| Execution |
Command-line Interface |
|
Execution Through Module Load |
|
Execution Through API |
|
Powershell |
|
Scripting |
|
Service Execution |
|
Trap |
| Persistence |
.bash_profile & .bashrc |
|
Create Account |
|
Hidden Files & Directories |
|
Local Job Scheduling |
|
Powershell Profile |
|
Scheduled Task |
|
Setuid & Setgid |
| Defence Evasion |
BITS Job |
|
Clear Command History |
|
File Deletion |
|
File Permissions Modification |
|
Timestomping |
|
Signed Script Proxy Execution |
| Credential Access |
Brute Force |
|
Credential Dumping |
|
Private Keys |
| Discovery |
Account Discovery |
|
Remote System Discovery |
|
System Information Discovery |
|
System Network Configuration Discovery |
| Lateral Movement |
Exploitation Of Remote Services |
|
Pass The Hash |
|
Remote File Copy |
|
Remote Services |
| Collection |
Data From Local System |
| Command And Control |
Connection Proxy |
|
Uncommonly Used Port |
|
Multi-hop Proxy |
| Exfiltration |
Exfiltration Over Command And Control Channel |
|
|