| Compromise Hardware Supply Chain CONTRIBUTE A TEST |
At (Windows) |
Accessibility Features |
Abuse Elevation Control Mechanism CONTRIBUTE A TEST |
Abuse Elevation Control Mechanism CONTRIBUTE A TEST |
ARP Cache Poisoning CONTRIBUTE A TEST |
Account Discovery CONTRIBUTE A TEST |
Component Object Model and Distributed COM CONTRIBUTE A TEST |
ARP Cache Poisoning CONTRIBUTE A TEST |
Automated Exfiltration |
Application Layer Protocol CONTRIBUTE A TEST |
Account Access Removal |
| Compromise Software Dependencies and Development Tools CONTRIBUTE A TEST |
Command and Scripting Interpreter CONTRIBUTE A TEST |
Account Manipulation |
Access Token Manipulation CONTRIBUTE A TEST |
Access Token Manipulation CONTRIBUTE A TEST |
AS-REP Roasting |
Application Window Discovery |
Distributed Component Object Model |
Adversary-in-the-Middle CONTRIBUTE A TEST |
Data Transfer Size Limits CONTRIBUTE A TEST |
Asymmetric Cryptography CONTRIBUTE A TEST |
Application Exhaustion Flood CONTRIBUTE A TEST |
| Compromise Software Supply Chain CONTRIBUTE A TEST |
Component Object Model CONTRIBUTE A TEST |
Active Setup CONTRIBUTE A TEST |
Accessibility Features |
Asynchronous Procedure Call |
Adversary-in-the-Middle CONTRIBUTE A TEST |
Browser Bookmark Discovery |
Exploitation of Remote Services CONTRIBUTE A TEST |
Archive Collected Data |
Exfiltration Over Alternative Protocol |
Bidirectional Communication CONTRIBUTE A TEST |
Application or System Exploitation CONTRIBUTE A TEST |
| Default Accounts |
Component Object Model and Distributed COM CONTRIBUTE A TEST |
Add-ins |
Active Setup CONTRIBUTE A TEST |
BITS Jobs |
Brute Force CONTRIBUTE A TEST |
Domain Account |
Internal Spearphishing CONTRIBUTE A TEST |
Archive via Custom Method CONTRIBUTE A TEST |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
Commonly Used Port CONTRIBUTE A TEST |
Data Destruction |
| Domain Accounts CONTRIBUTE A TEST |
Dynamic Data Exchange |
AppCert DLLs CONTRIBUTE A TEST |
AppCert DLLs CONTRIBUTE A TEST |
Binary Padding CONTRIBUTE A TEST |
Cached Domain Credentials |
Domain Groups |
Lateral Tool Transfer CONTRIBUTE A TEST |
Archive via Library CONTRIBUTE A TEST |
Exfiltration Over Bluetooth CONTRIBUTE A TEST |
Communication Through Removable Media CONTRIBUTE A TEST |
Data Encrypted for Impact |
| Drive-by Compromise CONTRIBUTE A TEST |
Exploitation for Client Execution CONTRIBUTE A TEST |
AppInit DLLs |
AppInit DLLs |
Bootkit CONTRIBUTE A TEST |
Credential API Hooking |
Domain Trust Discovery |
Pass the Hash |
Archive via Utility |
Exfiltration Over C2 Channel |
DNS |
Data Manipulation CONTRIBUTE A TEST |
| Exploit Public-Facing Application CONTRIBUTE A TEST |
Graphical User Interface CONTRIBUTE A TEST |
Application Shimming |
Application Shimming |
Bypass User Account Control |
Credential Stuffing CONTRIBUTE A TEST |
Email Account CONTRIBUTE A TEST |
Pass the Ticket |
Audio Capture |
Exfiltration Over Other Network Medium CONTRIBUTE A TEST |
DNS Calculation CONTRIBUTE A TEST |
Defacement CONTRIBUTE A TEST |
| External Remote Services |
Inter-Process Communication CONTRIBUTE A TEST |
At (Windows) |
Asynchronous Procedure Call |
CMSTP |
Credentials In Files |
File and Directory Discovery |
RDP Hijacking |
Automated Collection |
Exfiltration Over Physical Medium CONTRIBUTE A TEST |
Data Encoding CONTRIBUTE A TEST |
Direct Network Flood CONTRIBUTE A TEST |
