Only for premium:
Start your 14-day free trial
| Download example PDF report
You have 3 of 3 checks left today.
Show your SEO score to your visitors using the Seobility widget. The widget always displays the current SEO score of your homepage.
| Name | Value |
|---|---|
| google-site-verification | 2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ |
| viewport | width=device-width, initial-scale=1,shrink-to-fit=no |
| lang | en |
| X-UA-Compatible | IE=edge |
| charset | utf-8 |
| URL | Alt attribute | Title |
|---|---|---|
| /theme/images/mitre_attack_logo.png | No alt attribute provided | |
| /theme/images/external-site.svg | External site | |
| /theme/images/ATT&CK_red.png | No alt attribute provided | |
| /theme/images/external-site-dark.jpeg | External site | |
| /theme/images/mitrelogowhiteontrans.gif | No alt attribute provided |
| Heading level | Content |
|---|---|
| H2 | ATT&CK Matrix for Enterprise |
| Link | Attributes | Anchor text |
|---|---|---|
| https://attack.mitre.org/ | No Text | |
| /matrices/ | Matrices | |
| /matrices/enterprise/ | Enterprise | |
| /matrices/mobile/ | Mobile | |
| /matrices/ics/ | ICS | |
| https://attack.mitre.org/tactics/ | Tactics | |
| /tactics/enterprise/ | Text duplicate | Enterprise |
| /tactics/mobile/ | Text duplicate | Mobile |
| /tactics/ics/ | Text duplicate | ICS |
| /techniques/ | Techniques | |
| /techniques/enterprise/ | Text duplicate | Enterprise |
| /techniques/mobile/ | Text duplicate | Mobile |
| /techniques/ics/ | Text duplicate | ICS |
| /datasources | Defenses | |
| /datasources | Data Sources | |
| /mitigations/ | Mitigations | |
| /mitigations/enterprise/ | Text duplicate | Enterprise |
| /mitigations/mobile/ | Text duplicate | Mobile |
| /mitigations/ics/ | Text duplicate | ICS |
| https://attack.mitre.org/assets | Assets | |
| https://attack.mitre.org/groups | CTI | |
| https://attack.mitre.org/groups | Groups | |
| https://attack.mitre.org/software | Software | |
| /campaigns | Campaigns | |
| /resources/ | Resources | |
| /resources/ | Get Started | |
| /resources/learn-more-about-at... | Learn More about ATT&CK | |
| /resources/attackcon/ | ATT&CKcon | |
| /resources/attack-data-and-tools/ | ATT&CK Data & Tools | |
| /resources/faq/ | FAQ | |
| /resources/engage-with-attack/... | Engage with ATT&CK | |
| /resources/versions/ | Version History | |
| /resources/updates/ | Updates | |
| /resources/legal-and-branding/ | Legal & Branding | |
| /resources/engage-with-attack/... | Benefactors | |
| https://medium.com/mitre-attack/ | New window External | Blog IMG-ALT External site |
| https://na.eventscloud.com/att... | External Subdomain | ATT&CKcon 6.0 |
| https://www.openconf.org/ATTAC... | External Subdomain | our CFP |
| /resources/ | Text duplicate | Get Started |
| /resources/engage-with-attack/... | Contribute | |
| https://medium.com/mitre-attack | New window External Text duplicate | Blog IMG-ALT External site |
| /resources/faq | Text duplicate | FAQ |
| /tactics/TA0043 | Reconnaissance A-TITLE TA0043 | |
| /tactics/TA0042 | Resource Development A-TITLE TA0042 | |
| /tactics/TA0001 | Initial Access A-TITLE TA0001 | |
| /tactics/TA0002 | Execution A-TITLE TA0002 | |
| /tactics/TA0003 | Persistence A-TITLE TA0003 | |
| /tactics/TA0004 | Privilege Escalation A-TITLE TA0004 | |
| /tactics/TA0005 | Defense Evasion A-TITLE TA0005 | |
| /tactics/TA0006 | Credential Access A-TITLE TA0006 | |
| /tactics/TA0007 | Discovery A-TITLE TA0007 | |
| /tactics/TA0008 | Lateral Movement A-TITLE TA0008 | |
| /tactics/TA0009 | Collection A-TITLE TA0009 | |
| /tactics/TA0011 | Command and Control A-TITLE TA0011 | |
| /tactics/TA0010 | Exfiltration A-TITLE TA0010 | |
| /tactics/TA0040 | Impact A-TITLE TA0040 | |
| /techniques/T1595 | Active Scanning (3) A-TITLE T1595 | |
| /techniques/T1595/001 | Scanning IP Blocks A-TITLE T1595.001 | |
| /techniques/T1595/002 | Vulnerability Scanning A-TITLE T1595.002 | |
| /techniques/T1595/003 | Wordlist Scanning A-TITLE T1595.003 | |
| /techniques/T1592 | Gather Victim Host Information (4) A-TITLE T1592 | |
| /techniques/T1592/001 | Hardware A-TITLE T1592.001 | |
| /techniques/T1592/002 | Text duplicate | Software A-TITLE T1592.002 |
| /techniques/T1592/003 | Firmware A-TITLE T1592.003 | |
| /techniques/T1592/004 | Client Configurations A-TITLE T1592.004 | |
| /techniques/T1589 | Gather Victim Identity Information (3) A-TITLE T1589 | |
| /techniques/T1589/001 | Credentials A-TITLE T1589.001 | |
| /techniques/T1589/002 | Email Addresses A-TITLE T1589.002 | |
| /techniques/T1589/003 | Employee Names A-TITLE T1589.003 | |
| /techniques/T1590 | Gather Victim Network Information (6) A-TITLE T1590 | |
| /techniques/T1590/001 | Domain Properties A-TITLE T1590.001 | |
| /techniques/T1590/002 | DNS A-TITLE T1590.002 | |
| /techniques/T1590/003 | Network Trust Dependencies A-TITLE T1590.003 | |
| /techniques/T1590/004 | Network Topology A-TITLE T1590.004 | |
| /techniques/T1590/005 | IP Addresses A-TITLE T1590.005 | |
| /techniques/T1590/006 | Network Security Appliances A-TITLE T1590.006 | |
| /techniques/T1591 | Gather Victim Org Information (4) A-TITLE T1591 | |
| /techniques/T1591/001 | Determine Physical Locations A-TITLE T1591.001 | |
| /techniques/T1591/002 | Business Relationships A-TITLE T1591.002 | |
| /techniques/T1591/003 | Identify Business Tempo A-TITLE T1591.003 | |
| /techniques/T1591/004 | Identify Roles A-TITLE T1591.004 | |
| /techniques/T1598 | Phishing for Information (4) A-TITLE T1598 | |
| /techniques/T1598/001 | Spearphishing Service A-TITLE T1598.001 | |
| /techniques/T1598/002 | Spearphishing Attachment A-TITLE T1598.002 | |
| /techniques/T1598/003 | Spearphishing Link A-TITLE T1598.003 | |
| /techniques/T1598/004 | Spearphishing Voice A-TITLE T1598.004 | |
| /techniques/T1597 | Search Closed Sources (2) A-TITLE T1597 | |
| /techniques/T1597/001 | Threat Intel Vendors A-TITLE T1597.001 | |
| /techniques/T1597/002 | Purchase Technical Data A-TITLE T1597.002 | |
| /techniques/T1596 | Search Open Technical Databases (5) A-TITLE T1596 | |
| /techniques/T1596/001 | DNS/Passive DNS A-TITLE T1596.001 | |
| /techniques/T1596/002 | WHOIS A-TITLE T1596.002 | |
| /techniques/T1596/003 | Digital Certificates A-TITLE T1596.003 | |
| /techniques/T1596/004 | CDNs A-TITLE T1596.004 | |
| /techniques/T1596/005 | Scan Databases A-TITLE T1596.005 | |
| /techniques/T1593 | Search Open Websites/Domains (3) A-TITLE T1593 | |
| /techniques/T1593/001 | Social Media A-TITLE T1593.001 | |
| /techniques/T1593/002 | Search Engines A-TITLE T1593.002 | |
| /techniques/T1593/003 | Code Repositories A-TITLE T1593.003 | |
| /techniques/T1594 | Search Victim-Owned Websites A-TITLE T1594 | |
| /techniques/T1650 | Acquire Access A-TITLE T1650 | |
| /techniques/T1583 | Acquire Infrastructure (8) A-TITLE T1583 | |
| /techniques/T1583/001 | Domains A-TITLE T1583.001 | |
| /techniques/T1583/002 | DNS Server A-TITLE T1583.002 | |
| /techniques/T1583/003 | Virtual Private Server A-TITLE T1583.003 | |
| /techniques/T1583/004 | Server A-TITLE T1583.004 | |
| /techniques/T1583/005 | Botnet A-TITLE T1583.005 | |
| /techniques/T1583/006 | Web Services A-TITLE T1583.006 | |
| /techniques/T1583/007 | Serverless A-TITLE T1583.007 | |
| /techniques/T1583/008 | Malvertising A-TITLE T1583.008 | |
