Skip to content

Latest commit

 

History

History
73 lines (73 loc) · 28 KB

linux-matrix.md

File metadata and controls

73 lines (73 loc) · 28 KB
Raw

Linux Atomic Tests by ATT&CK Tactic & Technique

initial-access execution persistence privilege-escalation defense-evasion credential-access discovery lateral-movement collection exfiltration command-and-control impact
Cloud Accounts CONTRIBUTE A TEST At (Linux) .bash_profile and .bashrc .bash_profile and .bashrc Abuse Elevation Control Mechanism CONTRIBUTE A TEST /etc/passwd and /etc/shadow CONTRIBUTE A TEST Account Discovery CONTRIBUTE A TEST Application Access Token CONTRIBUTE A TEST Archive Collected Data CONTRIBUTE A TEST Automated Exfiltration CONTRIBUTE A TEST Application Layer Protocol CONTRIBUTE A TEST Account Access Removal CONTRIBUTE A TEST
Compromise Hardware Supply Chain CONTRIBUTE A TEST Command and Scripting Interpreter CONTRIBUTE A TEST Account Manipulation CONTRIBUTE A TEST Abuse Elevation Control Mechanism CONTRIBUTE A TEST Application Access Token CONTRIBUTE A TEST Bash History Browser Bookmark Discovery Exploitation of Remote Services CONTRIBUTE A TEST Archive via Custom Method CONTRIBUTE A TEST Data Transfer Size Limits Asymmetric Cryptography CONTRIBUTE A TEST Application Exhaustion Flood CONTRIBUTE A TEST
Compromise Software Dependencies and Development Tools CONTRIBUTE A TEST Cron Add Office 365 Global Administrator Role CONTRIBUTE A TEST At (Linux) Binary Padding Brute Force CONTRIBUTE A TEST Cloud Account CONTRIBUTE A TEST Internal Spearphishing CONTRIBUTE A TEST Archive via Library CONTRIBUTE A TEST Exfiltration Over Alternative Protocol Bidirectional Communication CONTRIBUTE A TEST Application or System Exploitation CONTRIBUTE A TEST
Compromise Software Supply Chain CONTRIBUTE A TEST Exploitation for Client Execution CONTRIBUTE A TEST Add-ins CONTRIBUTE A TEST Boot or Logon Autostart Execution CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Cloud Instance Metadata API CONTRIBUTE A TEST Cloud Groups CONTRIBUTE A TEST Lateral Tool Transfer CONTRIBUTE A TEST Archive via Utility Exfiltration Over Asymmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST Commonly Used Port CONTRIBUTE A TEST Data Destruction
Default Accounts CONTRIBUTE A TEST Graphical User Interface CONTRIBUTE A TEST Additional Azure Service Principal Credentials CONTRIBUTE A TEST Cloud Accounts CONTRIBUTE A TEST Clear Command History Credential Stuffing CONTRIBUTE A TEST Cloud Service Dashboard CONTRIBUTE A TEST Remote Service Session Hijacking CONTRIBUTE A TEST Audio Capture CONTRIBUTE A TEST Exfiltration Over Bluetooth CONTRIBUTE A TEST Communication Through Removable Media CONTRIBUTE A TEST Data Encrypted for Impact CONTRIBUTE A TEST
Domain Accounts CONTRIBUTE A TEST JavaScript/JScript CONTRIBUTE A TEST At (Linux) Create or Modify System Process CONTRIBUTE A TEST Clear Linux or Mac System Logs Credentials In Files Cloud Service Discovery CONTRIBUTE A TEST Remote Services CONTRIBUTE A TEST Automated Collection CONTRIBUTE A TEST Exfiltration Over C2 Channel CONTRIBUTE A TEST DNS CONTRIBUTE A TEST Data Manipulation CONTRIBUTE A TEST
