commit
da4c415d15
|
@ -14,12 +14,12 @@
|
|||
| External Remote Services | Local Port Monitor | Deobfuscate/Decode Files or Information | Two-Factor Authentication Interception | [Remote System Discovery](Discovery/Remote%20System%20Discovery.md) | Shared Webroot | [Regsvr32](Execution/Regsvr32.md) | Screen Capture | | Multiband Communication |
|
||||
| File System Permissions Weakness | New Service | Disabling Security Tools | | Security Software Discovery | Taint Shared Content | Rundll32 | Video Capture | | Multilayer Encryption |
|
||||
| Hidden Files and Directories | Path Interception | Exploitation of Vulnerability | | [System Information Discovery](Discovery/System%20Information%20Discovery.md) | Third-party Software | [Scheduled Task](Persistence/Scheduled_Task.md) | | | Remote File Copy |
|
||||
| Hypervisor | [Scheduled Task](Privilege%20Escalation/Scheduled%20Task.md) | [File Deletion](Defense%20Evasion/File_deletion.md) | | System Network Configuration Discovery | [Windows Admin Shares](Lateral%20Movement/Windows%20Admin%20Shares.md) | Scripting | | | Standard Application Layer Protocol |
|
||||
| Hypervisor | [Scheduled Task](Persistence/Scheduled_Task.md) | [File Deletion](Defense%20Evasion/File_Deletion.md) | | System Network Configuration Discovery | [Windows Admin Shares](Lateral%20Movement/Windows%20Admin%20Shares.md) | Scripting | | | Standard Application Layer Protocol |
|
||||
| Local Port Monitor | Service Registry Permissions Weakness | File System Logical Offsets | | System Network Connections Discovery | Windows Remote Management | Service Execution | | | Standard Cryptographic Protocol |
|
||||
| Logon Scripts | Valid Accounts | Hidden Files and Directories | | [System Owner/User Discovery](Discovery/System%20Owner-User%20Discovery.md) | | Third-party Software | | | Standard Non-Application Layer Protocol |
|
||||
| Modify Existing Service | Web Shell | Indicator Blocking | | System Service Discovery | | Trusted Developer Utilities | | | Uncommonly Used Port |
|
||||
| [Netsh Helper DLL](Persistence/Netsh_Helper_DLL.md) | | Indicator Removal from Tools | | System Time Discovery | | [Windows Management Instrumentation](Execution/Windows%20Management%20Instrumentation.md) | | | Web Service |
|
||||
| New Service | | [Indicator Removal on Host](Defense%20Evasion/Indicator%20Removal%20on%20Host.md) | | | | [Windows Remote Management](Lateral%20Movement/Windows%20Remote%20Management.md) | | | |
|
||||
| [Netsh Helper DLL](Persistence/Netsh_Helper_DLL.md) | | Indicator Removal from Tools | | System Time Discovery | | [Windows Management Instrumentation](Execution/Windows_Management_Instrumentation.md) | | | Web Service |
|
||||
| New Service | | [Indicator Removal on Host](Defense%20Evasion/Indicator_Removal_on_Host.md) | | | | [Windows Remote Management](Lateral%20Movement/Windows%20Remote%20Management.md) | | | |
|
||||
| Office Application Startup | | Install Root Certificate | | | | [Bitsadmin](Execution/Bitsadmin.md) | | | |
|
||||
| Path Interception | | [InstallUtil](Execution/RegsvcsRegasm.md) | | | | | | | |
|
||||
| Redundant Access | | Masquerading | | | | | | | |
|
||||
|
|
Loading…
Reference in New Issue