| /techniques/T1586 | Compromise Accounts (3) A-TITLE T1586 | |
| /techniques/T1586/001 | Social Media Accounts A-TITLE T1586.001 | |
| /techniques/T1586/002 | Email Accounts A-TITLE T1586.002 | |
| /techniques/T1586/003 | Cloud Accounts A-TITLE T1586.003 | |
| /techniques/T1584 | Compromise Infrastructure (8) A-TITLE T1584 | |
| /techniques/T1584/001 | Text duplicate | Domains A-TITLE T1584.001 |
| /techniques/T1584/002 | Text duplicate | DNS Server A-TITLE T1584.002 |
| /techniques/T1584/003 | Text duplicate | Virtual Private Server A-TITLE T1584.003 |
| /techniques/T1584/004 | Text duplicate | Server A-TITLE T1584.004 |
| /techniques/T1584/005 | Text duplicate | Botnet A-TITLE T1584.005 |
| /techniques/T1584/006 | Text duplicate | Web Services A-TITLE T1584.006 |
| /techniques/T1584/007 | Text duplicate | Serverless A-TITLE T1584.007 |
| /techniques/T1584/008 | Network Devices A-TITLE T1584.008 | |
| /techniques/T1587 | Develop Capabilities (4) A-TITLE T1587 | |
| /techniques/T1587/001 | Malware A-TITLE T1587.001 | |
| /techniques/T1587/002 | Code Signing Certificates A-TITLE T1587.002 | |
| /techniques/T1587/003 | Text duplicate | Digital Certificates A-TITLE T1587.003 |
| /techniques/T1587/004 | Exploits A-TITLE T1587.004 | |
| /techniques/T1585 | Establish Accounts (3) A-TITLE T1585 | |
| /techniques/T1585/001 | Text duplicate | Social Media Accounts A-TITLE T1585.001 |
| /techniques/T1585/002 | Text duplicate | Email Accounts A-TITLE T1585.002 |
| /techniques/T1585/003 | Text duplicate | Cloud Accounts A-TITLE T1585.003 |
| /techniques/T1588 | Obtain Capabilities (7) A-TITLE T1588 | |
| /techniques/T1588/001 | Text duplicate | Malware A-TITLE T1588.001 |
| /techniques/T1588/002 | Tool A-TITLE T1588.002 | |
| /techniques/T1588/003 | Text duplicate | Code Signing Certificates A-TITLE T1588.003 |
| /techniques/T1588/004 | Text duplicate | Digital Certificates A-TITLE T1588.004 |
| /techniques/T1588/005 | Text duplicate | Exploits A-TITLE T1588.005 |
| /techniques/T1588/006 | Vulnerabilities A-TITLE T1588.006 | |
| /techniques/T1588/007 | Artificial Intelligence A-TITLE T1588.007 | |
| /techniques/T1608 | Stage Capabilities (6) A-TITLE T1608 | |
| /techniques/T1608/001 | Upload Malware A-TITLE T1608.001 | |
| /techniques/T1608/002 | Upload Tool A-TITLE T1608.002 | |
| /techniques/T1608/003 | Install Digital Certificate A-TITLE T1608.003 | |
| /techniques/T1608/004 | Drive-by Target A-TITLE T1608.004 | |
| /techniques/T1608/005 | Link Target A-TITLE T1608.005 | |
| /techniques/T1608/006 | SEO Poisoning A-TITLE T1608.006 | |
| /techniques/T1659 | Content Injection A-TITLE T1659 | |
| /techniques/T1189 | Drive-by Compromise A-TITLE T1189 | |
| /techniques/T1190 | Exploit Public-Facing Application A-TITLE T1190 | |
| /techniques/T1133 | External Remote Services A-TITLE T1133 | |
| /techniques/T1200 | Hardware Additions A-TITLE T1200 | |
| /techniques/T1566 | Phishing (4) A-TITLE T1566 | |
| /techniques/T1566/001 | Text duplicate | Spearphishing Attachment A-TITLE T1566.001 |
| /techniques/T1566/002 | Text duplicate | Spearphishing Link A-TITLE T1566.002 |
| /techniques/T1566/003 | Spearphishing via Service A-TITLE T1566.003 | |
| /techniques/T1566/004 | Text duplicate | Spearphishing Voice A-TITLE T1566.004 |
| /techniques/T1091 | Replication Through Removable Media A-TITLE T1091 | |
| /techniques/T1195 | Supply Chain Compromise (3) A-TITLE T1195 | |
| /techniques/T1195/001 | Compromise Software Dependencies and Development Tools A-TITLE T1195.001 | |
| /techniques/T1195/002 | Compromise Software Supply Chain A-TITLE T1195.002 | |
| /techniques/T1195/003 | Compromise Hardware Supply Chain A-TITLE T1195.003 | |
| /techniques/T1199 | Trusted Relationship A-TITLE T1199 | |
| /techniques/T1078 | Valid Accounts (4) A-TITLE T1078 | |
| /techniques/T1078/001 | Default Accounts A-TITLE T1078.001 | |
| /techniques/T1078/002 | Domain Accounts A-TITLE T1078.002 | |
| /techniques/T1078/003 | Local Accounts A-TITLE T1078.003 | |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1669 | Wi-Fi Networks A-TITLE T1669 | |
| /techniques/T1651 | Cloud Administration Command A-TITLE T1651 | |
| /techniques/T1059 | Command and Scripting Interpreter (12) A-TITLE T1059 | |
| /techniques/T1059/001 | PowerShell A-TITLE T1059.001 | |
| /techniques/T1059/002 | AppleScript A-TITLE T1059.002 | |
| /techniques/T1059/003 | Windows Command Shell A-TITLE T1059.003 | |
| /techniques/T1059/004 | Unix Shell A-TITLE T1059.004 | |
| /techniques/T1059/005 | Visual Basic A-TITLE T1059.005 | |
| /techniques/T1059/006 | Python A-TITLE T1059.006 | |
| /techniques/T1059/007 | JavaScript A-TITLE T1059.007 | |
| /techniques/T1059/008 | Network Device CLI A-TITLE T1059.008 | |
| /techniques/T1059/009 | Cloud API A-TITLE T1059.009 | |
| /techniques/T1059/010 | AutoHotKey & AutoIT A-TITLE T1059.010 | |
| /techniques/T1059/011 | Lua A-TITLE T1059.011 | |
| /techniques/T1059/012 | Hypervisor CLI A-TITLE T1059.012 | |
| /techniques/T1609 | Container Administration Command A-TITLE T1609 | |
| /techniques/T1610 | Deploy Container A-TITLE T1610 | |
| /techniques/T1675 | ESXi Administration Command A-TITLE T1675 | |
| /techniques/T1203 | Exploitation for Client Execution A-TITLE T1203 | |
| /techniques/T1674 | Input Injection A-TITLE T1674 | |
| /techniques/T1559 | Inter-Process Communication (3) A-TITLE T1559 | |
| /techniques/T1559/001 | Component Object Model A-TITLE T1559.001 | |
| /techniques/T1559/002 | Dynamic Data Exchange A-TITLE T1559.002 | |
| /techniques/T1559/003 | XPC Services A-TITLE T1559.003 | |
| /techniques/T1106 | Native API A-TITLE T1106 | |
| /techniques/T1053 | Scheduled Task/Job (5) A-TITLE T1053 | |
| /techniques/T1053/002 | At A-TITLE T1053.002 | |
| /techniques/T1053/003 | Cron A-TITLE T1053.003 | |
| /techniques/T1053/005 | Scheduled Task A-TITLE T1053.005 | |
| /techniques/T1053/006 | Systemd Timers A-TITLE T1053.006 | |
| /techniques/T1053/007 | Container Orchestration Job A-TITLE T1053.007 | |
| /techniques/T1648 | Serverless Execution A-TITLE T1648 | |
| /techniques/T1129 | Shared Modules A-TITLE T1129 | |
| /techniques/T1072 | Software Deployment Tools A-TITLE T1072 | |
| /techniques/T1569 | System Services (3) A-TITLE T1569 | |
| /techniques/T1569/001 | Launchctl A-TITLE T1569.001 | |
| /techniques/T1569/002 | Service Execution A-TITLE T1569.002 | |
| /techniques/T1569/003 | Systemctl A-TITLE T1569.003 | |
| /techniques/T1204 | User Execution (4) A-TITLE T1204 | |
| /techniques/T1204/001 | Malicious Link A-TITLE T1204.001 | |
| /techniques/T1204/002 | Malicious File A-TITLE T1204.002 | |
| /techniques/T1204/003 | Malicious Image A-TITLE T1204.003 | |
| /techniques/T1204/004 | Malicious Copy and Paste A-TITLE T1204.004 | |
| /techniques/T1047 | Windows Management Instrumentation A-TITLE T1047 | |
| /techniques/T1098 | Account Manipulation (7) A-TITLE T1098 | |
| /techniques/T1098/001 | Additional Cloud Credentials A-TITLE T1098.001 | |
| /techniques/T1098/002 | Additional Email Delegate Permissions A-TITLE T1098.002 | |
| /techniques/T1098/003 | Additional Cloud Roles A-TITLE T1098.003 | |
| /techniques/T1098/004 | SSH Authorized Keys A-TITLE T1098.004 | |
| /techniques/T1098/005 | Device Registration A-TITLE T1098.005 | |
| /techniques/T1098/006 | Additional Container Cluster Roles A-TITLE T1098.006 | |