Drive-by Compromise CONTRIBUTE A TEST Malicious File CONTRIBUTE A TEST Boot or Logon Autostart Execution CONTRIBUTE A TEST Cron Cloud Accounts CONTRIBUTE A TEST Credentials from Password Stores CONTRIBUTE A TEST Domain Account CONTRIBUTE A TEST SSH CONTRIBUTE A TEST Clipboard Data CONTRIBUTE A TEST Exfiltration Over Other Network Medium CONTRIBUTE A TEST DNS Calculation CONTRIBUTE A TEST Defacement CONTRIBUTE A TEST
Exploit Public-Facing Application CONTRIBUTE A TEST Malicious Link CONTRIBUTE A TEST Bootkit CONTRIBUTE A TEST Default Accounts CONTRIBUTE A TEST Compile After Delivery CONTRIBUTE A TEST Credentials from Web Browsers CONTRIBUTE A TEST Domain Groups CONTRIBUTE A TEST SSH Hijacking CONTRIBUTE A TEST Confluence CONTRIBUTE A TEST Exfiltration Over Physical Medium CONTRIBUTE A TEST Data Encoding CONTRIBUTE A TEST Direct Network Flood CONTRIBUTE A TEST
External Remote Services CONTRIBUTE A TEST Native API CONTRIBUTE A TEST Browser Extensions Domain Accounts CONTRIBUTE A TEST Create Cloud Instance CONTRIBUTE A TEST Exploitation for Credential Access CONTRIBUTE A TEST Email Account CONTRIBUTE A TEST Software Deployment Tools CONTRIBUTE A TEST Data Staged CONTRIBUTE A TEST Exfiltration Over Symmetric Encrypted Non-C2 Protocol CONTRIBUTE A TEST Data Obfuscation CONTRIBUTE A TEST Disk Content Wipe CONTRIBUTE A TEST
Hardware Additions CONTRIBUTE A TEST Python CONTRIBUTE A TEST Cloud Account CONTRIBUTE A TEST Event Triggered Execution CONTRIBUTE A TEST Create Snapshot CONTRIBUTE A TEST Input Capture CONTRIBUTE A TEST File and Directory Discovery Use Alternate Authentication Material CONTRIBUTE A TEST Data from Cloud Storage Object CONTRIBUTE A TEST Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Dead Drop Resolver CONTRIBUTE A TEST Disk Structure Wipe CONTRIBUTE A TEST
Local Accounts CONTRIBUTE A TEST Scheduled Task/Job CONTRIBUTE A TEST Cloud Accounts CONTRIBUTE A TEST Exploitation for Privilege Escalation CONTRIBUTE A TEST Default Accounts CONTRIBUTE A TEST Keylogging CONTRIBUTE A TEST Local Account VNC CONTRIBUTE A TEST Data from Information Repositories CONTRIBUTE A TEST Exfiltration Over Web Service CONTRIBUTE A TEST Domain Fronting CONTRIBUTE A TEST Disk Wipe CONTRIBUTE A TEST
Phishing CONTRIBUTE A TEST Scripting CONTRIBUTE A TEST Compromise Client Software Binary CONTRIBUTE A TEST Hijack Execution Flow CONTRIBUTE A TEST Delete Cloud Instance CONTRIBUTE A TEST Man-in-the-Middle CONTRIBUTE A TEST Local Groups Web Session Cookie CONTRIBUTE A TEST Data from Local System CONTRIBUTE A TEST Exfiltration over USB CONTRIBUTE A TEST Domain Generation Algorithms CONTRIBUTE A TEST Endpoint Denial of Service CONTRIBUTE A TEST
Spearphishing Attachment CONTRIBUTE A TEST Software Deployment Tools CONTRIBUTE A TEST Create Account CONTRIBUTE A TEST Kernel Modules and Extensions Deobfuscate/Decode Files or Information CONTRIBUTE A TEST Modify Authentication Process CONTRIBUTE A TEST Network Service Scanning Data from Network Shared Drive CONTRIBUTE A TEST Exfiltration to Cloud Storage CONTRIBUTE A TEST Dynamic Resolution CONTRIBUTE A TEST External Defacement CONTRIBUTE A TEST
Spearphishing Link CONTRIBUTE A TEST Source CONTRIBUTE A TEST Create or Modify System Process CONTRIBUTE A TEST LD_PRELOAD Disable or Modify Cloud Firewall CONTRIBUTE A TEST Network Sniffing Network Share Discovery Data from Removable Media CONTRIBUTE A TEST Exfiltration to Code Repository CONTRIBUTE A TEST Encrypted Channel CONTRIBUTE A TEST Firmware Corruption CONTRIBUTE A TEST
