atomic-red-team/Linux

MITRE ATT&CK Matrix - Linux

Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Execution	Collection	Exfiltration	Command and Control
.bash_profile and .bashrc	Exploitation of Vulnerability	Binary Padding	Bash History	Account Discovery	Application Deployment Software	Command-Line Interface	Audio Capture	Automated Exfiltration	Commonly Used Port
Bootkit	Setuid and Setgid	Clear Command History	Brute Force	File and Directory Discovery	Exploitation of Vulnerability	Graphical User Interface	Automated Collection	Data Compressed	Communication Through Removable Media
Cron Job	Sudo	Disabling Security Tools	Create Account	Permission Groups Discovery	Remote File Copy	Scripting	Clipboard Data	Data Encrypted	Connection Proxy
Hidden Files and Directories	Valid Accounts	Exploitation of Vulnerability	Credentials in Files	Process Discovery	Remote Services	Source	Data Staged	Data Transfer Size Limits	Custom Command and Control Protocol
Rc.common	Web Shell	File Deletion	Exploitation of Vulnerability	System Information Discovery	Third-party Software	Space after Filename	Data from Local System	Exfiltration Over Alternative Protocol	Custom Cryptographic Protocol
Redundant Access		HISTCONTROL	Input Capture	System Network Configuration Discovery		Third-party Software	Data from Network Shared Drive	Exfiltration Over Command and Control Channel	Data Encoding
Trap		Hidden Files and Directories	Network Sniffing	System Network Connections Discovery		Trap	Data from Removable Media	Exfiltration Over Other Network Medium	Data Obfuscation
Valid Accounts		Indicator Removal from Tools	Private Keys	System Owner/User Discovery			Input Capture	Exfiltration Over Physical Medium	Fallback Channels
Web Shell		Indicator Removal on Host	Two-Factor Authentication Interception				Screen Capture	Scheduled Transfer	Multi-Stage Channels
		Install Root Certificate							Multiband Communication
		Masquerading							Multilayer Encryption
		Redundant Access							Remote File Copy
		Scripting							Standard Application Layer Protocol
		Space after Filename							Standard Cryptographic Protocol
		Timestomp							Standard Non-Application Layer Protocol
		Valid Accounts							Uncommonly Used Port
									Web Service