| /techniques/T1098/007 | Additional Local or Domain Groups A-TITLE T1098.007 | |
| /techniques/T1197 | BITS Jobs A-TITLE T1197 | |
| /techniques/T1547 | Boot or Logon Autostart Execution (14) A-TITLE T1547 | |
| /techniques/T1547/001 | Registry Run Keys / Startup Folder A-TITLE T1547.001 | |
| /techniques/T1547/002 | Authentication Package A-TITLE T1547.002 | |
| /techniques/T1547/003 | Time Providers A-TITLE T1547.003 | |
| /techniques/T1547/004 | Winlogon Helper DLL A-TITLE T1547.004 | |
| /techniques/T1547/005 | Security Support Provider A-TITLE T1547.005 | |
| /techniques/T1547/006 | Kernel Modules and Extensions A-TITLE T1547.006 | |
| /techniques/T1547/007 | Re-opened Applications A-TITLE T1547.007 | |
| /techniques/T1547/008 | LSASS Driver A-TITLE T1547.008 | |
| /techniques/T1547/009 | Shortcut Modification A-TITLE T1547.009 | |
| /techniques/T1547/010 | Port Monitors A-TITLE T1547.010 | |
| /techniques/T1547/012 | Print Processors A-TITLE T1547.012 | |
| /techniques/T1547/013 | XDG Autostart Entries A-TITLE T1547.013 | |
| /techniques/T1547/014 | Active Setup A-TITLE T1547.014 | |
| /techniques/T1547/015 | Login Items A-TITLE T1547.015 | |
| /techniques/T1037 | Boot or Logon Initialization Scripts (5) A-TITLE T1037 | |
| /techniques/T1037/001 | Logon Script (Windows) A-TITLE T1037.001 | |
| /techniques/T1037/002 | Login Hook A-TITLE T1037.002 | |
| /techniques/T1037/003 | Network Logon Script A-TITLE T1037.003 | |
| /techniques/T1037/004 | RC Scripts A-TITLE T1037.004 | |
| /techniques/T1037/005 | Startup Items A-TITLE T1037.005 | |
| /techniques/T1671 | Cloud Application Integration A-TITLE T1671 | |
| /techniques/T1554 | Compromise Host Software Binary A-TITLE T1554 | |
| /techniques/T1136 | Create Account (3) A-TITLE T1136 | |
| /techniques/T1136/001 | Local Account A-TITLE T1136.001 | |
| /techniques/T1136/002 | Domain Account A-TITLE T1136.002 | |
| /techniques/T1136/003 | Cloud Account A-TITLE T1136.003 | |
| /techniques/T1543 | Create or Modify System Process (5) A-TITLE T1543 | |
| /techniques/T1543/001 | Launch Agent A-TITLE T1543.001 | |
| /techniques/T1543/002 | Systemd Service A-TITLE T1543.002 | |
| /techniques/T1543/003 | Windows Service A-TITLE T1543.003 | |
| /techniques/T1543/004 | Launch Daemon A-TITLE T1543.004 | |
| /techniques/T1543/005 | Container Service A-TITLE T1543.005 | |
| /techniques/T1546 | Event Triggered Execution (17) A-TITLE T1546 | |
| /techniques/T1546/001 | Change Default File Association A-TITLE T1546.001 | |
| /techniques/T1546/002 | Screensaver A-TITLE T1546.002 | |
| /techniques/T1546/003 | Windows Management Instrumentation Event Subscription A-TITLE T1546.003 | |
| /techniques/T1546/004 | Unix Shell Configuration Modification A-TITLE T1546.004 | |
| /techniques/T1546/005 | Trap A-TITLE T1546.005 | |
| /techniques/T1546/006 | LC_LOAD_DYLIB Addition A-TITLE T1546.006 | |
| /techniques/T1546/007 | Netsh Helper DLL A-TITLE T1546.007 | |
| /techniques/T1546/008 | Accessibility Features A-TITLE T1546.008 | |
| /techniques/T1546/009 | AppCert DLLs A-TITLE T1546.009 | |
| /techniques/T1546/010 | AppInit DLLs A-TITLE T1546.010 | |
| /techniques/T1546/011 | Application Shimming A-TITLE T1546.011 | |
| /techniques/T1546/012 | Image File Execution Options Injection A-TITLE T1546.012 | |
| /techniques/T1546/013 | PowerShell Profile A-TITLE T1546.013 | |
| /techniques/T1546/014 | Emond A-TITLE T1546.014 | |
| /techniques/T1546/015 | Component Object Model Hijacking A-TITLE T1546.015 | |
| /techniques/T1546/016 | Installer Packages A-TITLE T1546.016 | |
| /techniques/T1546/017 | Udev Rules A-TITLE T1546.017 | |
| /techniques/T1668 | Exclusive Control A-TITLE T1668 | |
| /techniques/T1133 | Text duplicate | External Remote Services A-TITLE T1133 |
| /techniques/T1574 | Hijack Execution Flow (12) A-TITLE T1574 | |
| /techniques/T1574/001 | DLL A-TITLE T1574.001 | |
| /techniques/T1574/004 | Dylib Hijacking A-TITLE T1574.004 | |
| /techniques/T1574/005 | Executable Installer File Permissions Weakness A-TITLE T1574.005 | |
| /techniques/T1574/006 | Dynamic Linker Hijacking A-TITLE T1574.006 | |
| /techniques/T1574/007 | Path Interception by PATH Environment Variable A-TITLE T1574.007 | |
| /techniques/T1574/008 | Path Interception by Search Order Hijacking A-TITLE T1574.008 | |
| /techniques/T1574/009 | Path Interception by Unquoted Path A-TITLE T1574.009 | |
| /techniques/T1574/010 | Services File Permissions Weakness A-TITLE T1574.010 | |
| /techniques/T1574/011 | Services Registry Permissions Weakness A-TITLE T1574.011 | |
| /techniques/T1574/012 | COR_PROFILER A-TITLE T1574.012 | |
| /techniques/T1574/013 | KernelCallbackTable A-TITLE T1574.013 | |
| /techniques/T1574/014 | AppDomainManager A-TITLE T1574.014 | |
| /techniques/T1525 | Implant Internal Image A-TITLE T1525 | |
| /techniques/T1556 | Modify Authentication Process (9) A-TITLE T1556 | |
| /techniques/T1556/001 | Domain Controller Authentication A-TITLE T1556.001 | |
| /techniques/T1556/002 | Password Filter DLL A-TITLE T1556.002 | |
| /techniques/T1556/003 | Pluggable Authentication Modules A-TITLE T1556.003 | |
| /techniques/T1556/004 | Network Device Authentication A-TITLE T1556.004 | |
| /techniques/T1556/005 | Reversible Encryption A-TITLE T1556.005 | |
| /techniques/T1556/006 | Multi-Factor Authentication A-TITLE T1556.006 | |
| /techniques/T1556/007 | Hybrid Identity A-TITLE T1556.007 | |
| /techniques/T1556/008 | Network Provider DLL A-TITLE T1556.008 | |
| /techniques/T1556/009 | Conditional Access Policies A-TITLE T1556.009 | |
| /techniques/T1112 | Modify Registry A-TITLE T1112 | |
| /techniques/T1137 | Office Application Startup (6) A-TITLE T1137 | |
| /techniques/T1137/001 | Office Template Macros A-TITLE T1137.001 | |
| /techniques/T1137/002 | Office Test A-TITLE T1137.002 | |
| /techniques/T1137/003 | Outlook Forms A-TITLE T1137.003 | |
| /techniques/T1137/004 | Outlook Home Page A-TITLE T1137.004 | |
| /techniques/T1137/005 | Outlook Rules A-TITLE T1137.005 | |
| /techniques/T1137/006 | Add-ins A-TITLE T1137.006 | |
| /techniques/T1653 | Power Settings A-TITLE T1653 | |
| /techniques/T1542 | Pre-OS Boot (5) A-TITLE T1542 | |
| /techniques/T1542/001 | System Firmware A-TITLE T1542.001 | |
| /techniques/T1542/002 | Component Firmware A-TITLE T1542.002 | |
| /techniques/T1542/003 | Bootkit A-TITLE T1542.003 | |
| /techniques/T1542/004 | ROMMONkit A-TITLE T1542.004 | |
| /techniques/T1542/005 | TFTP Boot A-TITLE T1542.005 | |
| /techniques/T1053 | Text duplicate | Scheduled Task/Job (5) A-TITLE T1053 |
| /techniques/T1053/002 | Text duplicate | At A-TITLE T1053.002 |
| /techniques/T1053/003 | Text duplicate | Cron A-TITLE T1053.003 |
| /techniques/T1053/005 | Text duplicate | Scheduled Task A-TITLE T1053.005 |
| /techniques/T1053/006 | Text duplicate | Systemd Timers A-TITLE T1053.006 |
| /techniques/T1053/007 | Text duplicate | Container Orchestration Job A-TITLE T1053.007 |
| /techniques/T1505 | Server Software Component (6) A-TITLE T1505 | |
| /techniques/T1505/001 | SQL Stored Procedures A-TITLE T1505.001 | |
| /techniques/T1505/002 | Transport Agent A-TITLE T1505.002 | |
| /techniques/T1505/003 | Web Shell A-TITLE T1505.003 | |
| /techniques/T1505/004 | IIS Components A-TITLE T1505.004 | |
| /techniques/T1505/005 | Terminal Services DLL A-TITLE T1505.005 | |