Spearphishing via Service CONTRIBUTE A TEST Unix Shell Cron Local Accounts CONTRIBUTE A TEST Disable or Modify System Firewall OS Credential Dumping CONTRIBUTE A TEST Network Sniffing Email Collection CONTRIBUTE A TEST Scheduled Transfer CONTRIBUTE A TEST External Proxy CONTRIBUTE A TEST Inhibit System Recovery CONTRIBUTE A TEST
Supply Chain Compromise CONTRIBUTE A TEST User Execution CONTRIBUTE A TEST Default Accounts CONTRIBUTE A TEST Proc Memory CONTRIBUTE A TEST Disable or Modify Tools Password Cracking CONTRIBUTE A TEST Password Policy Discovery Email Forwarding Rule CONTRIBUTE A TEST Transfer Data to Cloud Account CONTRIBUTE A TEST Fallback Channels CONTRIBUTE A TEST Internal Defacement CONTRIBUTE A TEST
Trusted Relationship CONTRIBUTE A TEST Visual Basic CONTRIBUTE A TEST Domain Account CONTRIBUTE A TEST Process Injection CONTRIBUTE A TEST Domain Accounts CONTRIBUTE A TEST Password Guessing CONTRIBUTE A TEST Permission Groups Discovery CONTRIBUTE A TEST Input Capture CONTRIBUTE A TEST Fast Flux DNS CONTRIBUTE A TEST Network Denial of Service CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Domain Accounts CONTRIBUTE A TEST Ptrace System Calls CONTRIBUTE A TEST Environmental Keying CONTRIBUTE A TEST Password Spraying CONTRIBUTE A TEST Process Discovery Keylogging CONTRIBUTE A TEST File Transfer Protocols CONTRIBUTE A TEST OS Exhaustion Flood CONTRIBUTE A TEST
Event Triggered Execution CONTRIBUTE A TEST Scheduled Task/Job CONTRIBUTE A TEST Execution Guardrails CONTRIBUTE A TEST Pluggable Authentication Modules CONTRIBUTE A TEST Remote System Discovery Local Data Staging Ingress Tool Transfer Reflection Amplification CONTRIBUTE A TEST
Exchange Email Delegate Permissions CONTRIBUTE A TEST Setuid and Setgid Exploitation for Defense Evasion CONTRIBUTE A TEST Private Keys Security Software Discovery Man-in-the-Middle CONTRIBUTE A TEST Internal Proxy Resource Hijacking
External Remote Services CONTRIBUTE A TEST Sudo and Sudo Caching File Deletion Proc Filesystem CONTRIBUTE A TEST Software Discovery CONTRIBUTE A TEST Remote Data Staging CONTRIBUTE A TEST Junk Data CONTRIBUTE A TEST Runtime Data Manipulation CONTRIBUTE A TEST
Hijack Execution Flow CONTRIBUTE A TEST Systemd Service File and Directory Permissions Modification CONTRIBUTE A TEST Securityd Memory CONTRIBUTE A TEST System Checks CONTRIBUTE A TEST Remote Email Collection CONTRIBUTE A TEST Mail Protocols CONTRIBUTE A TEST Service Exhaustion Flood CONTRIBUTE A TEST
Implant Container Image CONTRIBUTE A TEST Trap HISTCONTROL Steal Application Access Token CONTRIBUTE A TEST System Information Discovery Screen Capture Multi-Stage Channels CONTRIBUTE A TEST Stored Data Manipulation CONTRIBUTE A TEST
Kernel Modules and Extensions VDSO Hijacking CONTRIBUTE A TEST Hidden File System CONTRIBUTE A TEST Steal Web Session Cookie CONTRIBUTE A TEST System Network Configuration Discovery Sharepoint CONTRIBUTE A TEST Multi-hop Proxy CONTRIBUTE A TEST System Shutdown/Reboot
