Skip to content

Latest commit

 

History

History
25 lines (24 loc) · 5.2 KB

README.md

File metadata and controls

25 lines (24 loc) · 5.2 KB

MITRE ATT&CK Matrix - Linux

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Exfiltration Command and Control
Drive-by Compromise Command-Line Interface .bash_profile and .bashrc Exploitation for Privilege Escalation Binary Padding Bash History Account Discovery Application Deployment Software Audio Capture Automated Exfiltration Commonly Used Port
Exploit Public-Facing Application Exploitation for Client Execution Bootkit Process Injection Clear Command History Brute Force Browser Bookmark Discovery Exploitation of Remote Services Automated Collection Data Compressed Communication Through Removable Media
Hardware Additions Graphical User Interface Browser Extensions Setuid and Setgid Disabling Security Tools Credentials in Files File and Directory Discovery Remote File Copy Clipboard Data Data Encrypted Connection Proxy
Spearphishing Attachment Local Job Scheduling/Cron_Job Create Account Sudo Exploitation for Defense Evasion Exploitation for Credential Access Network Service Scanning Remote Services Data Staged Data Transfer Size Limits Custom Command and Control Protocoll
Spearphishing Link Scripting Hidden Files and Directories Sudo Caching File Deletion Input Capture Password Policy Discovery SSH Hijacking Data from Information Repositories Exfiltration Over Alternative Protocol Custom Cryptographic Protocol
Spearphishing via Service Source Kernel Modules and Extensions Valid Accounts HISTCONTROL Network Sniffing Permission Groups Discovery Third-party Software Data from Local System Exfiltration Over Command and Control Channel Data Encoding
Supply Chain Compromise Space after Filename Local Job Scheduling Web Shell Hidden Files and Directories Private Keys Process Discovery Data from Network Shared Drive Exfiltration Over Other Network Medium Data Obfuscation
Trusted Relationship Third-party Software Port Knocking Indicator Removal from Tools Two-Factor Authentication Interception Remote System Discovery Data from Removable Media Exfiltration Over Physical Medium Domain Fronting
Valid Accounts Trap Redundant Access Indicator Removal on Host System Information Discovery Input Capture Scheduled Transfer Fallback Channels
User Execution Trap Install Root Certificate System Network Configuration Discovery Screen Capture Multi-Stage Channels
Valid Accounts Masquerading System Network Connection Discovery Multi-hop Proxy
Web Shell Obfuscated Files or Information System Owner/User Discovery Multiband Communication
Port Knocking Multilayer Encryption
Process Injection Port Knocking
Redundant Access Remote Access Tools
Rootkit Remote File Copy
Scripting Standard Application Layer Protocol
Space after Filename Standard Cryptographic Protocol
Timestomp Standard Non-Application Layer Protocol
Valid Account Uncommonly Used Port
Web Service Web Service