| /techniques/T1505/006 | vSphere Installation Bundles A-TITLE T1505.006 | |
| /techniques/T1176 | Software Extensions (2) A-TITLE T1176 | |
| /techniques/T1176/001 | Browser Extensions A-TITLE T1176.001 | |
| /techniques/T1176/002 | IDE Extensions A-TITLE T1176.002 | |
| /techniques/T1205 | Traffic Signaling (2) A-TITLE T1205 | |
| /techniques/T1205/001 | Port Knocking A-TITLE T1205.001 | |
| /techniques/T1205/002 | Socket Filters A-TITLE T1205.002 | |
| /techniques/T1078 | Text duplicate | Valid Accounts (4) A-TITLE T1078 |
| /techniques/T1078/001 | Text duplicate | Default Accounts A-TITLE T1078.001 |
| /techniques/T1078/002 | Text duplicate | Domain Accounts A-TITLE T1078.002 |
| /techniques/T1078/003 | Text duplicate | Local Accounts A-TITLE T1078.003 |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1548 | Abuse Elevation Control Mechanism (6) A-TITLE T1548 | |
| /techniques/T1548/001 | Setuid and Setgid A-TITLE T1548.001 | |
| /techniques/T1548/002 | Bypass User Account Control A-TITLE T1548.002 | |
| /techniques/T1548/003 | Sudo and Sudo Caching A-TITLE T1548.003 | |
| /techniques/T1548/004 | Elevated Execution with Prompt A-TITLE T1548.004 | |
| /techniques/T1548/005 | Temporary Elevated Cloud Access A-TITLE T1548.005 | |
| /techniques/T1548/006 | TCC Manipulation A-TITLE T1548.006 | |
| /techniques/T1134 | Access Token Manipulation (5) A-TITLE T1134 | |
| /techniques/T1134/001 | Token Impersonation/Theft A-TITLE T1134.001 | |
| /techniques/T1134/002 | Create Process with Token A-TITLE T1134.002 | |
| /techniques/T1134/003 | Make and Impersonate Token A-TITLE T1134.003 | |
| /techniques/T1134/004 | Parent PID Spoofing A-TITLE T1134.004 | |
| /techniques/T1134/005 | SID-History Injection A-TITLE T1134.005 | |
| /techniques/T1098 | Text duplicate | Account Manipulation (7) A-TITLE T1098 |
| /techniques/T1098/001 | Text duplicate | Additional Cloud Credentials A-TITLE T1098.001 |
| /techniques/T1098/002 | Text duplicate | Additional Email Delegate Permissions A-TITLE T1098.002 |
| /techniques/T1098/003 | Text duplicate | Additional Cloud Roles A-TITLE T1098.003 |
| /techniques/T1098/004 | Text duplicate | SSH Authorized Keys A-TITLE T1098.004 |
| /techniques/T1098/005 | Text duplicate | Device Registration A-TITLE T1098.005 |
| /techniques/T1098/006 | Text duplicate | Additional Container Cluster Roles A-TITLE T1098.006 |
| /techniques/T1098/007 | Text duplicate | Additional Local or Domain Groups A-TITLE T1098.007 |
| /techniques/T1547 | Text duplicate | Boot or Logon Autostart Execution (14) A-TITLE T1547 |
| /techniques/T1547/001 | Text duplicate | Registry Run Keys / Startup Folder A-TITLE T1547.001 |
| /techniques/T1547/002 | Text duplicate | Authentication Package A-TITLE T1547.002 |
| /techniques/T1547/003 | Text duplicate | Time Providers A-TITLE T1547.003 |
| /techniques/T1547/004 | Text duplicate | Winlogon Helper DLL A-TITLE T1547.004 |
| /techniques/T1547/005 | Text duplicate | Security Support Provider A-TITLE T1547.005 |
| /techniques/T1547/006 | Text duplicate | Kernel Modules and Extensions A-TITLE T1547.006 |
| /techniques/T1547/007 | Text duplicate | Re-opened Applications A-TITLE T1547.007 |
| /techniques/T1547/008 | Text duplicate | LSASS Driver A-TITLE T1547.008 |
| /techniques/T1547/009 | Text duplicate | Shortcut Modification A-TITLE T1547.009 |
| /techniques/T1547/010 | Text duplicate | Port Monitors A-TITLE T1547.010 |
| /techniques/T1547/012 | Text duplicate | Print Processors A-TITLE T1547.012 |
| /techniques/T1547/013 | Text duplicate | XDG Autostart Entries A-TITLE T1547.013 |
| /techniques/T1547/014 | Text duplicate | Active Setup A-TITLE T1547.014 |
| /techniques/T1547/015 | Text duplicate | Login Items A-TITLE T1547.015 |
| /techniques/T1037 | Text duplicate | Boot or Logon Initialization Scripts (5) A-TITLE T1037 |
| /techniques/T1037/001 | Text duplicate | Logon Script (Windows) A-TITLE T1037.001 |
| /techniques/T1037/002 | Text duplicate | Login Hook A-TITLE T1037.002 |
| /techniques/T1037/003 | Text duplicate | Network Logon Script A-TITLE T1037.003 |
| /techniques/T1037/004 | Text duplicate | RC Scripts A-TITLE T1037.004 |
| /techniques/T1037/005 | Text duplicate | Startup Items A-TITLE T1037.005 |
| /techniques/T1543 | Text duplicate | Create or Modify System Process (5) A-TITLE T1543 |
| /techniques/T1543/001 | Text duplicate | Launch Agent A-TITLE T1543.001 |
| /techniques/T1543/002 | Text duplicate | Systemd Service A-TITLE T1543.002 |
| /techniques/T1543/003 | Text duplicate | Windows Service A-TITLE T1543.003 |
| /techniques/T1543/004 | Text duplicate | Launch Daemon A-TITLE T1543.004 |
| /techniques/T1543/005 | Text duplicate | Container Service A-TITLE T1543.005 |
| /techniques/T1484 | Domain or Tenant Policy Modification (2) A-TITLE T1484 | |
| /techniques/T1484/001 | Group Policy Modification A-TITLE T1484.001 | |
| /techniques/T1484/002 | Trust Modification A-TITLE T1484.002 | |
| /techniques/T1611 | Escape to Host A-TITLE T1611 | |
| /techniques/T1546 | Text duplicate | Event Triggered Execution (17) A-TITLE T1546 |
| /techniques/T1546/001 | Text duplicate | Change Default File Association A-TITLE T1546.001 |
| /techniques/T1546/002 | Text duplicate | Screensaver A-TITLE T1546.002 |
| /techniques/T1546/003 | Text duplicate | Windows Management Instrumentation Event Subscription A-TITLE T1546.003 |
| /techniques/T1546/004 | Text duplicate | Unix Shell Configuration Modification A-TITLE T1546.004 |
| /techniques/T1546/005 | Text duplicate | Trap A-TITLE T1546.005 |
| /techniques/T1546/006 | Text duplicate | LC_LOAD_DYLIB Addition A-TITLE T1546.006 |
| /techniques/T1546/007 | Text duplicate | Netsh Helper DLL A-TITLE T1546.007 |
| /techniques/T1546/008 | Text duplicate | Accessibility Features A-TITLE T1546.008 |
| /techniques/T1546/009 | Text duplicate | AppCert DLLs A-TITLE T1546.009 |
| /techniques/T1546/010 | Text duplicate | AppInit DLLs A-TITLE T1546.010 |
| /techniques/T1546/011 | Text duplicate | Application Shimming A-TITLE T1546.011 |
| /techniques/T1546/012 | Text duplicate | Image File Execution Options Injection A-TITLE T1546.012 |
| /techniques/T1546/013 | Text duplicate | PowerShell Profile A-TITLE T1546.013 |
| /techniques/T1546/014 | Text duplicate | Emond A-TITLE T1546.014 |
| /techniques/T1546/015 | Text duplicate | Component Object Model Hijacking A-TITLE T1546.015 |
| /techniques/T1546/016 | Text duplicate | Installer Packages A-TITLE T1546.016 |
| /techniques/T1546/017 | Text duplicate | Udev Rules A-TITLE T1546.017 |
| /techniques/T1068 | Exploitation for Privilege Escalation A-TITLE T1068 | |
| /techniques/T1574 | Text duplicate | Hijack Execution Flow (12) A-TITLE T1574 |
| /techniques/T1574/001 | Text duplicate | DLL A-TITLE T1574.001 |
| /techniques/T1574/004 | Text duplicate | Dylib Hijacking A-TITLE T1574.004 |
| /techniques/T1574/005 | Text duplicate | Executable Installer File Permissions Weakness A-TITLE T1574.005 |
| /techniques/T1574/006 | Text duplicate | Dynamic Linker Hijacking A-TITLE T1574.006 |
| /techniques/T1574/007 | Text duplicate | Path Interception by PATH Environment Variable A-TITLE T1574.007 |
| /techniques/T1574/008 | Text duplicate | Path Interception by Search Order Hijacking A-TITLE T1574.008 |
