Skip to content

Latest commit

 

History

History
27 lines (27 loc) · 8.62 KB

linux-matrix.md

File metadata and controls

27 lines (27 loc) · 8.62 KB
Raw

Linux Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control
Drive-by Compromise CONTRIBUTE A TEST Command-Line Interface .bash_profile and .bashrc Exploitation for Privilege Escalation CONTRIBUTE A TEST Binary Padding Bash History Account Discovery Application Deployment Software CONTRIBUTE A TEST Audio Capture Automated Exfiltration CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Process Injection Clear Command History Brute Force Browser Bookmark Discovery Exploitation of Remote Services CONTRIBUTE A TEST Automated Collection Data Compressed Communication Through Removable Media CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Browser Extensions Setuid and Setgid Compile After Delivery CONTRIBUTE A TEST Credential Dumping File and Directory Discovery Remote File Copy Clipboard Data Data Encrypted Connection Proxy
Spearphishing Attachment Local Job Scheduling Create Account Sudo Disabling Security Tools Credentials in Files Network Service Scanning Remote Services CONTRIBUTE A TEST Data Staged Data Transfer Size Limits Custom Command and Control Protocol CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Scripting Hidden Files and Directories Sudo Caching Execution Guardrails CONTRIBUTE A TEST Exploitation for Credential Access CONTRIBUTE A TEST Network Sniffing SSH Hijacking CONTRIBUTE A TEST Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Custom Cryptographic Protocol CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Source Kernel Modules and Extensions CONTRIBUTE A TEST Valid Accounts CONTRIBUTE A TEST Exploitation for Defense Evasion CONTRIBUTE A TEST Input Capture Password Policy Discovery Third-party Software CONTRIBUTE A TEST Data from Local System Exfiltration Over Command and Control Channel CONTRIBUTE A TEST Data Encoding
Supply Chain Compromise CONTRIBUTE A TEST Space after Filename Local Job Scheduling Web Shell File Deletion Network Sniffing Permission Groups Discovery Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration Over Other Network Medium CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Third-party Software CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST File Permissions Modification Private Keys Process Discovery Data from Removable Media CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Trap Redundant Access CONTRIBUTE A TEST HISTCONTROL Two-Factor Authentication Interception CONTRIBUTE A TEST Remote System Discovery Input Capture Scheduled Transfer CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST
User Execution CONTRIBUTE A TEST Setuid and Setgid Hidden Files and Directories System Information Discovery Screen Capture Fallback Channels CONTRIBUTE A TEST
Systemd Service Indicator Removal from Tools CONTRIBUTE A TEST System Network Configuration Discovery Multi-Stage Channels CONTRIBUTE A TEST
Trap Indicator Removal on Host System Network Connections Discovery Multi-hop Proxy CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Install Root Certificate System Owner/User Discovery Multiband Communication CONTRIBUTE A TEST
Web Shell Masquerading Multilayer Encryption CONTRIBUTE A TEST
Obfuscated Files or Information Port Knocking CONTRIBUTE A TEST
Port Knocking CONTRIBUTE A TEST Remote Access Tools CONTRIBUTE A TEST
Process Injection Remote File Copy
Redundant Access CONTRIBUTE A TEST Standard Application Layer Protocol
Rootkit Standard Cryptographic Protocol CONTRIBUTE A TEST
Scripting Standard Non-Application Layer Protocol CONTRIBUTE A TEST
Space after Filename Uncommonly Used Port
Timestomp Web Service CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST
Web Service CONTRIBUTE A TEST