| Hardware Additions CONTRIBUTE A TEST |
JavaScript CONTRIBUTE A TEST |
Authentication Package |
At (Windows) |
COR_PROFILER |
Credentials from Password Stores |
Group Policy Discovery |
Remote Desktop Protocol |
Browser Session Hijacking CONTRIBUTE A TEST |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST |
Data Obfuscation CONTRIBUTE A TEST |
Disk Content Wipe CONTRIBUTE A TEST |
| Local Accounts |
Malicious File |
BITS Jobs |
Authentication Package |
Clear Command History |
Credentials from Web Browsers |
Internet Connection Discovery CONTRIBUTE A TEST |
Remote Service Session Hijacking CONTRIBUTE A TEST |
Clipboard Data |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
Dead Drop Resolver CONTRIBUTE A TEST |
Disk Structure Wipe CONTRIBUTE A TEST |
| Phishing CONTRIBUTE A TEST |
Malicious Link CONTRIBUTE A TEST |
Boot or Logon Autostart Execution |
Boot or Logon Autostart Execution |
Clear Windows Event Logs |
Credentials in Registry |
Local Account |
Remote Services CONTRIBUTE A TEST |
Credential API Hooking |
Exfiltration Over Web Service |
Domain Fronting CONTRIBUTE A TEST |
Disk Wipe CONTRIBUTE A TEST |
| Replication Through Removable Media |
Native API |
Boot or Logon Initialization Scripts CONTRIBUTE A TEST |
Boot or Logon Initialization Scripts CONTRIBUTE A TEST |
Code Signing CONTRIBUTE A TEST |
DCSync |
Local Groups |
Replication Through Removable Media |
Data Staged CONTRIBUTE A TEST |
Exfiltration over USB CONTRIBUTE A TEST |
Domain Generation Algorithms CONTRIBUTE A TEST |
Endpoint Denial of Service CONTRIBUTE A TEST |
| Spearphishing Attachment |
PowerShell |
Bootkit CONTRIBUTE A TEST |
Bypass User Account Control |
Code Signing Policy Modification CONTRIBUTE A TEST |
Domain Controller Authentication CONTRIBUTE A TEST |
Network Service Scanning |
SMB/Windows Admin Shares |
Data from Information Repositories CONTRIBUTE A TEST |
Exfiltration to Cloud Storage CONTRIBUTE A TEST |
Dynamic Resolution CONTRIBUTE A TEST |
External Defacement CONTRIBUTE A TEST |
| Spearphishing Link CONTRIBUTE A TEST |
Python CONTRIBUTE A TEST |
Browser Extensions |
COR_PROFILER |
Compile After Delivery |
Exploitation for Credential Access CONTRIBUTE A TEST |
Network Share Discovery |
Shared Webroot CONTRIBUTE A TEST |
Data from Local System CONTRIBUTE A TEST |
Exfiltration to Code Repository CONTRIBUTE A TEST |
Encrypted Channel |
Firmware Corruption CONTRIBUTE A TEST |
| Spearphishing via Service CONTRIBUTE A TEST |
Scheduled Task |
COR_PROFILER |
Change Default File Association |
Compiled HTML File |
Forced Authentication |
Network Sniffing |
Software Deployment Tools |
Data from Network Shared Drive |
Scheduled Transfer CONTRIBUTE A TEST |
External Proxy CONTRIBUTE A TEST |
Inhibit System Recovery |
| Supply Chain Compromise CONTRIBUTE A TEST |
Scheduled Task/Job CONTRIBUTE A TEST |
Change Default File Association |
Component Object Model Hijacking |
Component Firmware CONTRIBUTE A TEST |
Forge Web Credentials CONTRIBUTE A TEST |
Password Policy Discovery |
Taint Shared Content CONTRIBUTE A TEST |
Data from Removable Media CONTRIBUTE A TEST |
|
Fallback Channels CONTRIBUTE A TEST |
Internal Defacement |
| Trusted Relationship CONTRIBUTE A TEST |
Scripting CONTRIBUTE A TEST |
Component Firmware CONTRIBUTE A TEST |
Create Process with Token |
Control Panel |
GUI Input Capture |
Peripheral Device Discovery |