| /techniques/T1574/009 | Text duplicate | Path Interception by Unquoted Path A-TITLE T1574.009 |
| /techniques/T1574/010 | Text duplicate | Services File Permissions Weakness A-TITLE T1574.010 |
| /techniques/T1574/011 | Text duplicate | Services Registry Permissions Weakness A-TITLE T1574.011 |
| /techniques/T1574/012 | Text duplicate | COR_PROFILER A-TITLE T1574.012 |
| /techniques/T1574/013 | Text duplicate | KernelCallbackTable A-TITLE T1574.013 |
| /techniques/T1574/014 | Text duplicate | AppDomainManager A-TITLE T1574.014 |
| /techniques/T1055 | Process Injection (12) A-TITLE T1055 | |
| /techniques/T1055/001 | Dynamic-link Library Injection A-TITLE T1055.001 | |
| /techniques/T1055/002 | Portable Executable Injection A-TITLE T1055.002 | |
| /techniques/T1055/003 | Thread Execution Hijacking A-TITLE T1055.003 | |
| /techniques/T1055/004 | Asynchronous Procedure Call A-TITLE T1055.004 | |
| /techniques/T1055/005 | Thread Local Storage A-TITLE T1055.005 | |
| /techniques/T1055/008 | Ptrace System Calls A-TITLE T1055.008 | |
| /techniques/T1055/009 | Proc Memory A-TITLE T1055.009 | |
| /techniques/T1055/011 | Extra Window Memory Injection A-TITLE T1055.011 | |
| /techniques/T1055/012 | Process Hollowing A-TITLE T1055.012 | |
| /techniques/T1055/013 | Process Doppelg??nging A-TITLE T1055.013 | |
| /techniques/T1055/014 | VDSO Hijacking A-TITLE T1055.014 | |
| /techniques/T1055/015 | ListPlanting A-TITLE T1055.015 | |
| /techniques/T1053 | Text duplicate | Scheduled Task/Job (5) A-TITLE T1053 |
| /techniques/T1053/002 | Text duplicate | At A-TITLE T1053.002 |
| /techniques/T1053/003 | Text duplicate | Cron A-TITLE T1053.003 |
| /techniques/T1053/005 | Text duplicate | Scheduled Task A-TITLE T1053.005 |
| /techniques/T1053/006 | Text duplicate | Systemd Timers A-TITLE T1053.006 |
| /techniques/T1053/007 | Text duplicate | Container Orchestration Job A-TITLE T1053.007 |
| /techniques/T1078 | Text duplicate | Valid Accounts (4) A-TITLE T1078 |
| /techniques/T1078/001 | Text duplicate | Default Accounts A-TITLE T1078.001 |
| /techniques/T1078/002 | Text duplicate | Domain Accounts A-TITLE T1078.002 |
| /techniques/T1078/003 | Text duplicate | Local Accounts A-TITLE T1078.003 |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1548 | Text duplicate | Abuse Elevation Control Mechanism (6) A-TITLE T1548 |
| /techniques/T1548/001 | Text duplicate | Setuid and Setgid A-TITLE T1548.001 |
| /techniques/T1548/002 | Text duplicate | Bypass User Account Control A-TITLE T1548.002 |
| /techniques/T1548/003 | Text duplicate | Sudo and Sudo Caching A-TITLE T1548.003 |
| /techniques/T1548/004 | Text duplicate | Elevated Execution with Prompt A-TITLE T1548.004 |
| /techniques/T1548/005 | Text duplicate | Temporary Elevated Cloud Access A-TITLE T1548.005 |
| /techniques/T1548/006 | Text duplicate | TCC Manipulation A-TITLE T1548.006 |
| /techniques/T1134 | Text duplicate | Access Token Manipulation (5) A-TITLE T1134 |
| /techniques/T1134/001 | Text duplicate | Token Impersonation/Theft A-TITLE T1134.001 |
| /techniques/T1134/002 | Text duplicate | Create Process with Token A-TITLE T1134.002 |
| /techniques/T1134/003 | Text duplicate | Make and Impersonate Token A-TITLE T1134.003 |
| /techniques/T1134/004 | Text duplicate | Parent PID Spoofing A-TITLE T1134.004 |
| /techniques/T1134/005 | Text duplicate | SID-History Injection A-TITLE T1134.005 |
| /techniques/T1197 | Text duplicate | BITS Jobs A-TITLE T1197 |
| /techniques/T1612 | Build Image on Host A-TITLE T1612 | |
| /techniques/T1622 | Debugger Evasion A-TITLE T1622 | |
| /techniques/T1140 | Deobfuscate/Decode Files or Information A-TITLE T1140 | |
| /techniques/T1610 | Text duplicate | Deploy Container A-TITLE T1610 |
| /techniques/T1006 | Direct Volume Access A-TITLE T1006 | |
| /techniques/T1484 | Text duplicate | Domain or Tenant Policy Modification (2) A-TITLE T1484 |
| /techniques/T1484/001 | Text duplicate | Group Policy Modification A-TITLE T1484.001 |
| /techniques/T1484/002 | Text duplicate | Trust Modification A-TITLE T1484.002 |
| /techniques/T1672 | Email Spoofing A-TITLE T1672 | |
| /techniques/T1480 | Execution Guardrails (2) A-TITLE T1480 | |
| /techniques/T1480/001 | Environmental Keying A-TITLE T1480.001 | |
| /techniques/T1480/002 | Mutual Exclusion A-TITLE T1480.002 | |
| /techniques/T1211 | Exploitation for Defense Evasion A-TITLE T1211 | |
| /techniques/T1222 | File and Directory Permissions Modification (2) A-TITLE T1222 | |
| /techniques/T1222/001 | Windows File and Directory Permissions Modification A-TITLE T1222.001 | |
| /techniques/T1222/002 | Linux and Mac File and Directory Permissions Modification A-TITLE T1222.002 | |
| /techniques/T1564 | Hide Artifacts (14) A-TITLE T1564 | |
| /techniques/T1564/001 | Hidden Files and Directories A-TITLE T1564.001 | |
| /techniques/T1564/002 | Hidden Users A-TITLE T1564.002 | |
| /techniques/T1564/003 | Hidden Window A-TITLE T1564.003 | |
| /techniques/T1564/004 | NTFS File Attributes A-TITLE T1564.004 | |
| /techniques/T1564/005 | Hidden File System A-TITLE T1564.005 | |
| /techniques/T1564/006 | Run Virtual Instance A-TITLE T1564.006 | |
| /techniques/T1564/007 | VBA Stomping A-TITLE T1564.007 | |
| /techniques/T1564/008 | Email Hiding Rules A-TITLE T1564.008 | |
| /techniques/T1564/009 | Resource Forking A-TITLE T1564.009 | |
| /techniques/T1564/010 | Process Argument Spoofing A-TITLE T1564.010 | |
| /techniques/T1564/011 | Ignore Process Interrupts A-TITLE T1564.011 | |
| /techniques/T1564/012 | File/Path Exclusions A-TITLE T1564.012 | |
| /techniques/T1564/013 | Bind Mounts A-TITLE T1564.013 | |
| /techniques/T1564/014 | Extended Attributes A-TITLE T1564.014 | |
| /techniques/T1574 | Text duplicate | Hijack Execution Flow (12) A-TITLE T1574 |
| /techniques/T1574/001 | Text duplicate | DLL A-TITLE T1574.001 |
| /techniques/T1574/004 | Text duplicate | Dylib Hijacking A-TITLE T1574.004 |
| /techniques/T1574/005 | Text duplicate | Executable Installer File Permissions Weakness A-TITLE T1574.005 |
| /techniques/T1574/006 | Text duplicate | Dynamic Linker Hijacking A-TITLE T1574.006 |
| /techniques/T1574/007 | Text duplicate | Path Interception by PATH Environment Variable A-TITLE T1574.007 |
| /techniques/T1574/008 | Text duplicate | Path Interception by Search Order Hijacking A-TITLE T1574.008 |
| /techniques/T1574/009 | Text duplicate | Path Interception by Unquoted Path A-TITLE T1574.009 |
| /techniques/T1574/010 | Text duplicate | Services File Permissions Weakness A-TITLE T1574.010 |
| /techniques/T1574/011 | Text duplicate | Services Registry Permissions Weakness A-TITLE T1574.011 |
| /techniques/T1574/012 | Text duplicate | COR_PROFILER A-TITLE T1574.012 |
| /techniques/T1574/013 | Text duplicate | KernelCallbackTable A-TITLE T1574.013 |
| /techniques/T1574/014 | Text duplicate | AppDomainManager A-TITLE T1574.014 |
| /techniques/T1562 | Impair Defenses (11) A-TITLE T1562 | |
| /techniques/T1562/001 | Disable or Modify Tools A-TITLE T1562.001 | |
| /techniques/T1562/002 | Disable Windows Event Logging A-TITLE T1562.002 | |
| /techniques/T1562/003 | Impair Command History Logging A-TITLE T1562.003 | |
| /techniques/T1562/004 | Disable or Modify System Firewall A-TITLE T1562.004 | |
| /techniques/T1562/006 | Indicator Blocking A-TITLE T1562.006 | |
