ATT&CK DatabaseVersion: 2.00001
Released Date: Apr 05, 2024 12:32
Modified (25)
Name
ATT&CK Tactics & Techniques
Status
Update
ATT&CK Version
Access /etc/passwd (Local)
Mod
This ability uses hh.exe to execute a local compiled HTML Help payload.
V10
Activate Guest Account
Defense Evasion:
Valid Accounts: Default Accounts
Persistence:
Valid Accounts: Default Accounts
Privilege Escalation:
Valid Accounts: Default Accounts
Initial Access:
Valid Accounts: Default Accounts
Valid Accounts: Default Accounts
Persistence:
Valid Accounts: Default Accounts
Privilege Escalation:
Valid Accounts: Default Accounts
Initial Access:
Valid Accounts: Default Accounts
Mod
This ability activates the default Guest user.
V10
Admin Account Manipulate
Mod
This ability modifies admin account name.
V10
Automated Collection
Mod
This ability collects .doc files on the target machine.
V10
Base64 Decoding with Shell Utilities
Mod
This ability uses common shell utilities to decode a base64-encoded text string.
V10
Browser Bookmark Discovery
Mod
Download, install and start new process under PowerShell Core 6.
V10
Brute Force Credentials of Single Active Directory Domain User
Mod
This ability attempts to brute force Active Directory domain user on a domain controller.
V10
Bypass ExecutionPolicy
Mod
This ability sets the value of ExecutionPolicy to bypass.
V10
Bypass UAC
Mod
This ability tries to bypass user account controls.
V10
Changing RDP Port to Non Standard Port via Powershell
Mod
This ability changes RDP Port to Non Standard Port via Remote Desktop Application over Powershell.
V10
Check Chrome
Mod
This ability checks to see if Google Chrome browser is installed on the target machine.
V10
Check Go
Mod
This ability checks to see if GoLang is installed on the target machine.
V10
Check Internet Connectivity
Mod
This ability checks if there is an Internet connection on the target machine.
V10
Check Python
Mod
This ability checks to see if Python is installed on the target machine.
V10
Clear Bash history (rm)
Mod
This ability clears bash history via rm.
V10
Clear Powershell History by Deleting History File
Mod
This ability clears Powershell history.
V10
Clear Sysmon Logs
Mod
This ability clears Sysmon logs.
V10
Clear Windows Audit Policy Config
Mod
This ability clears the Windows audit policy using auditpol utility.
V10
Clear Windows Event Logs
Mod
This ability clears Windows Event Logs.
V10
Collect ARP details
Mod
This ability locates all active IP and FQDNs on the network.
V10
Compile After Delivery
Mod
This ability compiles a c file with either gcc or clang on Linux or MacOS.
V10
Compile After Delivery using csc.exe
Mod
This ability compiles C# code using csc.exe binary used by .NET.
V10
Compile javascript Code to .exe
Mod
This ability uses jsc.exe to compile javascript code stored in scriptfile.js and output scriptfile.exe.
V10
Compiled HTML Help Local Payload
Mod
This ability uses hh.exe to execute a local compiled HTML Help payload.
V10
Simulating Access to Windows Edge Login Data
Mod
Simulates an adversary accessing encrypted credentials from Edge web browser.
V10