Use Alternate Authentication Material CONTRIBUTE A TEST |
Email Collection CONTRIBUTE A TEST |
|
Fast Flux DNS CONTRIBUTE A TEST |
Network Denial of Service CONTRIBUTE A TEST |
| Valid Accounts CONTRIBUTE A TEST |
Service Execution |
Component Object Model Hijacking |
Create or Modify System Process CONTRIBUTE A TEST |
Create Process with Token |
Golden Ticket |
Permission Groups Discovery CONTRIBUTE A TEST |
VNC CONTRIBUTE A TEST |
Email Forwarding Rule CONTRIBUTE A TEST |
|
File Transfer Protocols CONTRIBUTE A TEST |
OS Exhaustion Flood CONTRIBUTE A TEST |
|
Shared Modules CONTRIBUTE A TEST |
Compromise Client Software Binary CONTRIBUTE A TEST |
DLL Search Order Hijacking |
DLL Search Order Hijacking |
Group Policy Preferences |
Process Discovery |
Windows Remote Management |
GUI Input Capture |
|
Ingress Tool Transfer |
Reflection Amplification CONTRIBUTE A TEST |
|
Software Deployment Tools |
Create Account CONTRIBUTE A TEST |
DLL Side-Loading |
DLL Side-Loading |
Input Capture CONTRIBUTE A TEST |
Query Registry |
|
Input Capture CONTRIBUTE A TEST |
|
Internal Proxy |
Resource Hijacking CONTRIBUTE A TEST |
|
System Services CONTRIBUTE A TEST |
Create or Modify System Process CONTRIBUTE A TEST |
Default Accounts |
Default Accounts |
Kerberoasting |
Remote System Discovery |
|
Keylogging |
|
Junk Data CONTRIBUTE A TEST |
Runtime Data Manipulation CONTRIBUTE A TEST |
|
User Execution CONTRIBUTE A TEST |
DLL Search Order Hijacking |
Domain Accounts CONTRIBUTE A TEST |
Deobfuscate/Decode Files or Information |
Keylogging |
Security Software Discovery |
|
LLMNR/NBT-NS Poisoning and SMB Relay |
|
Mail Protocols CONTRIBUTE A TEST |
Service Exhaustion Flood CONTRIBUTE A TEST |
|
Visual Basic |
DLL Side-Loading |
Domain Policy Modification CONTRIBUTE A TEST |
Direct Volume Access |
LLMNR/NBT-NS Poisoning and SMB Relay |
Software Discovery |
|
Local Data Staging |
|
Multi-Stage Channels CONTRIBUTE A TEST |
Service Stop |
|
Windows Command Shell |
Default Accounts |
Domain Trust Modification CONTRIBUTE A TEST |
Disable Windows Event Logging |
LSA Secrets |
System Checks |
|
Local Email Collection |
|
Multi-hop Proxy |
Stored Data Manipulation CONTRIBUTE A TEST |
|
Windows Management Instrumentation |
Domain Account |
Dynamic-link Library Injection |
Disable or Modify System Firewall |
LSASS Memory |
System Information Discovery |
|
Remote Data Staging CONTRIBUTE A TEST |
|
Multiband Communication CONTRIBUTE A TEST |
System Shutdown/Reboot |
|
|
Domain Accounts CONTRIBUTE A TEST |
Escape to Host CONTRIBUTE A TEST |
Disable or Modify Tools |
Modify Authentication Process CONTRIBUTE A TEST |
System Language Discovery |
|
Remote Email Collection CONTRIBUTE A TEST |
|
Non-Application Layer Protocol |
Transmitted Data Manipulation CONTRIBUTE A TEST |
|
|
Domain Controller Authentication CONTRIBUTE A TEST |
Event Triggered Execution CONTRIBUTE A TEST |
Domain Accounts CONTRIBUTE A TEST |
NTDS |
System Location Discovery CONTRIBUTE A TEST |
|
Screen Capture |
|
Non-Standard Encoding CONTRIBUTE A TEST |
|
|
|
Event Triggered Execution CONTRIBUTE A TEST |
Executable Installer File Permissions Weakness CONTRIBUTE A TEST |
Domain Controller Authentication CONTRIBUTE A TEST |
Network Sniffing |
System Network Configuration Discovery |
|
Sharepoint CONTRIBUTE A TEST |
|
Non-Standard Port |
|
|
|
Exchange Email Delegate Permissions CONTRIBUTE A TEST |