| /techniques/T1562/007 | Disable or Modify Cloud Firewall A-TITLE T1562.007 | |
| /techniques/T1562/008 | Disable or Modify Cloud Logs A-TITLE T1562.008 | |
| /techniques/T1562/009 | Safe Mode Boot A-TITLE T1562.009 | |
| /techniques/T1562/010 | Downgrade Attack A-TITLE T1562.010 | |
| /techniques/T1562/011 | Spoof Security Alerting A-TITLE T1562.011 | |
| /techniques/T1562/012 | Disable or Modify Linux Audit System A-TITLE T1562.012 | |
| /techniques/T1656 | Impersonation A-TITLE T1656 | |
| /techniques/T1070 | Indicator Removal (10) A-TITLE T1070 | |
| /techniques/T1070/001 | Clear Windows Event Logs A-TITLE T1070.001 | |
| /techniques/T1070/002 | Clear Linux or Mac System Logs A-TITLE T1070.002 | |
| /techniques/T1070/003 | Clear Command History A-TITLE T1070.003 | |
| /techniques/T1070/004 | File Deletion A-TITLE T1070.004 | |
| /techniques/T1070/005 | Network Share Connection Removal A-TITLE T1070.005 | |
| /techniques/T1070/006 | Timestomp A-TITLE T1070.006 | |
| /techniques/T1070/007 | Clear Network Connection History and Configurations A-TITLE T1070.007 | |
| /techniques/T1070/008 | Clear Mailbox Data A-TITLE T1070.008 | |
| /techniques/T1070/009 | Clear Persistence A-TITLE T1070.009 | |
| /techniques/T1070/010 | Relocate Malware A-TITLE T1070.010 | |
| /techniques/T1202 | Indirect Command Execution A-TITLE T1202 | |
| /techniques/T1036 | Masquerading (11) A-TITLE T1036 | |
| /techniques/T1036/001 | Invalid Code Signature A-TITLE T1036.001 | |
| /techniques/T1036/002 | Right-to-Left Override A-TITLE T1036.002 | |
| /techniques/T1036/003 | Rename Legitimate Utilities A-TITLE T1036.003 | |
| /techniques/T1036/004 | Masquerade Task or Service A-TITLE T1036.004 | |
| /techniques/T1036/005 | Match Legitimate Resource Name or Location A-TITLE T1036.005 | |
| /techniques/T1036/006 | Space after Filename A-TITLE T1036.006 | |
| /techniques/T1036/007 | Double File Extension A-TITLE T1036.007 | |
| /techniques/T1036/008 | Masquerade File Type A-TITLE T1036.008 | |
| /techniques/T1036/009 | Break Process Trees A-TITLE T1036.009 | |
| /techniques/T1036/010 | Masquerade Account Name A-TITLE T1036.010 | |
| /techniques/T1036/011 | Overwrite Process Arguments A-TITLE T1036.011 | |
| /techniques/T1556 | Text duplicate | Modify Authentication Process (9) A-TITLE T1556 |
| /techniques/T1556/001 | Text duplicate | Domain Controller Authentication A-TITLE T1556.001 |
| /techniques/T1556/002 | Text duplicate | Password Filter DLL A-TITLE T1556.002 |
| /techniques/T1556/003 | Text duplicate | Pluggable Authentication Modules A-TITLE T1556.003 |
| /techniques/T1556/004 | Text duplicate | Network Device Authentication A-TITLE T1556.004 |
| /techniques/T1556/005 | Text duplicate | Reversible Encryption A-TITLE T1556.005 |
| /techniques/T1556/006 | Text duplicate | Multi-Factor Authentication A-TITLE T1556.006 |
| /techniques/T1556/007 | Text duplicate | Hybrid Identity A-TITLE T1556.007 |
| /techniques/T1556/008 | Text duplicate | Network Provider DLL A-TITLE T1556.008 |
| /techniques/T1556/009 | Text duplicate | Conditional Access Policies A-TITLE T1556.009 |
| /techniques/T1578 | Modify Cloud Compute Infrastructure (5) A-TITLE T1578 | |
| /techniques/T1578/001 | Create Snapshot A-TITLE T1578.001 | |
| /techniques/T1578/002 | Create Cloud Instance A-TITLE T1578.002 | |
| /techniques/T1578/003 | Delete Cloud Instance A-TITLE T1578.003 | |
| /techniques/T1578/004 | Revert Cloud Instance A-TITLE T1578.004 | |
| /techniques/T1578/005 | Modify Cloud Compute Configurations A-TITLE T1578.005 | |
| /techniques/T1666 | Modify Cloud Resource Hierarchy A-TITLE T1666 | |
| /techniques/T1112 | Text duplicate | Modify Registry A-TITLE T1112 |
| /techniques/T1601 | Modify System Image (2) A-TITLE T1601 | |
| /techniques/T1601/001 | Patch System Image A-TITLE T1601.001 | |
| /techniques/T1601/002 | Downgrade System Image A-TITLE T1601.002 | |
| /techniques/T1599 | Network Boundary Bridging (1) A-TITLE T1599 | |
| /techniques/T1599/001 | Network Address Translation Traversal A-TITLE T1599.001 | |
| /techniques/T1027 | Obfuscated Files or Information (17) A-TITLE T1027 | |
| /techniques/T1027/001 | Binary Padding A-TITLE T1027.001 | |
| /techniques/T1027/002 | Software Packing A-TITLE T1027.002 | |
| /techniques/T1027/003 | Steganography A-TITLE T1027.003 | |
| /techniques/T1027/004 | Compile After Delivery A-TITLE T1027.004 | |
| /techniques/T1027/005 | Indicator Removal from Tools A-TITLE T1027.005 | |
| /techniques/T1027/006 | HTML Smuggling A-TITLE T1027.006 | |
| /techniques/T1027/007 | Dynamic API Resolution A-TITLE T1027.007 | |
| /techniques/T1027/008 | Stripped Payloads A-TITLE T1027.008 | |
| /techniques/T1027/009 | Embedded Payloads A-TITLE T1027.009 | |
| /techniques/T1027/010 | Command Obfuscation A-TITLE T1027.010 | |
| /techniques/T1027/011 | Fileless Storage A-TITLE T1027.011 | |
| /techniques/T1027/012 | LNK Icon Smuggling A-TITLE T1027.012 | |
| /techniques/T1027/013 | Encrypted/Encoded File A-TITLE T1027.013 | |
| /techniques/T1027/014 | Polymorphic Code A-TITLE T1027.014 | |
| /techniques/T1027/015 | Compression A-TITLE T1027.015 | |
| /techniques/T1027/016 | Junk Code Insertion A-TITLE T1027.016 | |
| /techniques/T1027/017 | SVG Smuggling A-TITLE T1027.017 | |
| /techniques/T1647 | Plist File Modification A-TITLE T1647 | |
| /techniques/T1542 | Text duplicate | Pre-OS Boot (5) A-TITLE T1542 |
| /techniques/T1542/001 | Text duplicate | System Firmware A-TITLE T1542.001 |
| /techniques/T1542/002 | Text duplicate | Component Firmware A-TITLE T1542.002 |
| /techniques/T1542/003 | Text duplicate | Bootkit A-TITLE T1542.003 |
| /techniques/T1542/004 | Text duplicate | ROMMONkit A-TITLE T1542.004 |
| /techniques/T1542/005 | Text duplicate | TFTP Boot A-TITLE T1542.005 |
| /techniques/T1055 | Text duplicate | Process Injection (12) A-TITLE T1055 |
| /techniques/T1055/001 | Text duplicate | Dynamic-link Library Injection A-TITLE T1055.001 |
| /techniques/T1055/002 | Text duplicate | Portable Executable Injection A-TITLE T1055.002 |
| /techniques/T1055/003 | Text duplicate | Thread Execution Hijacking A-TITLE T1055.003 |
| /techniques/T1055/004 | Text duplicate | Asynchronous Procedure Call A-TITLE T1055.004 |
| /techniques/T1055/005 | Text duplicate | Thread Local Storage A-TITLE T1055.005 |
| /techniques/T1055/008 | Text duplicate | Ptrace System Calls A-TITLE T1055.008 |
| /techniques/T1055/009 | Text duplicate | Proc Memory A-TITLE T1055.009 |
| /techniques/T1055/011 | Text duplicate | Extra Window Memory Injection A-TITLE T1055.011 |
| /techniques/T1055/012 | Text duplicate | Process Hollowing A-TITLE T1055.012 |
| /techniques/T1055/013 | Text duplicate | Process Doppelg??nging A-TITLE T1055.013 |
| /techniques/T1055/014 | Text duplicate | VDSO Hijacking A-TITLE T1055.014 |
| /techniques/T1055/015 | Text duplicate | ListPlanting A-TITLE T1055.015 |
| /techniques/T1620 | Reflective Code Loading A-TITLE T1620 | |
| /techniques/T1207 | Rogue Domain Controller A-TITLE T1207 | |
| /techniques/T1014 | Rootkit A-TITLE T1014 | |
| /techniques/T1553 | Subvert Trust Controls (6) A-TITLE T1553 | |
| /techniques/T1553/001 | Gatekeeper Bypass A-TITLE T1553.001 | |
| /techniques/T1553/002 | Code Signing A-TITLE T1553.002 | |
| /techniques/T1553/003 | SIP and Trust Provider Hijacking A-TITLE T1553.003 | |
