infosecn1nja
/
atomic-red-team
mirror of https://github.com/infosecn1nja/atomic-red-team.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Broken links 

due to typos
mac-defense-evasion
Roman 2017-10-12 11:21:14 +02:00 committed by GitHub
parent 4d6d676be5
commit 09a3c0b2e5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Windows/Windows.md
View File

@ -14,12 +14,12 @@
| External Remote Services | Local Port Monitor | Deobfuscate/Decode Files or Information | Two-Factor Authentication Interception | [Remote System Discovery](Discovery/Remote%20System%20Discovery.md) | Shared Webroot | [Regsvr32](Execution/Regsvr32.md) | Screen Capture | | Multiband Communication |
| File System Permissions Weakness | New Service | Disabling Security Tools | | Security Software Discovery | Taint Shared Content | Rundll32 | Video Capture | | Multilayer Encryption |
| Hidden Files and Directories | Path Interception | Exploitation of Vulnerability | | [System Information Discovery](Discovery/System%20Information%20Discovery.md) | Third-party Software | [Scheduled Task](Persistence/Scheduled_Task.md) | | | Remote File Copy |
| Hypervisor | [Scheduled Task](Privilege%20Escalation/Scheduled%20Task.md) | [File Deletion](Defense%20Evasion/File_deletion.md) | | System Network Configuration Discovery | [Windows Admin Shares](Lateral%20Movement/Windows%20Admin%20Shares.md) | Scripting | | | Standard Application Layer Protocol |
| Hypervisor | [Scheduled Task](Persistence/Scheduled_Task.md) | [File Deletion](Defense%20Evasion/File_Deletion.md) | | System Network Configuration Discovery | [Windows Admin Shares](Lateral%20Movement/Windows%20Admin%20Shares.md) | Scripting | | | Standard Application Layer Protocol |
| Local Port Monitor | Service Registry Permissions Weakness | File System Logical Offsets | | System Network Connections Discovery | Windows Remote Management | Service Execution | | | Standard Cryptographic Protocol |
| Logon Scripts | Valid Accounts | Hidden Files and Directories | | [System Owner/User Discovery](Discovery/System%20Owner-User%20Discovery.md) | | Third-party Software | | | Standard Non-Application Layer Protocol |
| Modify Existing Service | Web Shell | Indicator Blocking | | System Service Discovery | | Trusted Developer Utilities | | | Uncommonly Used Port |
| [Netsh Helper DLL](Persistence/Netsh_Helper_DLL.md) | | Indicator Removal from Tools | | System Time Discovery | | [Windows Management Instrumentation](Execution/Windows%20Management%20Instrumentation.md) | | | Web Service |
| New Service | | [Indicator Removal on Host](Defense%20Evasion/Indicator%20Removal%20on%20Host.md) | | | | [Windows Remote Management](Lateral%20Movement/Windows%20Remote%20Management.md) | | | |
| [Netsh Helper DLL](Persistence/Netsh_Helper_DLL.md) | | Indicator Removal from Tools | | System Time Discovery | | [Windows Management Instrumentation](Execution/Windows_Management_Instrumentation.md) | | | Web Service |
| New Service | | [Indicator Removal on Host](Defense%20Evasion/Indicator_Removal_on_Host.md) | | | | [Windows Remote Management](Lateral%20Movement/Windows%20Remote%20Management.md) | | | |
| Office Application Startup | | Install Root Certificate | | | | [Bitsadmin](Execution/Bitsadmin.md) | | | |
| Path Interception | | [InstallUtil](Execution/RegsvcsRegasm.md) | | | | | | | |
| Redundant Access | | Masquerading | | | | | | | |