atomic-red-team/atomics/Indexes/Matrices/matrix.md

All Atomic Tests by ATT&CK Tactic & Technique

initial-access	execution	persistence	privilege-escalation	defense-evasion	credential-access	discovery	lateral-movement	collection	exfiltration	command-and-control	impact
Cloud Accounts	AppleScript	Accessibility Features	Abuse Elevation Control Mechanism CONTRIBUTE A TEST	Abuse Elevation Control Mechanism CONTRIBUTE A TEST	/etc/passwd and /etc/shadow	Account Discovery CONTRIBUTE A TEST	Application Access Token CONTRIBUTE A TEST	ARP Cache Poisoning CONTRIBUTE A TEST	Automated Exfiltration	Application Layer Protocol CONTRIBUTE A TEST	Account Access Removal
Compromise Hardware Supply Chain CONTRIBUTE A TEST	At (Linux)	Account Manipulation	Access Token Manipulation CONTRIBUTE A TEST	Access Token Manipulation CONTRIBUTE A TEST	ARP Cache Poisoning CONTRIBUTE A TEST	Application Window Discovery	Component Object Model and Distributed COM CONTRIBUTE A TEST	Adversary-in-the-Middle CONTRIBUTE A TEST	Data Transfer Size Limits	Asymmetric Cryptography CONTRIBUTE A TEST	Application Exhaustion Flood CONTRIBUTE A TEST
Compromise Software Dependencies and Development Tools CONTRIBUTE A TEST	At (Windows)	Active Setup CONTRIBUTE A TEST	Accessibility Features	Application Access Token CONTRIBUTE A TEST	AS-REP Roasting	Browser Bookmark Discovery	Distributed Component Object Model	Archive Collected Data	Exfiltration Over Alternative Protocol	Bidirectional Communication CONTRIBUTE A TEST	Application or System Exploitation CONTRIBUTE A TEST
Compromise Software Supply Chain CONTRIBUTE A TEST	Command and Scripting Interpreter CONTRIBUTE A TEST	Add Office 365 Global Administrator Role CONTRIBUTE A TEST	Active Setup CONTRIBUTE A TEST	Asynchronous Procedure Call	Adversary-in-the-Middle CONTRIBUTE A TEST	Cloud Account CONTRIBUTE A TEST	Exploitation of Remote Services CONTRIBUTE A TEST	Archive via Custom Method CONTRIBUTE A TEST	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Commonly Used Port CONTRIBUTE A TEST	Data Destruction
Default Accounts	Component Object Model CONTRIBUTE A TEST	Add-ins	AppCert DLLs CONTRIBUTE A TEST	BITS Jobs	Bash History	Cloud Groups CONTRIBUTE A TEST	Internal Spearphishing CONTRIBUTE A TEST	Archive via Library	Exfiltration Over Bluetooth CONTRIBUTE A TEST	Communication Through Removable Media CONTRIBUTE A TEST	Data Encrypted for Impact
Domain Accounts CONTRIBUTE A TEST	Component Object Model and Distributed COM CONTRIBUTE A TEST	Additional Cloud Credentials	AppInit DLLs	Binary Padding	Brute Force CONTRIBUTE A TEST	Cloud Infrastructure Discovery CONTRIBUTE A TEST	Lateral Tool Transfer CONTRIBUTE A TEST	Archive via Utility	Exfiltration Over C2 Channel	DNS	Data Manipulation CONTRIBUTE A TEST
Drive-by Compromise CONTRIBUTE A TEST	Container Administration Command	AppCert DLLs CONTRIBUTE A TEST	Application Shimming	Bootkit CONTRIBUTE A TEST	Cached Domain Credentials	Cloud Service Dashboard CONTRIBUTE A TEST	Pass the Hash	Audio Capture	Exfiltration Over Other Network Medium CONTRIBUTE A TEST	DNS Calculation CONTRIBUTE A TEST	Defacement CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST	Container Orchestration Job	AppInit DLLs	Asynchronous Procedure Call	Build Image on Host CONTRIBUTE A TEST	Cloud Instance Metadata API CONTRIBUTE A TEST	Cloud Service Discovery CONTRIBUTE A TEST	Pass the Ticket	Automated Collection	Exfiltration Over Physical Medium CONTRIBUTE A TEST	Data Encoding CONTRIBUTE A TEST	Direct Network Flood CONTRIBUTE A TEST