| /techniques/T1553/004 | Install Root Certificate A-TITLE T1553.004 | |
| /techniques/T1553/005 | Mark-of-the-Web Bypass A-TITLE T1553.005 | |
| /techniques/T1553/006 | Code Signing Policy Modification A-TITLE T1553.006 | |
| /techniques/T1218 | System Binary Proxy Execution (14) A-TITLE T1218 | |
| /techniques/T1218/001 | Compiled HTML File A-TITLE T1218.001 | |
| /techniques/T1218/002 | Control Panel A-TITLE T1218.002 | |
| /techniques/T1218/003 | CMSTP A-TITLE T1218.003 | |
| /techniques/T1218/004 | InstallUtil A-TITLE T1218.004 | |
| /techniques/T1218/005 | Mshta A-TITLE T1218.005 | |
| /techniques/T1218/007 | Msiexec A-TITLE T1218.007 | |
| /techniques/T1218/008 | Odbcconf A-TITLE T1218.008 | |
| /techniques/T1218/009 | Regsvcs/Regasm A-TITLE T1218.009 | |
| /techniques/T1218/010 | Regsvr32 A-TITLE T1218.010 | |
| /techniques/T1218/011 | Rundll32 A-TITLE T1218.011 | |
| /techniques/T1218/012 | Verclsid A-TITLE T1218.012 | |
| /techniques/T1218/013 | Mavinject A-TITLE T1218.013 | |
| /techniques/T1218/014 | MMC A-TITLE T1218.014 | |
| /techniques/T1218/015 | Electron Applications A-TITLE T1218.015 | |
| /techniques/T1216 | System Script Proxy Execution (2) A-TITLE T1216 | |
| /techniques/T1216/001 | PubPrn A-TITLE T1216.001 | |
| /techniques/T1216/002 | SyncAppvPublishingServer A-TITLE T1216.002 | |
| /techniques/T1221 | Template Injection A-TITLE T1221 | |
| /techniques/T1205 | Text duplicate | Traffic Signaling (2) A-TITLE T1205 |
| /techniques/T1205/001 | Text duplicate | Port Knocking A-TITLE T1205.001 |
| /techniques/T1205/002 | Text duplicate | Socket Filters A-TITLE T1205.002 |
| /techniques/T1127 | Trusted Developer Utilities Proxy Execution (3) A-TITLE T1127 | |
| /techniques/T1127/001 | MSBuild A-TITLE T1127.001 | |
| /techniques/T1127/002 | ClickOnce A-TITLE T1127.002 | |
| /techniques/T1127/003 | JamPlus A-TITLE T1127.003 | |
| /techniques/T1535 | Unused/Unsupported Cloud Regions A-TITLE T1535 | |
| /techniques/T1550 | Use Alternate Authentication Material (4) A-TITLE T1550 | |
| /techniques/T1550/001 | Application Access Token A-TITLE T1550.001 | |
| /techniques/T1550/002 | Pass the Hash A-TITLE T1550.002 | |
| /techniques/T1550/003 | Pass the Ticket A-TITLE T1550.003 | |
| /techniques/T1550/004 | Web Session Cookie A-TITLE T1550.004 | |
| /techniques/T1078 | Text duplicate | Valid Accounts (4) A-TITLE T1078 |
| /techniques/T1078/001 | Text duplicate | Default Accounts A-TITLE T1078.001 |
| /techniques/T1078/002 | Text duplicate | Domain Accounts A-TITLE T1078.002 |
| /techniques/T1078/003 | Text duplicate | Local Accounts A-TITLE T1078.003 |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1497 | Virtualization/Sandbox Evasion (3) A-TITLE T1497 | |
| /techniques/T1497/001 | System Checks A-TITLE T1497.001 | |
| /techniques/T1497/002 | User Activity Based Checks A-TITLE T1497.002 | |
| /techniques/T1497/003 | Time Based Evasion A-TITLE T1497.003 | |
| /techniques/T1600 | Weaken Encryption (2) A-TITLE T1600 | |
| /techniques/T1600/001 | Reduce Key Space A-TITLE T1600.001 | |
| /techniques/T1600/002 | Disable Crypto Hardware A-TITLE T1600.002 | |
| /techniques/T1220 | XSL Script Processing A-TITLE T1220 | |
| /techniques/T1557 | Adversary-in-the-Middle (4) A-TITLE T1557 | |
| /techniques/T1557/001 | LLMNR/NBT-NS Poisoning and SMB Relay A-TITLE T1557.001 | |
| /techniques/T1557/002 | ARP Cache Poisoning A-TITLE T1557.002 | |
| /techniques/T1557/003 | DHCP Spoofing A-TITLE T1557.003 | |
| /techniques/T1557/004 | Evil Twin A-TITLE T1557.004 | |
| /techniques/T1110 | Brute Force (4) A-TITLE T1110 | |
| /techniques/T1110/001 | Password Guessing A-TITLE T1110.001 | |
| /techniques/T1110/002 | Password Cracking A-TITLE T1110.002 | |
| /techniques/T1110/003 | Password Spraying A-TITLE T1110.003 | |
| /techniques/T1110/004 | Credential Stuffing A-TITLE T1110.004 | |
| /techniques/T1555 | Credentials from Password Stores (6) A-TITLE T1555 | |
| /techniques/T1555/001 | Keychain A-TITLE T1555.001 | |
| /techniques/T1555/002 | Securityd Memory A-TITLE T1555.002 | |
| /techniques/T1555/003 | Credentials from Web Browsers A-TITLE T1555.003 | |
| /techniques/T1555/004 | Windows Credential Manager A-TITLE T1555.004 | |
| /techniques/T1555/005 | Password Managers A-TITLE T1555.005 | |
| /techniques/T1555/006 | Cloud Secrets Management Stores A-TITLE T1555.006 | |
| /techniques/T1212 | Exploitation for Credential Access A-TITLE T1212 | |
| /techniques/T1187 | Forced Authentication A-TITLE T1187 | |
| /techniques/T1606 | Forge Web Credentials (2) A-TITLE T1606 | |
| /techniques/T1606/001 | Web Cookies A-TITLE T1606.001 | |
| /techniques/T1606/002 | SAML Tokens A-TITLE T1606.002 | |
| /techniques/T1056 | Input Capture (4) A-TITLE T1056 | |
| /techniques/T1056/001 | Keylogging A-TITLE T1056.001 | |
| /techniques/T1056/002 | GUI Input Capture A-TITLE T1056.002 | |
| /techniques/T1056/003 | Web Portal Capture A-TITLE T1056.003 | |
| /techniques/T1056/004 | Credential API Hooking A-TITLE T1056.004 | |
| /techniques/T1556 | Text duplicate | Modify Authentication Process (9) A-TITLE T1556 |
| /techniques/T1556/001 | Text duplicate | Domain Controller Authentication A-TITLE T1556.001 |
| /techniques/T1556/002 | Text duplicate | Password Filter DLL A-TITLE T1556.002 |
| /techniques/T1556/003 | Text duplicate | Pluggable Authentication Modules A-TITLE T1556.003 |
| /techniques/T1556/004 | Text duplicate | Network Device Authentication A-TITLE T1556.004 |
| /techniques/T1556/005 | Text duplicate | Reversible Encryption A-TITLE T1556.005 |
| /techniques/T1556/006 | Text duplicate | Multi-Factor Authentication A-TITLE T1556.006 |
| /techniques/T1556/007 | Text duplicate | Hybrid Identity A-TITLE T1556.007 |
| /techniques/T1556/008 | Text duplicate | Network Provider DLL A-TITLE T1556.008 |
| /techniques/T1556/009 | Text duplicate | Conditional Access Policies A-TITLE T1556.009 |
| /techniques/T1111 | Multi-Factor Authentication Interception A-TITLE T1111 | |
| /techniques/T1621 | Multi-Factor Authentication Request Generation A-TITLE T1621 | |
| /techniques/T1040 | Network Sniffing A-TITLE T1040 | |
| /techniques/T1003 | OS Credential Dumping (8) A-TITLE T1003 | |
| /techniques/T1003/001 | LSASS Memory A-TITLE T1003.001 | |
| /techniques/T1003/002 | Security Account Manager A-TITLE T1003.002 | |
| /techniques/T1003/003 | NTDS A-TITLE T1003.003 | |
| /techniques/T1003/004 | LSA Secrets A-TITLE T1003.004 | |
| /techniques/T1003/005 | Cached Domain Credentials A-TITLE T1003.005 | |
| /techniques/T1003/006 | DCSync A-TITLE T1003.006 | |
| /techniques/T1003/007 | Proc Filesystem A-TITLE T1003.007 | |
| /techniques/T1003/008 | /etc/passwd and /etc/shadow A-TITLE T1003.008 | |
| /techniques/T1528 | Steal Application Access Token A-TITLE T1528 | |
| /techniques/T1649 | Steal or Forge Authentication Certificates A-TITLE T1649 | |
| /techniques/T1558 | Steal or Forge Kerberos Tickets (5) A-TITLE T1558 | |
| /techniques/T1558/001 | Golden Ticket A-TITLE T1558.001 | |
| /techniques/T1558/002 | Silver Ticket A-TITLE T1558.002 | |
| /techniques/T1558/003 | Kerberoasting A-TITLE T1558.003 | |
| /techniques/T1558/004 | AS-REP Roasting A-TITLE T1558.004 | |
| /techniques/T1558/005 | Ccache Files A-TITLE T1558.005 | |
| /techniques/T1539 | Steal Web Session Cookie A-TITLE T1539 | |
