security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d8ffdf2ee657f317d8a2de6d1790bd92972e075e
atomic-red-team/atomics/Indexes/Matrices/linux-matrix.md
T
CircleCI Atomic Red Team doc generator 6f757a1f88 Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-11 19:16:06 +00:00

33 lines
12 KiB
Markdown
Raw Blame History

# Linux Atomic Tests by ATT&CK Tactic & Technique
| initial-access | execution | persistence | privilege-escalation | defense-evasion | credential-access | discovery | lateral-movement | collection | exfiltration | command-and-control | impact |
|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|
| Drive-by Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Command-Line Interface](../../T1059/T1059.md) | [.bash_profile and .bashrc](../../T1156/T1156.md) | Exploitation for Privilege Escalation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Account Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Account Discovery](../../T1087/T1087.md) | Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Audio Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Automated Exfiltration [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Commonly Used Port [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Account Access Removal [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| Exploit Public-Facing Application [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exploitation for Client Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Account Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Process Injection](../../T1055/T1055.md) | [Binary Padding](../../T1009/T1009.md) | [Bash History](../../T1139/T1139.md) | [Browser Bookmark Discovery](../../T1217/T1217.md) | Application Deployment Software [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Automated Collection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Compressed](../../T1002/T1002.md) | Communication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Destruction](../../T1485/T1485.md) |
| Hardware Additions [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Graphical User Interface [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Bootkit [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Setuid and Setgid](../../T1166/T1166.md) | [Clear Command History](../../T1146/T1146.md) | Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Service Dashboard [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exploitation of Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Clipboard Data [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Encrypted](../../T1022/T1022.md) | [Connection Proxy](../../T1090/T1090.md) | Data Encrypted for Impact [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| Spearphishing Attachment [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Local Job Scheduling](../../T1168/T1168.md) | [Browser Extensions](../../T1176/T1176.md) | [Sudo](../../T1169/T1169.md) | Compile After Delivery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Instance Metadata API [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Service Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Internal Spearphishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Staged](../../T1074/T1074.md) | [Data Transfer Size Limits](../../T1030/T1030.md) | Custom Command and Control Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| Spearphishing Link [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Scripting](../../T1064/T1064.md) | [Create Account](../../T1136/T1136.md) | [Sudo Caching](../../T1206/T1206.md) | [Connection Proxy](../../T1090/T1090.md) | Credential Dumping [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [File and Directory Discovery](../../T1083/T1083.md) | [Remote File Copy](../../T1105/T1105.md) | Data from Cloud Storage Object [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Exfiltration Over Alternative Protocol](../../T1048/T1048.md) | Custom Cryptographic Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disk Content Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| Spearphishing via Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Source](../../T1153/T1153.md) | [Hidden Files and Directories](../../T1158/T1158.md) | Valid Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Disabling Security Tools](../../T1089/T1089.md) | Credentials from Web Browsers [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Service Scanning](../../T1046/T1046.md) | Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Information Repositories [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Command and Control Channel [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Encoding](../../T1132/T1132.md) | Disk Structure Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| Supply Chain Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Space after Filename [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Implant Container Image [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Web Shell [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Execution Guardrails [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Credentials in Files](../../T1081/T1081.md) | [Network Share Discovery](../../T1135/T1135.md) | SSH Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Local System [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data Obfuscation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Endpoint Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| Trusted Relationship [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Third-party Software [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Kernel Modules and Extensions](../../T1215/T1215.md) | | Exploitation for Defense Evasion [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Sniffing](../../T1040/T1040.md) | Third-party Software [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Network Shared Drive [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Physical Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Domain Fronting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Firmware Corruption [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| Valid Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Trap](../../T1154/T1154.md) | [Local Job Scheduling](../../T1168/T1168.md) | | [File Deletion](../../T1107/T1107.md) | Input Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Password Policy Discovery](../../T1201/T1201.md) | Web Session Cookie [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Scheduled Transfer [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Domain Generation Algorithms [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Inhibit System Recovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| | User Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Office Application Startup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | [File and Directory Permissions Modification](../../T1222/T1222.md) | [Network Sniffing](../../T1040/T1040.md) | [Permission Groups Discovery](../../T1069/T1069.md) | | Email Collection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Transfer Data to Cloud Account [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Fallback Channels [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| | | Port Knocking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | [HISTCONTROL](../../T1148/T1148.md) | [Private Keys](../../T1145/T1145.md) | [Process Discovery](../../T1057/T1057.md) | | Input Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | Multi-Stage Channels [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Resource Hijacking](../../T1496/T1496.md) |
| | | Redundant Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | [Hidden Files and Directories](../../T1158/T1158.md) | Steal Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Remote System Discovery](../../T1018/T1018.md) | | [Screen Capture](../../T1113/T1113.md) | | Multi-hop Proxy [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Runtime Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| | | Server Software Component [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | Indicator Removal from Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Steal Web Session Cookie [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Software Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | Multiband Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Stored Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| | | [Setuid and Setgid](../../T1166/T1166.md) | | [Indicator Removal on Host](../../T1070/T1070.md) | Two-Factor Authentication Interception [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [System Information Discovery](../../T1082/T1082.md) | | | | Multilayer Encryption [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [System Shutdown/Reboot](../../T1529/T1529.md) |
| | | [Systemd Service](../../T1501/T1501.md) | | [Install Root Certificate](../../T1130/T1130.md) | | [System Network Configuration Discovery](../../T1016/T1016.md) | | | | Port Knocking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Transmitted Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
| | | [Trap](../../T1154/T1154.md) | | [Masquerading](../../T1036/T1036.md) | | [System Network Connections Discovery](../../T1049/T1049.md) | | | | Remote Access Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | |
| | | Valid Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | [Obfuscated Files or Information](../../T1027/T1027.md) | | [System Owner/User Discovery](../../T1033/T1033.md) | | | | [Remote File Copy](../../T1105/T1105.md) | |
| | | Web Shell [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | Port Knocking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | [Standard Application Layer Protocol](../../T1071/T1071.md) | |
| | | | | [Process Injection](../../T1055/T1055.md) | | | | | | Standard Cryptographic Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | |
| | | | | Redundant Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | Standard Non-Application Layer Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | |
| | | | | Revert Cloud Instance [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | [Uncommonly Used Port](../../T1065/T1065.md) | |
| | | | | [Rootkit](../../T1014/T1014.md) | | | | | | Web Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | |
| | | | | [Scripting](../../T1064/T1064.md) | | | | | | | |
| | | | | Space after Filename [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | | |
| | | | | [Timestomp](../../T1099/T1099.md) | | | | | | | |
| | | | | Unused/Unsupported Cloud Regions [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | | |
| | | | | Valid Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | | |
| | | | | Web Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | | |
| | | | | Web Session Cookie [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | | | | | | |
Reference in New Issue View Git Blame Copy Permalink