External Remote Services	Cron	Application Shimming	At (Linux)	Bypass User Account Control	Container API	Cloud Storage Object Discovery CONTRIBUTE A TEST	RDP Hijacking	Browser Session Hijacking CONTRIBUTE A TEST	Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST	Data Obfuscation CONTRIBUTE A TEST	Disk Content Wipe CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST	Deploy Container CONTRIBUTE A TEST	At (Linux)	At (Windows)	CMSTP	Credential API Hooking	Container and Resource Discovery CONTRIBUTE A TEST	Remote Desktop Protocol	Clipboard Data	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	Dead Drop Resolver CONTRIBUTE A TEST	Disk Structure Wipe CONTRIBUTE A TEST
Local Accounts	Dynamic Data Exchange	At (Windows)	Authentication Package	COR_PROFILER	Credential Stuffing	Domain Account	Remote Service Session Hijacking CONTRIBUTE A TEST	Code Repositories CONTRIBUTE A TEST	Exfiltration Over Web Service	Domain Fronting CONTRIBUTE A TEST	Disk Wipe CONTRIBUTE A TEST
Phishing CONTRIBUTE A TEST	Exploitation for Client Execution CONTRIBUTE A TEST	Authentication Package	Boot or Logon Autostart Execution	Clear Command History	Credentials In Files	Domain Groups	Remote Services CONTRIBUTE A TEST	Confluence CONTRIBUTE A TEST	Exfiltration over USB CONTRIBUTE A TEST	Domain Generation Algorithms CONTRIBUTE A TEST	Endpoint Denial of Service CONTRIBUTE A TEST
Replication Through Removable Media	Graphical User Interface CONTRIBUTE A TEST	BITS Jobs	Boot or Logon Initialization Scripts CONTRIBUTE A TEST	Clear Linux or Mac System Logs	Credentials from Password Stores	Domain Trust Discovery	Replication Through Removable Media	Credential API Hooking	Exfiltration to Cloud Storage CONTRIBUTE A TEST	Dynamic Resolution CONTRIBUTE A TEST	External Defacement CONTRIBUTE A TEST
Spearphishing Attachment	Inter-Process Communication CONTRIBUTE A TEST	Boot or Logon Autostart Execution	Bypass User Account Control	Clear Windows Event Logs	Credentials from Web Browsers	Email Account CONTRIBUTE A TEST	SMB/Windows Admin Shares	Data Staged CONTRIBUTE A TEST	Exfiltration to Code Repository CONTRIBUTE A TEST	Encrypted Channel	Firmware Corruption CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST	JavaScript CONTRIBUTE A TEST	Boot or Logon Initialization Scripts CONTRIBUTE A TEST	COR_PROFILER	Cloud Accounts	Credentials in Registry	File and Directory Discovery	SSH CONTRIBUTE A TEST	Data from Cloud Storage Object CONTRIBUTE A TEST	Scheduled Transfer CONTRIBUTE A TEST	External Proxy CONTRIBUTE A TEST	Inhibit System Recovery
Spearphishing via Service CONTRIBUTE A TEST	Launchctl	Bootkit CONTRIBUTE A TEST	Change Default File Association	Code Signing CONTRIBUTE A TEST	DCSync	Group Policy Discovery	SSH Hijacking CONTRIBUTE A TEST	Data from Configuration Repository CONTRIBUTE A TEST	Traffic Duplication CONTRIBUTE A TEST	Fallback Channels CONTRIBUTE A TEST	Internal Defacement
Supply Chain Compromise CONTRIBUTE A TEST	Launchd	Browser Extensions	Cloud Accounts	Code Signing Policy Modification CONTRIBUTE A TEST	Domain Controller Authentication CONTRIBUTE A TEST	Internet Connection Discovery CONTRIBUTE A TEST	Shared Webroot CONTRIBUTE A TEST	Data from Information Repositories CONTRIBUTE A TEST	Transfer Data to Cloud Account CONTRIBUTE A TEST	Fast Flux DNS CONTRIBUTE A TEST	Network Denial of Service CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST	Malicious File	COR_PROFILER	Component Object Model Hijacking	Compile After Delivery	Exploitation for Credential Access CONTRIBUTE A TEST	Local Account	Software Deployment Tools	Data from Local System CONTRIBUTE A TEST		File Transfer Protocols CONTRIBUTE A TEST	OS Exhaustion Flood CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST	Malicious Image CONTRIBUTE A TEST	Change Default File Association	Container Orchestration Job	Compiled HTML File	Forced Authentication	Local Groups	Taint Shared Content CONTRIBUTE A TEST	Data from Network Shared Drive		Ingress Tool Transfer	Reflection Amplification CONTRIBUTE A TEST