Exploitation for Privilege Escalation CONTRIBUTE A TEST |
Domain Policy Modification CONTRIBUTE A TEST |
OS Credential Dumping |
System Network Connections Discovery |
|
Video Capture |
|
One-Way Communication CONTRIBUTE A TEST |
|
|
|
Executable Installer File Permissions Weakness CONTRIBUTE A TEST |
Extra Window Memory Injection CONTRIBUTE A TEST |
Domain Trust Modification CONTRIBUTE A TEST |
Password Cracking |
System Owner/User Discovery |
|
Web Portal Capture CONTRIBUTE A TEST |
|
Port Knocking CONTRIBUTE A TEST |
|
|
|
External Remote Services |
Group Policy Modification CONTRIBUTE A TEST |
Double File Extension CONTRIBUTE A TEST |
Password Filter DLL |
System Service Discovery |
|
|
|
Protocol Impersonation CONTRIBUTE A TEST |
|
|
|
Hijack Execution Flow CONTRIBUTE A TEST |
Hijack Execution Flow CONTRIBUTE A TEST |
Downgrade Attack CONTRIBUTE A TEST |
Password Guessing |
System Time Discovery |
|
|
|
Protocol Tunneling |
|
|
|
Hypervisor CONTRIBUTE A TEST |
Image File Execution Options Injection |
Dynamic-link Library Injection |
Password Managers CONTRIBUTE A TEST |
Time Based Evasion CONTRIBUTE A TEST |
|
|
|
Proxy CONTRIBUTE A TEST |
|
|
|
IIS Components CONTRIBUTE A TEST |
LSASS Driver CONTRIBUTE A TEST |
Email Hiding Rules CONTRIBUTE A TEST |
Password Spraying |
User Activity Based Checks CONTRIBUTE A TEST |
|
|
|
Remote Access Software |
|
|
|
Image File Execution Options Injection |
Local Accounts |
Environmental Keying CONTRIBUTE A TEST |
Private Keys |
Virtualization/Sandbox Evasion CONTRIBUTE A TEST |
|
|
|
Standard Encoding |
|
|
|
LSASS Driver CONTRIBUTE A TEST |
Logon Script (Windows) |
Executable Installer File Permissions Weakness CONTRIBUTE A TEST |
SAML Tokens CONTRIBUTE A TEST |
|
|
|
|
Steganography CONTRIBUTE A TEST |
|
|
|
Local Account |
Make and Impersonate Token CONTRIBUTE A TEST |
Execution Guardrails CONTRIBUTE A TEST |
Security Account Manager |
|
|
|
|
Symmetric Cryptography CONTRIBUTE A TEST |
|
|
|
Local Accounts |
Netsh Helper DLL |
Exploitation for Defense Evasion CONTRIBUTE A TEST |
Silver Ticket |
|
|
|
|
Traffic Signaling CONTRIBUTE A TEST |
|
|
|
Logon Script (Windows) |
Network Logon Script CONTRIBUTE A TEST |
Extra Window Memory Injection CONTRIBUTE A TEST |
Steal Web Session Cookie |
|
|
|
|
Web Protocols |
|
|
|
Modify Authentication Process CONTRIBUTE A TEST |
Parent PID Spoofing |
File Deletion |
Steal or Forge Kerberos Tickets CONTRIBUTE A TEST |
|
|
|
|
Web Service CONTRIBUTE A TEST |
|
|
|
Netsh Helper DLL |
Path Interception CONTRIBUTE A TEST |
File and Directory Permissions Modification CONTRIBUTE A TEST |
Two-Factor Authentication Interception CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
Network Logon Script CONTRIBUTE A TEST |
Path Interception by PATH Environment Variable CONTRIBUTE A TEST |
Group Policy Modification CONTRIBUTE A TEST |
Unsecured Credentials CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
Office Application Startup |
Path Interception by Search Order Hijacking CONTRIBUTE A TEST |
HTML Smuggling CONTRIBUTE A TEST |
Web Cookies CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
Office Template Macros CONTRIBUTE A TEST |
Path Interception by Unquoted Path |
Hidden File System CONTRIBUTE A TEST |
Web Portal Capture CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
Office Test |
Port Monitors |
Hidden Files and Directories |
Windows Credential Manager |
