MITRE ATT&CK Matrix - Mac

Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Execution	Collection	Exfiltration	Command and Control
.bash_profile and .bashrc	Dylib Hijacking	Binary Padding	Bash History	Account Discovery	AppleScript	AppleScript	Audio Capture	Automated Exfiltration	Commonly Used Port
Browser Extensions	Exploitation of Vulnerability	Clear Command History	Brute Force	Application Window Discovery	Application Deployment Software	Command-Line Interface	Automated Collection	Data Compressed	Communication Through Removable Media
Create Account	Launch Daemon	Code Signing	Credentials in Files	File and Directory Discovery	Exploitation of Vulnerability	Graphical User Interface	Browser Extensions	Data Encrypted	Connection Proxy
Dylib Hijacking	Plist Modification	Disabling Security Tools	Exploitation of Vulnerability	Network Service Scanning	Logon Scripts	Launchctl	Clipboard Data	Data Transfer Size Limits	Custom Command and Control Protocol
Hidden Files and Directories	Process Injection	Exploitation of Vulnerability	Input Capture	Network Share Discovery	Remote File Copy	Local Job Scheduling	Data Staged	Exfiltration Over Alternative Protocol	Custom Cryptographic Protocol
LC_LOAD_DYLIB Addition	Setuid and Setgid	File Deletion	Input Prompt	Permission Groups Discovery	Remote Services	Scripting	Data from Local System	Exfiltration Over Command and Control Channel	Data Encoding
Launch Agent	Startup Items	Gatekeeper Bypass	Keychain	Process Discovery	SSH Hijacking	Source	Data from Network Shared Drive	Exfiltration Over Other Network Medium	Data Obfuscation
Launch Daemon	Sudo	HISTCONTROL	Network Sniffing	Remote System Discovery	Third-party Software	Space after Filename	Data from Removable Media	Exfiltration Over Physical Medium	Domain Fronting
Launchctl	Valid Accounts	Hidden Files and Directories	Private Keys	Security Software Discovery		Third-party Software	Input Capture	Scheduled Transfer	Fallback Channels
Local Job Scheduling	Web Shell	Hidden Users	Securityd Memory	System Information Discovery		Trap	Screen Capture		Multi-Stage Channels
Login Item		Hidden Window	Two-Factor Authentication Interception	System Network Configuration Discovery					Multi-hop Proxy
Logon Scripts		Indicator Removal from Tools		System Network Connections Discovery					Multiband Communication
Plist Modification		Indicator Removal on Host		System Owner/User Discovery					Multilayer Encryption
Rc.common		LC_MAIN Hijacking							Remote File Copy
Re-opened Applications		Launchctl							Standard Application Layer Protocol
Redundant Access		Masquerading							Standard Cryptographic Protocol
Startup Items		Obfuscated Files or Information							Standard Non-Application Layer Protocol
Trap		Plist Modification							Uncommonly Used Port
Valid Accounts		Process Injection							Web Service
Web Shell		Redundant Access
		Rootkit
		Scripting
		Space after Filename
		Valid Accounts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

MITRE ATT&CK Matrix - Mac

Files

README.md

Latest commit

History

README.md

File metadata and controls

MITRE ATT&CK Matrix - Mac