	Malicious Link CONTRIBUTE A TEST	Cloud Account	Create Process with Token	Component Firmware CONTRIBUTE A TEST	Forge Web Credentials CONTRIBUTE A TEST	Network Service Scanning	Use Alternate Authentication Material CONTRIBUTE A TEST	Data from Removable Media CONTRIBUTE A TEST		Internal Proxy	Resource Hijacking
	Native API	Cloud Accounts	Create or Modify System Process CONTRIBUTE A TEST	Control Panel	GUI Input Capture	Network Share Discovery	VNC CONTRIBUTE A TEST	Email Collection CONTRIBUTE A TEST		Junk Data CONTRIBUTE A TEST	Runtime Data Manipulation CONTRIBUTE A TEST
	Network Device CLI CONTRIBUTE A TEST	Component Firmware CONTRIBUTE A TEST	Cron	Create Cloud Instance CONTRIBUTE A TEST	Golden Ticket	Network Sniffing	Web Session Cookie CONTRIBUTE A TEST	Email Forwarding Rule CONTRIBUTE A TEST		Mail Protocols CONTRIBUTE A TEST	Service Exhaustion Flood CONTRIBUTE A TEST
	PowerShell	Component Object Model Hijacking	DLL Search Order Hijacking	Create Process with Token	Group Policy Preferences	Password Policy Discovery	Windows Remote Management	GUI Input Capture		Multi-Stage Channels CONTRIBUTE A TEST	Service Stop
	Python	Compromise Client Software Binary CONTRIBUTE A TEST	DLL Side-Loading	Create Snapshot CONTRIBUTE A TEST	Input Capture CONTRIBUTE A TEST	Peripheral Device Discovery		Input Capture CONTRIBUTE A TEST		Multi-hop Proxy	Stored Data Manipulation CONTRIBUTE A TEST
	Scheduled Task	Container Orchestration Job	Default Accounts	DLL Search Order Hijacking	Kerberoasting	Permission Groups Discovery CONTRIBUTE A TEST		Keylogging		Multiband Communication CONTRIBUTE A TEST	System Shutdown/Reboot
	Scheduled Task/Job CONTRIBUTE A TEST	Create Account CONTRIBUTE A TEST	Domain Accounts CONTRIBUTE A TEST	DLL Side-Loading	Keychain	Process Discovery		LLMNR/NBT-NS Poisoning and SMB Relay		Non-Application Layer Protocol	Transmitted Data Manipulation CONTRIBUTE A TEST
	Scripting CONTRIBUTE A TEST	Create or Modify System Process CONTRIBUTE A TEST	Domain Policy Modification CONTRIBUTE A TEST	Default Accounts	Keylogging	Query Registry		Local Data Staging		Non-Standard Encoding CONTRIBUTE A TEST
	Service Execution	Cron	Domain Trust Modification	Delete Cloud Instance CONTRIBUTE A TEST	LLMNR/NBT-NS Poisoning and SMB Relay	Remote System Discovery		Local Email Collection		Non-Standard Port
	Shared Modules CONTRIBUTE A TEST	DLL Search Order Hijacking	Dylib Hijacking CONTRIBUTE A TEST	Deobfuscate/Decode Files or Information	LSA Secrets	Security Software Discovery		Network Device Configuration Dump CONTRIBUTE A TEST		One-Way Communication CONTRIBUTE A TEST
	Software Deployment Tools	DLL Side-Loading	Dynamic Linker Hijacking	Deploy Container CONTRIBUTE A TEST	LSASS Memory	Software Discovery		Remote Data Staging CONTRIBUTE A TEST		Port Knocking CONTRIBUTE A TEST
	Source CONTRIBUTE A TEST	Default Accounts	Dynamic-link Library Injection	Direct Volume Access	Modify Authentication Process CONTRIBUTE A TEST	System Checks		Remote Email Collection CONTRIBUTE A TEST		Protocol Impersonation CONTRIBUTE A TEST
