Scribd Logo
Upload

Welcome to Scribd!

  • 101 views

    Mitre Att&Ck Enterprise Framework: Solving Problems For A Safer World

    Uploaded by

    Seguridad Informatica
    The document lists various techniques across different phases of cyber attacks including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration and impact. Specific techniques mentioned include drive-by compromise, AppleScript, modifying bash profiles, token manipulation, binary padding, accessing application windows and clipboard data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Mitre Att&Ck Enterprise Framework: Solving Problems For A Safer World

    Uploaded by

    Seguridad Informatica
    101 views1 page
    The document lists various techniques across different phases of cyber attacks including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration and impact. Specific techniques mentioned include drive-by compromise, AppleScript, modifying bash profiles, token manipulation, binary padding, accessing application windows and clipboard data.

    Original Description:

    Matriz de ataques de ciberseguridad

    Original Title

    attack_matrix_poster_2020

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document lists various techniques across different phases of cyber attacks including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration and impact. Specific techniques mentioned include drive-by compromise, AppleScript, modifying bash profiles, token manipulation, binary padding, accessing application windows and clipboard data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    101 views1 page

    Mitre Att&Ck Enterprise Framework: Solving Problems For A Safer World

    Uploaded by

    Seguridad Informatica
    The document lists various techniques across different phases of cyber attacks including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration and impact. Specific techniques mentioned include drive-by compromise, AppleScript, modifying bash profiles, token manipulation, binary padding, accessing application windows and clipboard data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 1

    Ini�al Access Execu�on Persistence Privilege Escala�on Defense Evasion Creden�al Access Discovery Lateral Movement Collec�on Command