|
|
|
|
|
|
|
|
Outlook Forms CONTRIBUTE A TEST |
Portable Executable Injection CONTRIBUTE A TEST |
Hidden Users CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Outlook Home Page |
PowerShell Profile |
Hidden Window |
|
|
|
|
|
|
|
|
|
Outlook Rules CONTRIBUTE A TEST |
Print Processors CONTRIBUTE A TEST |
Hide Artifacts |
|
|
|
|
|
|
|
|
|
Password Filter DLL |
Process Doppelgänging CONTRIBUTE A TEST |
Hijack Execution Flow CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Path Interception CONTRIBUTE A TEST |
Process Hollowing |
Impair Command History Logging CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Path Interception by PATH Environment Variable CONTRIBUTE A TEST |
Process Injection |
Impair Defenses CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Path Interception by Search Order Hijacking CONTRIBUTE A TEST |
Registry Run Keys / Startup Folder |
Indicator Blocking |
|
|
|
|
|
|
|
|
|
Path Interception by Unquoted Path |
SID-History Injection |
Indicator Removal from Tools CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Port Knocking CONTRIBUTE A TEST |
Scheduled Task |
Indicator Removal on Host |
|
|
|
|
|
|
|
|
|
Port Monitors |
Scheduled Task/Job CONTRIBUTE A TEST |
Indirect Command Execution |
|
|
|
|
|
|
|
|
|
PowerShell Profile |
Screensaver |
Install Root Certificate |
|
|
|
|
|
|
|
|
|
Pre-OS Boot CONTRIBUTE A TEST |
Security Support Provider |
InstallUtil |
|
|
|
|
|
|
|
|
|
Print Processors CONTRIBUTE A TEST |
Services File Permissions Weakness CONTRIBUTE A TEST |
Invalid Code Signature CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Redundant Access CONTRIBUTE A TEST |
Services Registry Permissions Weakness |
Local Accounts |
|
|
|
|
|
|
|
|
|
Registry Run Keys / Startup Folder |
Shortcut Modification |
MMC CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
SQL Stored Procedures CONTRIBUTE A TEST |
Thread Execution Hijacking CONTRIBUTE A TEST |
MSBuild |
|
|
|
|
|
|
|
|
|
Scheduled Task |
Thread Local Storage CONTRIBUTE A TEST |
Make and Impersonate Token CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Scheduled Task/Job CONTRIBUTE A TEST |
Time Providers CONTRIBUTE A TEST |
Mark-of-the-Web Bypass |
|
|
|
|
|
|
|
|
|
Screensaver |
Token Impersonation/Theft |
Masquerade Task or Service |
|
|
|
|
|
|
|
|
|
Security Support Provider |
Valid Accounts CONTRIBUTE A TEST |
Masquerading |
|
|
|
|
|
|
|
|
|
Server Software Component CONTRIBUTE A TEST |
Windows Management Instrumentation Event Subscription |
Match Legitimate Name or Location |
|
|
|
|
|
|
|
|
|
Services File Permissions Weakness CONTRIBUTE A TEST |
Windows Service |
Mavinject CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Services Registry Permissions Weakness |
Winlogon Helper DLL |
Modify Authentication Process CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
Shortcut Modification |
|
Modify Registry |
|
|
|
|
|
|
|
|
|
System Firmware CONTRIBUTE A TEST |
|
Mshta |
|
|
|
|
|
|
|
|
|
Time Providers CONTRIBUTE A TEST |
|
Msiexec |
|
|
|
|
|
|
|
|
|
Traffic Signaling CONTRIBUTE A TEST |
|
NTFS File Attributes |
|
|
|
|
|
|
|
|
|
Transport Agent |
|
Network Share Connection Removal |
|
|
|
|
|
|
|
|
|
Valid Accounts CONTRIBUTE A TEST |
|
Obfuscated Files or Information |
|
|
|
|
|
|
|
|
|
Web Shell |
|
Odbcconf |
|
|
|
|
|
|
|
|
|
Windows Management Instrumentation Event Subscription |