	System Services CONTRIBUTE A TEST	Domain Account	Elevated Execution with Prompt CONTRIBUTE A TEST	Disable Cloud Logs	NTDS	System Information Discovery		SNMP (MIB Dump) CONTRIBUTE A TEST		Protocol Tunneling
	Systemd Timers	Domain Accounts CONTRIBUTE A TEST	Emond	Disable Crypto Hardware CONTRIBUTE A TEST	Network Device Authentication CONTRIBUTE A TEST	System Language Discovery		Screen Capture		Proxy CONTRIBUTE A TEST
	Unix Shell	Domain Controller Authentication CONTRIBUTE A TEST	Escape to Host	Disable Windows Event Logging	Network Sniffing	System Location Discovery CONTRIBUTE A TEST		Sharepoint CONTRIBUTE A TEST		Remote Access Software
	User Execution CONTRIBUTE A TEST	Dylib Hijacking CONTRIBUTE A TEST	Event Triggered Execution CONTRIBUTE A TEST	Disable or Modify Cloud Firewall CONTRIBUTE A TEST	OS Credential Dumping	System Network Configuration Discovery		Video Capture		Standard Encoding
	Visual Basic	Dynamic Linker Hijacking	Executable Installer File Permissions Weakness CONTRIBUTE A TEST	Disable or Modify System Firewall	Password Cracking	System Network Connections Discovery		Web Portal Capture CONTRIBUTE A TEST		Steganography CONTRIBUTE A TEST
	Windows Command Shell	Emond	Exploitation for Privilege Escalation CONTRIBUTE A TEST	Disable or Modify Tools	Password Filter DLL	System Owner/User Discovery				Symmetric Cryptography CONTRIBUTE A TEST
	Windows Management Instrumentation	Event Triggered Execution CONTRIBUTE A TEST	Extra Window Memory Injection CONTRIBUTE A TEST	Domain Accounts CONTRIBUTE A TEST	Password Guessing	System Service Discovery				Traffic Signaling CONTRIBUTE A TEST
		Exchange Email Delegate Permissions CONTRIBUTE A TEST	Group Policy Modification CONTRIBUTE A TEST	Domain Controller Authentication CONTRIBUTE A TEST	Password Managers CONTRIBUTE A TEST	System Time Discovery				Web Protocols
		Executable Installer File Permissions Weakness CONTRIBUTE A TEST	Hijack Execution Flow CONTRIBUTE A TEST	Domain Policy Modification CONTRIBUTE A TEST	Password Spraying	Time Based Evasion CONTRIBUTE A TEST				Web Service CONTRIBUTE A TEST
		External Remote Services	Image File Execution Options Injection	Domain Trust Modification	Pluggable Authentication Modules	User Activity Based Checks CONTRIBUTE A TEST
		Hijack Execution Flow CONTRIBUTE A TEST	Kernel Modules and Extensions	Double File Extension CONTRIBUTE A TEST	Private Keys	Virtualization/Sandbox Evasion CONTRIBUTE A TEST
		Hypervisor CONTRIBUTE A TEST	LC_LOAD_DYLIB Addition CONTRIBUTE A TEST	Downgrade Attack CONTRIBUTE A TEST	Proc Filesystem
		IIS Components CONTRIBUTE A TEST	LSASS Driver CONTRIBUTE A TEST	Downgrade System Image CONTRIBUTE A TEST	SAML Tokens
		Image File Execution Options Injection	Launch Agent	Dylib Hijacking CONTRIBUTE A TEST	Security Account Manager
		Implant Internal Image CONTRIBUTE A TEST	Launch Daemon	Dynamic Linker Hijacking	Securityd Memory CONTRIBUTE A TEST
		Kernel Modules and Extensions	Launchd	Dynamic-link Library Injection	Silver Ticket
		LC_LOAD_DYLIB Addition CONTRIBUTE A TEST	Local Accounts	Elevated Execution with Prompt CONTRIBUTE A TEST	Steal Application Access Token CONTRIBUTE A TEST
		LSASS Driver CONTRIBUTE A TEST	Login Items CONTRIBUTE A TEST	Email Hiding Rules CONTRIBUTE A TEST	Steal Web Session Cookie
		Launch Agent	Logon Script (Mac)	Environmental Keying CONTRIBUTE A TEST	Steal or Forge Kerberos Tickets CONTRIBUTE A TEST
		Launch Daemon	Logon Script (Windows)	Executable Installer File Permissions Weakness CONTRIBUTE A TEST	Two-Factor Authentication Interception CONTRIBUTE A TEST
		Launchd	Make and Impersonate Token CONTRIBUTE A TEST	Execution Guardrails CONTRIBUTE A TEST	Unsecured Credentials CONTRIBUTE A TEST