    nse Evasion Creden�al Access Discovery Lateral Movement Collec�on Command and Control Exfiltra�on Impact
    Drive-by Compromise AppleScript .bash_profile and .bashrc Access Token Manipula�on Access Token Manipula�on Account Manipula�on Account Discovery AppleScript Audio Capture Commonly Used Port Automated Exfiltra�on Account Access Removal
    Exploit Public-Facing Applica�on CMSTP Accessibility Features Accessibility Features Binary Padding Bash History Applica�on Window Applica�on Automated Collec�on Communica�on Through Data Compressed Data Destruc�on
    Discovery Deployment So�ware Removable Media
    External Remote Services Command-Line Interface Account Manipula�on AppCert DLLs BITS Jobs Brute Force Clipboard Data Data Encrypted Data Encrypted for Impact
    Browser Bookmark Component Object Model Connec�on Proxy
    Hardware Addi�ons Compiled HTML File AppCert DLLs AppInit DLLs Bypass User Account Control Creden�al Dumping Data from Informa�on Data Transfer Size Limits Defacement
    Discovery and Distributed COM Custom Command
    Replica�on Through Component Object Model and Creden�als from Repositories Exfiltra�on Over
    AppInit DLLs Applica�on Shimming Clear Command History Disk Content Wipe
    Domain Trust Discovery Exploita�on of Remote and Control Protocol
    Removable Media Distributed COM Web Browsers Data from Local System Alterna�ve Protocol
    Applica�on Shimming Bypass User Account Control CMSTP Services Disk Structure Wipe
    File and Directory Discovery Custom Cryptographic
    Spearphishing A�achment Control Panel Items Creden�als in Files Data from Network Exfiltra�on Over Command
    Authen�ca�on Package DLL Search Order Hijacking Code Signing Internal Spearphishing Protocol Endpoint Denial of Service
    Network Service Scanning Shared Drive and Control Channel
    Spearphishing Link Dynamic Data Exchange Creden�als in Registry Logon Scripts
    BITS Jobs Dylib Hijacking Compile A�er Delivery Data Encoding Firmware Corrup�on
    Network Share Discovery Data from Exfiltra�on Over
    Spearphishing via Service Execu�on through API Exploita�on for Pass the Hash
    Bootkit Elevated Execu�on with Prompt Compiled HTML File Removable Media Data Obfusca�on Other Network Medium Inhibit System Recovery
    Creden�al Access Network Sniffing
    Supply Chain Compromise Execu�on through Pass the Ticket
    Browser Extensions Emond Component Firmware Data Staged Domain Fron�ng Exfiltra�on Over Network Denial of Service
    Module Load Forced Authen�ca�on Password Policy
    Trusted Rela�onship Remote Desktop Protocol Physical Medium
    Change Default File Associa�on Exploita�on for Privilege Component Object Discovery Email Collec�on Domain Genera�on Resource Hijacking
    Exploita�on for Hooking
    Valid Accounts Escala�on Model Hijacking Remote File Copy Algorithms Scheduled Transfer
    Client Execu�on Component Firmware Peripheral Device Input Capture Run�me Data Manipula�on
    Input Capture
    Extra Window Memory Connec�on Proxy Discovery Remote Services Fallback Channels
    Graphical User Interface Component Object Model Man in the Browser Service Stop
    Injec�on Input Prompt
    Hijacking Control Panel Items Permission Groups Replica�on Through Mul�-hop Proxy
    InstallU�l Screen Capture System Shutdown/Reboot
    File System Permissions Kerberoas�ng Discovery
    Create Account DCShadow Removable Media Mul�-Stage Channels
    Launchctl Weakness Video Capture Stored Data Manipula�on
    Keychain Process Discovery Shared Webroot
    DLL Search Order Hijacking Deobfuscate/Decode Files Mul�band Communica�on
    Local Job Scheduling Hooking Transmi�ed Data
    LLMNR/NBT-NS Query Registry SSH Hijacking
    Dylib Hijacking or Informa�on Mul�layer Encryp�on Manipula�on
    LSASS Driver Image File Execu�on Op�ons Poisoning and Relay Remote System Taint Shared Content
    Emond Injec�on Disabling Security Tools Port Knocking
    Mshta Network Sniffing Discovery
    External Remote Services Launch Daemon DLL Search Order Hijacking Third-party So�ware Remote Access Tools
    PowerShell Password Filter DLL Security So�ware
    File System Permissions New Service DLL Side-Loading Discovery Windows Admin Shares Remote File Copy
    Regsvcs/Regasm Private Keys
    Weakness Windows Remote Standard Applica�on
    Parent PID Spoofing So�ware Discovery
    Regsvr32 Execu�on Guardrails Securityd Memory
    Hidden Files and Directories Management Layer Protocol
    Path Intercep�on System Informa�on
    Rundll32 Exploita�on for Steal Web Session Cookie
    Hooking Discovery Standard Cryptographic Protocol
    Plist Modifica�on Defense Evasion
    Scheduled Task Two-Factor Authen�ca�on
    Hypervisor System Network Standard Non-Applica�on
    Port Monitors Extra Window Intercep�on
    Scrip�ng Configura�on Discovery Layer Protocol
    Image File Execu�on Op�ons Memory Injec�on
    PowerShell Profile
    Service Execu�on Injec�on System Network Uncommonly Used Port
    File and Directory
    Process Injec�on Connec�ons Discovery
    Signed Binary Proxy Execu�on Kernel Modules and Extensions Permissions Modifica�on Web Service
    Scheduled Task System Owner/User Discovery
    Signed Script Proxy Execu�on Launch Agent File Dele�on
    Service Registry Permissions System Service Discovery
    Source Launch Daemon File System Logical Offsets
    Weakness
    System Time Discovery
    Space a�er Filename Launchctl Gatekeeper Bypass
    Setuid and Setgid
    Virtualiza�on/Sandbox
    Third-party So�ware LC_LOAD_DYLIB Addi�on Group Policy Modifica�on
    SID-History Injec�on Evasion
    Trap Local Job Scheduling Hidden Files and Directories
    Startup Items
    Trusted Developer U�li�es Login Item Hidden Users
    Sudo
    User Execu�on Logon Scripts Hidden Window
    Sudo Caching
    Windows Management LSASS Driver HISTCONTROL
    Valid Accounts
    Instrumenta�on
    Modify Exis�ng Service Image File Execu�on Op�ons
    Web Shell
    Windows Remote Injec�on
    Netsh Helper DLL
    Management
    Indicator Blocking
    New Service
    XSL Script Processing
    Indicator Removal from Tools
    Office Applica�on Startup
    Indicator Removal on Host
    Path Intercep�on
    Indirect Command Execu�on
    Plist Modifica�on
    Install Root Cer�ficate
    Port Knocking
    InstallU�l
    Port Monitors
    Launchctl
    PowerShell Profile

    MITRE ATT&CK
    LC_MAIN Hijacking
    Rc.common
    Re-opened Masquerading ®
    Applica�ons Modify Registry
    Redundant Access Mshta

    Enterprise Framework
    Registry Run Keys / Network Share Connec�on
    Startup Folder Removal
    Scheduled Task NTFS File A�ributes
    Screensaver Obfuscated Files or Informa�on
    Security Support Provider Parent PID Spoofing
    Server So�ware Plist Modifica�on
    Component
    Port Knocking
    Service Registry
    Process Doppelgänging
    Permissions Weakness
    Process Hollowing
    Setuid and Setgid

    attack.mitre.org
    Process Injec�on
    Shortcut Modifica�on
    SIP and Trust Redundant Access
    Provider Hijacking Regsvcs/Regasm
    Startup Items Regsvr32
    System Firmware Rootkit
    Systemd Service Rundll32
    Time Providers Scrip�ng
    Trap Signed Binary Proxy Execu�on
    Valid Accounts Signed Script Proxy Execu�on
    Web Shell SIP and Trust Provider Hijacking
    Windows Management So�ware Packing
    Instrumenta�on Event
    Space a�er Filename
    Subscrip�on
    Winlogon Helper DLL Template Injec�on
    Timestomp
    Trusted Developer U�li�es
    Valid Accounts
    Virtualiza�on/Sandbox Evasion
    Web Service
    XSL Script Processing
    SOLVING PROBLEMS
    FOR A SAFER WORLD
    © 2020 MITRE Matrix current as of February 2020

    You might also like