Skip to content

Latest commit

 

History

History
44 lines (43 loc) · 19.4 KB

README.md

File metadata and controls

44 lines (43 loc) · 19.4 KB

MITRE ATT&CK Matrix - Windows

Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command and Control
Accessibility Features Access Token Manipulation Access Token Manipulation Account Manipulation Account Discovery Application Deployment Software Command-Line Interface Audio Capture Automated Exfiltration Commonly Used Port
AppCert DLLs Accessibility Features Binary Padding Brute Force Application Window Discovery Distributed Component Object Model Dynamic Data Exchange Automated Collection Data Compressed Communication Through Removable Media
AppInit DLLs AppCert DLLs Bypass User Account Control Credential Dumping File and Directory Discovery Exploitation of Vulnerability Execution through API Browser Extensions Data Encrypted Connection Proxy
Application Shimming AppInit DLLs Code Signing Credentials in Files Network Service Scanning Logon Scripts Execution through Module Load Clipboard Data Data Transfer Size Limits Custom Command and Control Protocol
Authentication Package Application Shimming Component Firmware Exploitation of Vulnerability Network Share Discovery Pass the Hash Graphical User Interface Data Staged Exfiltration Over Alternative Protocol Custom Cryptographic Protocol
Bootkit Bypass User Account Control Component Object Model Hijacking Forced Authentication Peripheral Device Discovery Pass the Ticket InstallUtil Data from Local System Exfiltration Over Command and Control Channel Data Encoding
Browser Extensions DLL Search Order Hijacking DLL Search Order Hijacking Hooking Permission Groups Discovery Remote Desktop Protocol LSASS Driver Data from Network Shared Drive Exfiltration Over Other Network Medium Data Obfuscation
Change Default File Association Exploitation of Vulnerability DLL Side-Loading Input Capture Process Discovery Remote File Copy Mshta Data from Removable Media Exfiltration Over Physical Medium Domain Fronting
Component Firmware Extra Window Memory Injection Deobfuscate/Decode Files or Information LLMNR/NBT-NS Poisoning Query Registry Remote Services PowerShell Email Collection Scheduled Transfer Fallback Channels
Component Object Model Hijacking File System Permissions Weakness Disabling Security Tools Network Sniffing Remote System Discovery Replication Through Removable Media Regsvcs/Regasm Input Capture Multi-Stage Channels
Create Account Hooking Exploitation of Vulnerability Password Filter DLL Security Software Discovery Shared Webroot Regsvr32 Man in the Browser Multi-hop Proxy
DLL Search Order Hijacking Image File Execution Options Injection Extra Window Memory Injection Private Keys System Information Discovery Taint Shared Content Rundll32 Screen Capture Multiband Communication
External Remote Services New Service File Deletion Replication Through Removable Media System Network Configuration Discovery Third-party Software Scheduled Task Video Capture Multilayer Encryption
File System Permissions Weakness Path Interception File System Logical Offsets Two-Factor Authentication Interception System Network Connections Discovery Windows Admin Shares Scripting Remote File Copy
Hidden Files and Directories Port Monitors Hidden Files and Directories System Owner/User Discovery Windows Remote Management Service Execution Standard Application Layer Protocol
Hooking Process Injection](Privilege_Escalation/Process_Injection.md) Image File Execution Options Injection System Service Discovery Third-party Software Standard Cryptographic Protocol
Hypervisor SID-History Injection Indicator Blocking System Time Discovery Trusted Developer Utilities Standard Non-Application Layer Protocol
Image File Execution Options Injection Scheduled Task Indicator Removal from Tools Windows Management Instrumentation Uncommonly Used Port
LSASS Driver Service Registry Permissions Weakness Indicator Removal on Host Windows Remote Management Web Service
Logon Scripts Valid Accounts Install Root Certificate Bitsadmin
Modify Existing Service Web Shell InstallUtil
Netsh Helper DLL Masquerading
New Service Modify Registry
Office Application Startup Mshta
Path Interception NTFS Extended Attributes
Port Monitors Network Share Connection Removal
Redundant Access Obfuscated Files or Information
Registry Run Keys / Start Folder Process Doppelgänging
Scheduled Task Process Hollowing
Screensaver Process Injection
Security Support Provider Redundant Access
Service Registry Permissions Weakness Regsvcs/Regasm
Shortcut Modification Regsvr32
System Firmware Rootkit
Valid Accounts Rundll32
Web Shell Scripting
Windows Management Instrumentation Event Subscription Software Packing
Winlogon Helper DLL Timestomp
Trusted Developer Utilities
Valid Accounts