		Local Account	Netsh Helper DLL	Exploitation for Defense Evasion CONTRIBUTE A TEST	Web Cookies CONTRIBUTE A TEST
		Local Accounts	Network Logon Script CONTRIBUTE A TEST	Extra Window Memory Injection CONTRIBUTE A TEST	Web Portal Capture CONTRIBUTE A TEST
		Login Items CONTRIBUTE A TEST	Parent PID Spoofing	File Deletion	Windows Credential Manager
		Logon Script (Mac)	Path Interception CONTRIBUTE A TEST	File and Directory Permissions Modification CONTRIBUTE A TEST
		Logon Script (Windows)	Path Interception by PATH Environment Variable CONTRIBUTE A TEST	Gatekeeper Bypass
		Modify Authentication Process CONTRIBUTE A TEST	Path Interception by Search Order Hijacking CONTRIBUTE A TEST	Group Policy Modification CONTRIBUTE A TEST
		Netsh Helper DLL	Path Interception by Unquoted Path	HTML Smuggling CONTRIBUTE A TEST
		Network Device Authentication CONTRIBUTE A TEST	Plist Modification	Hidden File System CONTRIBUTE A TEST
		Network Logon Script CONTRIBUTE A TEST	Port Monitors	Hidden Files and Directories
		Office Application Startup	Portable Executable Injection CONTRIBUTE A TEST	Hidden Users
		Office Template Macros CONTRIBUTE A TEST	PowerShell Profile	Hidden Window
		Office Test	Print Processors CONTRIBUTE A TEST	Hide Artifacts
		Outlook Forms CONTRIBUTE A TEST	Proc Memory CONTRIBUTE A TEST	Hijack Execution Flow CONTRIBUTE A TEST
		Outlook Home Page	Process Doppelgänging CONTRIBUTE A TEST	Impair Command History Logging
		Outlook Rules CONTRIBUTE A TEST	Process Hollowing	Impair Defenses CONTRIBUTE A TEST
		Password Filter DLL	Process Injection	Indicator Blocking
		Path Interception CONTRIBUTE A TEST	Ptrace System Calls CONTRIBUTE A TEST	Indicator Removal from Tools CONTRIBUTE A TEST
		Path Interception by PATH Environment Variable CONTRIBUTE A TEST	RC Scripts	Indicator Removal on Host
		Path Interception by Search Order Hijacking CONTRIBUTE A TEST	Re-opened Applications	Indirect Command Execution
		Path Interception by Unquoted Path	Registry Run Keys / Startup Folder	Install Root Certificate
		Plist Modification	SID-History Injection	InstallUtil
		Pluggable Authentication Modules	Scheduled Task	Invalid Code Signature CONTRIBUTE A TEST
		Port Knocking CONTRIBUTE A TEST	Scheduled Task/Job CONTRIBUTE A TEST	LC_MAIN Hijacking CONTRIBUTE A TEST
		Port Monitors	Screensaver	Linux and Mac File and Directory Permissions Modification
		PowerShell Profile	Security Support Provider	Local Accounts
		Pre-OS Boot CONTRIBUTE A TEST	Services File Permissions Weakness CONTRIBUTE A TEST	MMC CONTRIBUTE A TEST
		Print Processors CONTRIBUTE A TEST	Services Registry Permissions Weakness	MSBuild
		RC Scripts	Setuid and Setgid	Make and Impersonate Token CONTRIBUTE A TEST
		ROMMONkit CONTRIBUTE A TEST	Shortcut Modification	Mark-of-the-Web Bypass
		Re-opened Applications	Startup Items	Masquerade Task or Service
		Redundant Access CONTRIBUTE A TEST	Sudo and Sudo Caching	Masquerading
		Registry Run Keys / Startup Folder	Systemd Service	Match Legitimate Name or Location
		SQL Stored Procedures CONTRIBUTE A TEST	Systemd Timers	Mavinject CONTRIBUTE A TEST
		SSH Authorized Keys	Thread Execution Hijacking CONTRIBUTE A TEST	Modify Authentication Process CONTRIBUTE A TEST
		Scheduled Task	Thread Local Storage CONTRIBUTE A TEST	Modify Cloud Compute Infrastructure CONTRIBUTE A TEST
		Scheduled Task/Job CONTRIBUTE A TEST	Time Providers CONTRIBUTE A TEST	Modify Registry
		Screensaver	Token Impersonation/Theft	Modify System Image CONTRIBUTE A TEST
		Security Support Provider	Trap	Mshta
