TEST Malicious Image CONTRIBUTE A TEST Cloud Accounts CONTRIBUTE A TEST Domain Policy Modification CONTRIBUTE A TEST Create Snapshot CONTRIBUTE A TEST Exploitation for Credential Access CONTRIBUTE A TEST Email Account CONTRIBUTE A TEST VNC CONTRIBUTE A TEST Data from Cloud Storage Object CONTRIBUTE A TEST Exfiltration Over Web Service CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST Disk Wipe CONTRIBUTE A TEST
Phishing CONTRIBUTE A TEST Malicious Link CONTRIBUTE A TEST Compromise Client Software Binary CONTRIBUTE A TEST Domain Trust Modification CONTRIBUTE A TEST Default Accounts CONTRIBUTE A TEST Forge Web Credentials CONTRIBUTE A TEST File and Directory Discovery Web Session Cookie CONTRIBUTE A TEST Data from Configuration Repository CONTRIBUTE A TEST Exfiltration over USB CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST Endpoint Denial of Service CONTRIBUTE A TEST
Spearphishing Attachment CONTRIBUTE A TEST Native API CONTRIBUTE A TEST Container Orchestration Job Dynamic Linker Hijacking Delete Cloud Instance CONTRIBUTE A TEST Input Capture CONTRIBUTE A TEST Internet Connection Discovery CONTRIBUTE A TEST Data from Information Repositories CONTRIBUTE A TEST Exfiltration to Cloud Storage CONTRIBUTE A TEST Dynamic Resolution CONTRIBUTE A TEST External Defacement CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Network Device CLI CONTRIBUTE A TEST Create Account CONTRIBUTE A TEST Escape to Host Deobfuscate/Decode Files or Information CONTRIBUTE A TEST Keylogging Local Account Data from Local System CONTRIBUTE A TEST Exfiltration to Code Repository CONTRIBUTE A TEST Encrypted Channel CONTRIBUTE A TEST Firmware Corruption CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Python Create or Modify System Process CONTRIBUTE A TEST Event Triggered Execution CONTRIBUTE A TEST Deploy Container Man-in-the-Middle CONTRIBUTE A TEST Local Groups Data from Network Shared Drive CONTRIBUTE A TEST Scheduled Transfer CONTRIBUTE A TEST External Proxy CONTRIBUTE A TEST Inhibit System Recovery CONTRIBUTE A TEST
Supply Chain Compromise CONTRIBUTE A TEST Scheduled Task/Job CONTRIBUTE A TEST Cron Exploitation for Privilege Escalation CONTRIBUTE A TEST Disable Cloud Logs CONTRIBUTE A TEST Modify Authentication Process CONTRIBUTE A TEST Network Service Scanning Data from Removable Media CONTRIBUTE A TEST Traffic Duplication CONTRIBUTE A TEST Fallback Channels CONTRIBUTE A TEST Internal Defacement CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Scripting CONTRIBUTE A TEST Default Accounts CONTRIBUTE A TEST Hijack Execution Flow CONTRIBUTE A TEST Disable Crypto Hardware CONTRIBUTE A TEST Network Device Authentication CONTRIBUTE A TEST Network Share Discovery Email Collection CONTRIBUTE A TEST Transfer Data to Cloud Account CONTRIBUTE A TEST Fast Flux DNS CONTRIBUTE A TEST Network Denial of Service CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Software Deployment Tools CONTRIBUTE A TEST Domain Account CONTRIBUTE A TEST Kernel Modules and Extensions Disable or Modify Cloud Firewall CONTRIBUTE A TEST Network Sniffing Network Sniffing Email Forwarding Rule CONTRIBUTE A TEST File Transfer Protocols CONTRIBUTE A TEST OS Exhaustion Flood CONTRIBUTE A TEST