LD_PRELOAD Valid Accounts CONTRIBUTE A TEST Hidden Files and Directories Two-Factor Authentication Interception CONTRIBUTE A TEST System Network Connections Discovery Web Portal Capture CONTRIBUTE A TEST Multiband Communication CONTRIBUTE A TEST Transmitted Data Manipulation CONTRIBUTE A TEST
Local Account Hide Artifacts CONTRIBUTE A TEST Unsecured Credentials CONTRIBUTE A TEST System Owner/User Discovery Non-Application Layer Protocol CONTRIBUTE A TEST
Local Accounts CONTRIBUTE A TEST Hijack Execution Flow CONTRIBUTE A TEST Web Portal Capture CONTRIBUTE A TEST Time Based Evasion CONTRIBUTE A TEST Non-Standard Encoding CONTRIBUTE A TEST
Office Application Startup CONTRIBUTE A TEST Impair Defenses CONTRIBUTE A TEST User Activity Based Checks CONTRIBUTE A TEST Non-Standard Port
Office Template Macros CONTRIBUTE A TEST Indicator Blocking CONTRIBUTE A TEST Virtualization/Sandbox Evasion CONTRIBUTE A TEST One-Way Communication CONTRIBUTE A TEST
Office Test CONTRIBUTE A TEST Indicator Removal from Tools CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST
Outlook Forms CONTRIBUTE A TEST Indicator Removal on Host CONTRIBUTE A TEST Protocol Impersonation CONTRIBUTE A TEST
Outlook Home Page CONTRIBUTE A TEST Install Root Certificate Protocol Tunneling CONTRIBUTE A TEST
Outlook Rules CONTRIBUTE A TEST LD_PRELOAD Proxy CONTRIBUTE A TEST
Port Knocking CONTRIBUTE A TEST Linux and Mac File and Directory Permissions Modification Remote Access Software CONTRIBUTE A TEST
Pre-OS Boot CONTRIBUTE A TEST Local Accounts CONTRIBUTE A TEST Standard Encoding
Redundant Access CONTRIBUTE A TEST Masquerade Task or Service CONTRIBUTE A TEST Steganography CONTRIBUTE A TEST
SQL Stored Procedures CONTRIBUTE A TEST Masquerading CONTRIBUTE A TEST Symmetric Cryptography CONTRIBUTE A TEST
SSH Authorized Keys Match Legitimate Name or Location CONTRIBUTE A TEST Traffic Signaling CONTRIBUTE A TEST
Scheduled Task/Job CONTRIBUTE A TEST Modify Authentication Process CONTRIBUTE A TEST Web Protocols
Server Software Component CONTRIBUTE A TEST Modify Cloud Compute Infrastructure CONTRIBUTE A TEST Web Service CONTRIBUTE A TEST
Systemd Service Obfuscated Files or Information
Traffic Signaling CONTRIBUTE A TEST Pluggable Authentication Modules CONTRIBUTE A TEST
Transport Agent CONTRIBUTE A TEST Port Knocking CONTRIBUTE A TEST
Trap Pre-OS Boot CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST Proc Memory CONTRIBUTE A TEST
Web Shell CONTRIBUTE A TEST Process Injection CONTRIBUTE A TEST
Ptrace System Calls CONTRIBUTE A TEST
Redundant Access CONTRIBUTE A TEST
Rename System Utilities
Revert Cloud Instance CONTRIBUTE A TEST
Right-to-Left Override CONTRIBUTE A TEST
Rootkit
Run Virtual Instance CONTRIBUTE A TEST
Scripting CONTRIBUTE A TEST
Setuid and Setgid
Space after Filename CONTRIBUTE A TEST
Steganography CONTRIBUTE A TEST
Subvert Trust Controls CONTRIBUTE A TEST
Sudo and Sudo Caching
System Checks CONTRIBUTE A TEST
Time Based Evasion CONTRIBUTE A TEST
Timestomp
Traffic Signaling CONTRIBUTE A TEST
Unused/Unsupported Cloud Regions CONTRIBUTE A TEST
Use Alternate Authentication Material CONTRIBUTE A TEST
User Activity Based Checks CONTRIBUTE A TEST
VDSO Hijacking CONTRIBUTE A TEST
Valid Accounts CONTRIBUTE A TEST
Virtualization/Sandbox Evasion CONTRIBUTE A TEST
Web Session Cookie CONTRIBUTE A TEST