		Server Software Component CONTRIBUTE A TEST	Unix Shell Configuration Modification	Msiexec
		Services File Permissions Weakness CONTRIBUTE A TEST	VDSO Hijacking CONTRIBUTE A TEST	NTFS File Attributes
		Services Registry Permissions Weakness	Valid Accounts CONTRIBUTE A TEST	Network Address Translation Traversal CONTRIBUTE A TEST
		Shortcut Modification	Windows Management Instrumentation Event Subscription	Network Boundary Bridging CONTRIBUTE A TEST
		Startup Items	Windows Service	Network Device Authentication CONTRIBUTE A TEST
		System Firmware CONTRIBUTE A TEST	Winlogon Helper DLL	Network Share Connection Removal
		Systemd Service	XDG Autostart Entries CONTRIBUTE A TEST	Obfuscated Files or Information
		Systemd Timers		Odbcconf
		TFTP Boot CONTRIBUTE A TEST		Parent PID Spoofing
		Time Providers CONTRIBUTE A TEST		Pass the Hash
		Traffic Signaling CONTRIBUTE A TEST		Pass the Ticket
		Transport Agent		Password Filter DLL
		Trap		Patch System Image CONTRIBUTE A TEST
		Unix Shell Configuration Modification		Path Interception by PATH Environment Variable CONTRIBUTE A TEST
		Valid Accounts CONTRIBUTE A TEST		Path Interception by Search Order Hijacking CONTRIBUTE A TEST
		Web Shell		Path Interception by Unquoted Path
		Windows Management Instrumentation Event Subscription		Pluggable Authentication Modules
		Windows Service		Port Knocking CONTRIBUTE A TEST
		Winlogon Helper DLL		Portable Executable Injection CONTRIBUTE A TEST
		XDG Autostart Entries CONTRIBUTE A TEST		Pre-OS Boot CONTRIBUTE A TEST
				Proc Memory CONTRIBUTE A TEST
				Process Doppelgänging CONTRIBUTE A TEST
				Process Hollowing
				Process Injection
				Ptrace System Calls CONTRIBUTE A TEST
				PubPrn
				ROMMONkit CONTRIBUTE A TEST
				Reduce Key Space CONTRIBUTE A TEST
				Redundant Access CONTRIBUTE A TEST
				Reflective Code Loading CONTRIBUTE A TEST
				Regsvcs/Regasm
				Regsvr32
				Rename System Utilities
				Resource Forking CONTRIBUTE A TEST
				Revert Cloud Instance CONTRIBUTE A TEST
				Right-to-Left Override CONTRIBUTE A TEST
				Rogue Domain Controller
				Rootkit
				Run Virtual Instance
				Rundll32
				SID-History Injection
				SIP and Trust Provider Hijacking CONTRIBUTE A TEST
				Safe Mode Boot CONTRIBUTE A TEST
				Scripting CONTRIBUTE A TEST
				Services File Permissions Weakness CONTRIBUTE A TEST
				Services Registry Permissions Weakness
				Setuid and Setgid
				Signed Binary Proxy Execution
				Signed Script Proxy Execution
				Software Packing
				Space after Filename
				Steganography CONTRIBUTE A TEST
				Subvert Trust Controls CONTRIBUTE A TEST
				Sudo and Sudo Caching
				System Checks
				System Firmware CONTRIBUTE A TEST
				TFTP Boot CONTRIBUTE A TEST
				Template Injection
				Thread Execution Hijacking CONTRIBUTE A TEST
				Thread Local Storage CONTRIBUTE A TEST
				Time Based Evasion CONTRIBUTE A TEST
				Timestomp
				Token Impersonation/Theft
				Traffic Signaling CONTRIBUTE A TEST
				Trusted Developer Utilities Proxy Execution CONTRIBUTE A TEST
				Unused/Unsupported Cloud Regions CONTRIBUTE A TEST
				Use Alternate Authentication Material CONTRIBUTE A TEST
				User Activity Based Checks CONTRIBUTE A TEST
				VBA Stomping CONTRIBUTE A TEST
				VDSO Hijacking CONTRIBUTE A TEST
				Valid Accounts CONTRIBUTE A TEST
				Verclsid CONTRIBUTE A TEST
				Virtualization/Sandbox Evasion CONTRIBUTE A TEST
				Weaken Encryption CONTRIBUTE A TEST
				Web Session Cookie CONTRIBUTE A TEST
				Windows File and Directory Permissions Modification
				XSL Script Processing