Source CONTRIBUTE A TEST Domain Accounts CONTRIBUTE A TEST Local Accounts CONTRIBUTE A TEST Disable or Modify System Firewall OS Credential Dumping CONTRIBUTE A TEST Password Policy Discovery Input Capture CONTRIBUTE A TEST Ingress Tool Transfer Reflection Amplification CONTRIBUTE A TEST
Systemd Timers Dynamic Linker Hijacking Proc Memory CONTRIBUTE A TEST Disable or Modify Tools Password Cracking CONTRIBUTE A TEST Permission Groups Discovery CONTRIBUTE A TEST Keylogging Internal Proxy Resource Hijacking
Unix Shell Event Triggered Execution CONTRIBUTE A TEST Process Injection CONTRIBUTE A TEST Domain Accounts CONTRIBUTE A TEST Password Guessing CONTRIBUTE A TEST Process Discovery Local Data Staging Junk Data CONTRIBUTE A TEST Runtime Data Manipulation CONTRIBUTE A TEST
User Execution CONTRIBUTE A TEST Exchange Email Delegate Permissions CONTRIBUTE A TEST Ptrace System Calls CONTRIBUTE A TEST Domain Policy Modification CONTRIBUTE A TEST Password Managers CONTRIBUTE A TEST Remote System Discovery Man-in-the-Middle CONTRIBUTE A TEST Mail Protocols CONTRIBUTE A TEST Service Exhaustion Flood CONTRIBUTE A TEST
Visual Basic CONTRIBUTE A TEST External Remote Services CONTRIBUTE A TEST RC Scripts Domain Trust Modification CONTRIBUTE A TEST Password Spraying CONTRIBUTE A TEST Security Software Discovery Network Device Configuration Dump CONTRIBUTE A TEST Multi-Stage Channels CONTRIBUTE A TEST Service Stop CONTRIBUTE A TEST
Hijack Execution Flow CONTRIBUTE A TEST Scheduled Task/Job CONTRIBUTE A TEST Downgrade System Image CONTRIBUTE A TEST Pluggable Authentication Modules CONTRIBUTE A TEST Software Discovery CONTRIBUTE A TEST Remote Data Staging CONTRIBUTE A TEST Multi-hop Proxy CONTRIBUTE A TEST Stored Data Manipulation CONTRIBUTE A TEST
Implant Internal Image CONTRIBUTE A TEST Setuid and Setgid Dynamic Linker Hijacking Private Keys System Checks Remote Email Collection CONTRIBUTE A TEST Multiband Communication CONTRIBUTE A TEST System Shutdown/Reboot
Kernel Modules and Extensions Sudo and Sudo Caching Environmental Keying CONTRIBUTE A TEST Proc Filesystem CONTRIBUTE A TEST System Information Discovery SNMP (MIB Dump) CONTRIBUTE A TEST Non-Application Layer Protocol CONTRIBUTE A TEST Transmitted Data Manipulation CONTRIBUTE A TEST
Local Account Systemd Service Execution Guardrails CONTRIBUTE A TEST SAML Tokens CONTRIBUTE A TEST System Location Discovery CONTRIBUTE A TEST Screen Capture Non-Standard Encoding CONTRIBUTE A TEST
Local Accounts CONTRIBUTE A TEST Systemd Timers Exploitation for Defense Evasion CONTRIBUTE A TEST Securityd Memory CONTRIBUTE A TEST System Network Configuration Discovery Sharepoint CONTRIBUTE A TEST Non-Standard Port
Modify Authentication Process CONTRIBUTE A TEST Trap File Deletion Steal Application Access Token CONTRIBUTE A TEST System Network Connections Discovery Web Portal Capture CONTRIBUTE A TEST One-Way Communication CONTRIBUTE A TEST
Network Device Authentication CONTRIBUTE A TEST Unix Shell Configuration Modification File and Directory Permissions Modification CONTRIBUTE A TEST Steal Web Session Cookie CONTRIBUTE A TEST System Owner/User Discovery Port Knocking CONTRIBUTE A TEST
Office Application Startup CONTRIBUTE A TEST VDSO Hijacking CONTRIBUTE A TEST Hidden File System CONTRIBUTE A TEST Two-Factor Authentication Interception CONTRIBUTE A TEST Time Based Evasion CONTRIBUTE A TEST Protocol Impersonation CONTRIBUTE A TEST
