| TACTIC | TECHNIQUES | |--- |--- | | [Execution](https://attack.mitre.org/tactics/TA0002/) | [Command-line Interface](https://attack.mitre.org/techniques/T1059/) | | | [Execution Through Module Load](https://attack.mitre.org/techniques/T1129/) | | | [Execution Through API](https://attack.mitre.org/techniques/T1106/) | | | [Powershell](https://attack.mitre.org/techniques/T1086/) | | | [Scripting](https://attack.mitre.org/techniques/T1064/) | | | [Service Execution](https://attack.mitre.org/techniques/T1035/) | | | [Trap](https://attack.mitre.org/techniques/T1154/) | | [Persistence](https://attack.mitre.org/tactics/TA0003/) | [`.bash_profile` & `.bashrc`](https://attack.mitre.org/techniques/T1156/) | | | [Create Account](https://attack.mitre.org/techniques/T1136/) | | | [Hidden Files & Directories](https://attack.mitre.org/techniques/T1158/) | | | [Local Job Scheduling](https://attack.mitre.org/techniques/T1168/) | | | [Powershell Profile](https://attack.mitre.org/techniques/T1504/) | | | [Scheduled Task](https://attack.mitre.org/techniques/T1053/) | | | [Setuid & Setgid](https://attack.mitre.org/techniques/T1166/) | | [Defence Evasion](https://attack.mitre.org/tactics/TA0005/) | [BITS Job](https://attack.mitre.org/techniques/T1197/) | | | [Clear Command History](https://attack.mitre.org/techniques/T1146/) | | | [File Deletion](https://attack.mitre.org/techniques/T1107/) | | | [File Permissions Modification](https://attack.mitre.org/techniques/T1222/) | | | [Timestomping](https://attack.mitre.org/techniques/T1099/) | | | [Signed Script Proxy Execution](https://attack.mitre.org/techniques/T1216/) | | [Credential Access](https://attack.mitre.org/tactics/TA0006/) | [Brute Force](https://attack.mitre.org/techniques/T1110/) | | | [Credential Dumping](https://attack.mitre.org/techniques/T1003/) | | | [Private Keys](https://attack.mitre.org/techniques/T1145/) | | [Discovery](https://attack.mitre.org/tactics/TA0007/) | [Account Discovery](https://attack.mitre.org/techniques/T1087/) | | | [Remote System Discovery](https://attack.mitre.org/techniques/T1018/) | | | [System Information Discovery](https://attack.mitre.org/techniques/T1082/) | | | [System Network Configuration Discovery](https://attack.mitre.org/techniques/T1016/) | | [Lateral Movement](https://attack.mitre.org/tactics/TA0008/) | [Exploitation Of Remote Services](https://attack.mitre.org/techniques/T1210/) | | | [Pass The Hash](https://attack.mitre.org/techniques/T1075/) | | | [Remote File Copy](https://attack.mitre.org/techniques/T1105/) | | | [Remote Services](https://attack.mitre.org/techniques/T1021/) | | [Collection](https://attack.mitre.org/tactics/TA0009/) | [Data From Local System](https://attack.mitre.org/techniques/T1005) | | [Command And Control](https://attack.mitre.org/tactics/TA0011/) | [Connection Proxy](https://attack.mitre.org/techniques/T1090/) | | | [Uncommonly Used Port](https://attack.mitre.org/techniques/T1065/) | | | [Multi-hop Proxy](https://attack.mitre.org/techniques/T1188/) | | [Exfiltration](https://attack.mitre.org/tactics/TA0010/) | [Exfiltration Over Command And Control Channel](https://attack.mitre.org/techniques/T1041/)| | | |