|
Parent PID Spoofing |
|
|
|
|
|
|
|
|
|
Windows Service |
|
Pass the Hash |
|
|
|
|
|
|
|
|
|
Winlogon Helper DLL |
|
Pass the Ticket |
|
|
|
|
|
|
|
|
|
|
|
Password Filter DLL |
|
|
|
|
|
|
|
|
|
|
|
Path Interception by PATH Environment Variable CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Path Interception by Search Order Hijacking CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Path Interception by Unquoted Path |
|
|
|
|
|
|
|
|
|
|
|
Port Knocking CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Portable Executable Injection CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Pre-OS Boot CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Process Doppelgänging CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Process Hollowing |
|
|
|
|
|
|
|
|
|
|
|
Process Injection |
|
|
|
|
|
|
|
|
|
|
|
PubPrn |
|
|
|
|
|
|
|
|
|
|
|
Redundant Access CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Reflective Code Loading CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Regsvcs/Regasm |
|
|
|
|
|
|
|
|
|
|
|
Regsvr32 |
|
|
|
|
|
|
|
|
|
|
|
Rename System Utilities |
|
|
|
|
|
|
|
|
|
|
|
Right-to-Left Override CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Rogue Domain Controller |
|
|
|
|
|
|
|
|
|
|
|
Rootkit CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Run Virtual Instance |
|
|
|
|
|
|
|
|
|
|
|
Rundll32 |
|
|
|
|
|
|
|
|
|
|
|
SID-History Injection |
|
|
|
|
|
|
|
|
|
|
|
SIP and Trust Provider Hijacking CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Safe Mode Boot CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Scripting CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Services File Permissions Weakness CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Services Registry Permissions Weakness |
|
|
|
|
|
|
|
|
|
|
|
Signed Binary Proxy Execution |
|
|
|
|
|
|
|
|
|
|
|
Signed Script Proxy Execution |
|
|
|
|
|
|
|
|
|
|
|
Software Packing CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Steganography CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Subvert Trust Controls CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
System Checks |
|
|
|
|
|
|
|
|
|
|
|
System Firmware CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Template Injection |
|
|
|
|
|
|
|
|
|
|
|
Thread Execution Hijacking CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Thread Local Storage CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Time Based Evasion CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Timestomp |
|
|
|
|
|
|
|
|
|
|
|
Token Impersonation/Theft |
|
|
|
|
|
|
|
|
|
|
|
Traffic Signaling CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Trusted Developer Utilities Proxy Execution CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Use Alternate Authentication Material CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
User Activity Based Checks CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
VBA Stomping CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Valid Accounts CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Verclsid CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Virtualization/Sandbox Evasion CONTRIBUTE A TEST |
|
|
|
|
|
|
|
|
|
|
|
Windows File and Directory Permissions Modification |
|
|
|
|
|
|
|
|
|
|
|
XSL Script Processing |
|
|
|
|
|
|
|
Atomic Red Team doc generator