atomic-red-team/Linux/README.md

7.2 KiB

MITRE ATT&CK Matrix - Linux

Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command and Control
.bash_profile and .bashrc Exploitation of Vulnerability Binary Padding Bash History Account Discovery Application Deployment Software Command-Line Interface Audio Capture Automated Exfiltration Commonly Used Port
Bootkit Setuid and Setgid Clear Command History Brute Force File and Directory Discovery Exploitation of Vulnerability Graphical User Interface Automated Collection Data Compressed Communication Through Removable Media
Cron Job Sudo Disabling Security Tools Create Account Permission Groups Discovery Remote File Copy Scripting Clipboard Data Data Encrypted Connection Proxy
Hidden Files and Directories Valid Accounts Exploitation of Vulnerability Credentials in Files Process Discovery Remote Services Source Data Staged Data Transfer Size Limits Custom Command and Control Protocol
Rc.common Web Shell File Deletion Exploitation of Vulnerability System Information Discovery Third-party Software Space after Filename Data from Local System Exfiltration Over Alternative Protocol Custom Cryptographic Protocol
Redundant Access HISTCONTROL Input Capture System Network Configuration Discovery Third-party Software Data from Network Shared Drive Exfiltration Over Command and Control Channel Data Encoding
Trap Hidden Files and Directories Network Sniffing System Network Connections Discovery Trap Data from Removable Media Exfiltration Over Other Network Medium Data Obfuscation
Valid Accounts Indicator Removal from Tools Private Keys System Owner/User Discovery Input Capture Exfiltration Over Physical Medium Fallback Channels
Web Shell Indicator Removal on Host Two-Factor Authentication Interception Screen Capture Scheduled Transfer Multi-Stage Channels
Install Root Certificate Multiband Communication
Masquerading Multilayer Encryption
Redundant Access Remote File Copy
Scripting Standard Application Layer Protocol
Space after Filename Standard Cryptographic Protocol
Timestomp Standard Non-Application Layer Protocol
Valid Accounts Uncommonly Used Port
Web Service