Office Template Macros CONTRIBUTE A TEST Valid Accounts CONTRIBUTE A TEST Hidden Files and Directories Unsecured Credentials CONTRIBUTE A TEST User Activity Based Checks CONTRIBUTE A TEST Protocol Tunneling CONTRIBUTE A TEST
Office Test CONTRIBUTE A TEST XDG Autostart Entries CONTRIBUTE A TEST Hide Artifacts CONTRIBUTE A TEST Web Cookies CONTRIBUTE A TEST Virtualization/Sandbox Evasion CONTRIBUTE A TEST Proxy CONTRIBUTE A TEST
Outlook Forms CONTRIBUTE A TEST Hijack Execution Flow CONTRIBUTE A TEST Web Portal Capture CONTRIBUTE A TEST Remote Access Software CONTRIBUTE A TEST
Outlook Home Page CONTRIBUTE A TEST Impair Command History Logging Standard Encoding
Outlook Rules CONTRIBUTE A TEST Impair Defenses CONTRIBUTE A TEST Steganography CONTRIBUTE A TEST
Pluggable Authentication Modules CONTRIBUTE A TEST Indicator Blocking Symmetric Cryptography CONTRIBUTE A TEST
Port Knocking CONTRIBUTE A TEST Indicator Removal from Tools CONTRIBUTE A TEST Traffic Signaling CONTRIBUTE A TEST
Pre-OS Boot CONTRIBUTE A TEST Indicator Removal on Host CONTRIBUTE A TEST Web Protocols
RC Scripts Install Root Certificate Web Service CONTRIBUTE A TEST
ROMMONkit CONTRIBUTE A TEST Linux and Mac File and Directory Permissions Modification
Redundant Access CONTRIBUTE A TEST Local Accounts CONTRIBUTE A TEST
SQL Stored Procedures CONTRIBUTE A TEST Masquerade Task or Service CONTRIBUTE A TEST
SSH Authorized Keys Masquerading CONTRIBUTE A TEST
Scheduled Task/Job CONTRIBUTE A TEST Match Legitimate Name or Location CONTRIBUTE A TEST
Server Software Component CONTRIBUTE A TEST Modify Authentication Process CONTRIBUTE A TEST
Systemd Service Modify Cloud Compute Infrastructure CONTRIBUTE A TEST
Systemd Timers Modify System Image CONTRIBUTE A TEST
TFTP Boot CONTRIBUTE A TEST Network Address Translation Traversal CONTRIBUTE A TEST
Traffic Signaling CONTRIBUTE A TEST Network Boundary Bridging CONTRIBUTE A TEST
Transport Agent CONTRIBUTE A TEST Network Device Authentication CONTRIBUTE A TEST
Trap Obfuscated Files or Information
Unix Shell Configuration Modification Patch System Image CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Pluggable Authentication Modules CONTRIBUTE A TEST
Web Shell CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST
XDG Autostart Entries CONTRIBUTE A TEST Pre-OS Boot CONTRIBUTE A TEST
Proc Memory CONTRIBUTE A TEST
Process Injection CONTRIBUTE A TEST
Ptrace System Calls CONTRIBUTE A TEST
ROMMONkit CONTRIBUTE A TEST
Reduce Key Space CONTRIBUTE A TEST
Redundant Access CONTRIBUTE A TEST
Rename System Utilities
Revert Cloud Instance CONTRIBUTE A TEST
Right-to-Left Override CONTRIBUTE A TEST
Rootkit
Run Virtual Instance CONTRIBUTE A TEST
Scripting CONTRIBUTE A TEST
Setuid and Setgid
Space after Filename CONTRIBUTE A TEST
Steganography CONTRIBUTE A TEST
Subvert Trust Controls CONTRIBUTE A TEST
Sudo and Sudo Caching
System Checks
TFTP Boot CONTRIBUTE A TEST
Time Based Evasion CONTRIBUTE A TEST
Timestomp
Traffic Signaling CONTRIBUTE A TEST
Unused/Unsupported Cloud Regions CONTRIBUTE A TEST
Use Alternate Authentication Material CONTRIBUTE A TEST
User Activity Based Checks CONTRIBUTE A TEST
VBA Stomping CONTRIBUTE A TEST
VDSO Hijacking CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST
Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Weaken Encryption CONTRIBUTE A TEST
Web Session Cookie CONTRIBUTE A TEST
Reference in New Issue View Git Blame Copy Permalink