| /techniques/T1552 | Unsecured Credentials (8) A-TITLE T1552 | |
| /techniques/T1552/001 | Credentials In Files A-TITLE T1552.001 | |
| /techniques/T1552/002 | Credentials in Registry A-TITLE T1552.002 | |
| /techniques/T1552/003 | Bash History A-TITLE T1552.003 | |
| /techniques/T1552/004 | Private Keys A-TITLE T1552.004 | |
| /techniques/T1552/005 | Cloud Instance Metadata API A-TITLE T1552.005 | |
| /techniques/T1552/006 | Group Policy Preferences A-TITLE T1552.006 | |
| /techniques/T1552/007 | Container API A-TITLE T1552.007 | |
| /techniques/T1552/008 | Chat Messages A-TITLE T1552.008 | |
| /techniques/T1087 | Account Discovery (4) A-TITLE T1087 | |
| /techniques/T1087/001 | Text duplicate | Local Account A-TITLE T1087.001 |
| /techniques/T1087/002 | Text duplicate | Domain Account A-TITLE T1087.002 |
| /techniques/T1087/003 | Email Account A-TITLE T1087.003 | |
| /techniques/T1087/004 | Text duplicate | Cloud Account A-TITLE T1087.004 |
| /techniques/T1010 | Application Window Discovery A-TITLE T1010 | |
| /techniques/T1217 | Browser Information Discovery A-TITLE T1217 | |
| /techniques/T1580 | Cloud Infrastructure Discovery A-TITLE T1580 | |
| /techniques/T1538 | Cloud Service Dashboard A-TITLE T1538 | |
| /techniques/T1526 | Cloud Service Discovery A-TITLE T1526 | |
| /techniques/T1619 | Cloud Storage Object Discovery A-TITLE T1619 | |
| /techniques/T1613 | Container and Resource Discovery A-TITLE T1613 | |
| /techniques/T1622 | Text duplicate | Debugger Evasion A-TITLE T1622 |
| /techniques/T1652 | Device Driver Discovery A-TITLE T1652 | |
| /techniques/T1482 | Domain Trust Discovery A-TITLE T1482 | |
| /techniques/T1083 | File and Directory Discovery A-TITLE T1083 | |
| /techniques/T1615 | Group Policy Discovery A-TITLE T1615 | |
| /techniques/T1654 | Log Enumeration A-TITLE T1654 | |
| /techniques/T1046 | Network Service Discovery A-TITLE T1046 | |
| /techniques/T1135 | Network Share Discovery A-TITLE T1135 | |
| /techniques/T1040 | Text duplicate | Network Sniffing A-TITLE T1040 |
| /techniques/T1201 | Password Policy Discovery A-TITLE T1201 | |
| /techniques/T1120 | Peripheral Device Discovery A-TITLE T1120 | |
| /techniques/T1069 | Permission Groups Discovery (3) A-TITLE T1069 | |
| /techniques/T1069/001 | Local Groups A-TITLE T1069.001 | |
| /techniques/T1069/002 | Domain Groups A-TITLE T1069.002 | |
| /techniques/T1069/003 | Cloud Groups A-TITLE T1069.003 | |
| /techniques/T1057 | Process Discovery A-TITLE T1057 | |
| /techniques/T1012 | Query Registry A-TITLE T1012 | |
| /techniques/T1018 | Remote System Discovery A-TITLE T1018 | |
| /techniques/T1518 | Software Discovery (1) A-TITLE T1518 | |
| /techniques/T1518/001 | Security Software Discovery A-TITLE T1518.001 | |
| /techniques/T1082 | System Information Discovery A-TITLE T1082 | |
| /techniques/T1614 | System Location Discovery (1) A-TITLE T1614 | |
| /techniques/T1614/001 | System Language Discovery A-TITLE T1614.001 | |
| /techniques/T1016 | System Network Configuration Discovery (2) A-TITLE T1016 | |
| /techniques/T1016/001 | Internet Connection Discovery A-TITLE T1016.001 | |
| /techniques/T1016/002 | Wi-Fi Discovery A-TITLE T1016.002 | |
| /techniques/T1049 | System Network Connections Discovery A-TITLE T1049 | |
| /techniques/T1033 | System Owner/User Discovery A-TITLE T1033 | |
| /techniques/T1007 | System Service Discovery A-TITLE T1007 | |
| /techniques/T1124 | System Time Discovery A-TITLE T1124 | |
| /techniques/T1673 | Virtual Machine Discovery A-TITLE T1673 | |
| /techniques/T1497 | Text duplicate | Virtualization/Sandbox Evasion (3) A-TITLE T1497 |
| /techniques/T1497/001 | Text duplicate | System Checks A-TITLE T1497.001 |
| /techniques/T1497/002 | Text duplicate | User Activity Based Checks A-TITLE T1497.002 |
| /techniques/T1497/003 | Text duplicate | Time Based Evasion A-TITLE T1497.003 |
| /techniques/T1210 | Exploitation of Remote Services A-TITLE T1210 | |
| /techniques/T1534 | Internal Spearphishing A-TITLE T1534 | |
| /techniques/T1570 | Lateral Tool Transfer A-TITLE T1570 | |
| /techniques/T1563 | Remote Service Session Hijacking (2) A-TITLE T1563 | |
| /techniques/T1563/001 | SSH Hijacking A-TITLE T1563.001 | |
| /techniques/T1563/002 | RDP Hijacking A-TITLE T1563.002 | |
| /techniques/T1021 | Remote Services (8) A-TITLE T1021 | |
| /techniques/T1021/001 | Remote Desktop Protocol A-TITLE T1021.001 | |
| /techniques/T1021/002 | SMB/Windows Admin Shares A-TITLE T1021.002 | |
| /techniques/T1021/003 | Distributed Component Object Model A-TITLE T1021.003 | |
| /techniques/T1021/004 | SSH A-TITLE T1021.004 | |
| /techniques/T1021/005 | VNC A-TITLE T1021.005 | |
| /techniques/T1021/006 | Windows Remote Management A-TITLE T1021.006 | |
| /techniques/T1021/007 | Cloud Services A-TITLE T1021.007 | |
| /techniques/T1021/008 | Direct Cloud VM Connections A-TITLE T1021.008 | |
| /techniques/T1091 | Text duplicate | Replication Through Removable Media A-TITLE T1091 |
| /techniques/T1072 | Text duplicate | Software Deployment Tools A-TITLE T1072 |
| /techniques/T1080 | Taint Shared Content A-TITLE T1080 | |
| /techniques/T1550 | Text duplicate | Use Alternate Authentication Material (4) A-TITLE T1550 |
| /techniques/T1550/001 | Text duplicate | Application Access Token A-TITLE T1550.001 |
| /techniques/T1550/002 | Text duplicate | Pass the Hash A-TITLE T1550.002 |
| /techniques/T1550/003 | Text duplicate | Pass the Ticket A-TITLE T1550.003 |
| /techniques/T1550/004 | Text duplicate | Web Session Cookie A-TITLE T1550.004 |
| /techniques/T1557 | Text duplicate | Adversary-in-the-Middle (4) A-TITLE T1557 |
| /techniques/T1557/001 | Text duplicate | LLMNR/NBT-NS Poisoning and SMB Relay A-TITLE T1557.001 |
| /techniques/T1557/002 | Text duplicate | ARP Cache Poisoning A-TITLE T1557.002 |
| /techniques/T1557/003 | Text duplicate | DHCP Spoofing A-TITLE T1557.003 |
| /techniques/T1557/004 | Text duplicate | Evil Twin A-TITLE T1557.004 |
| /techniques/T1560 | Archive Collected Data (3) A-TITLE T1560 | |
| /techniques/T1560/001 | Archive via Utility A-TITLE T1560.001 | |
| /techniques/T1560/002 | Archive via Library A-TITLE T1560.002 | |
| /techniques/T1560/003 | Archive via Custom Method A-TITLE T1560.003 | |
| /techniques/T1123 | Audio Capture A-TITLE T1123 | |
| /techniques/T1119 | Automated Collection A-TITLE T1119 | |
| /techniques/T1185 | Browser Session Hijacking A-TITLE T1185 | |
| /techniques/T1115 | Clipboard Data A-TITLE T1115 | |
| /techniques/T1530 | Data from Cloud Storage A-TITLE T1530 | |
| /techniques/T1602 | Data from Configuration Repository (2) A-TITLE T1602 | |
| /techniques/T1602/001 | SNMP (MIB Dump) A-TITLE T1602.001 | |
| /techniques/T1602/002 | Network Device Configuration Dump A-TITLE T1602.002 | |
| /techniques/T1213 | Data from Information Repositories (5) A-TITLE T1213 | |
| /techniques/T1213/001 | Confluence A-TITLE T1213.001 | |
| /techniques/T1213/002 | Sharepoint A-TITLE T1213.002 | |
| /techniques/T1213/003 | Text duplicate | Code Repositories A-TITLE T1213.003 |
| /techniques/T1213/004 | Customer Relationship Management Software A-TITLE T1213.004 | |
| /techniques/T1213/005 | Messaging Applications A-TITLE T1213.005 | |
| /techniques/T1005 | Data from Local System A-TITLE T1005 | |
| /techniques/T1039 | Data from Network Shared Drive A-TITLE T1039 | |
| /techniques/T1025 | Data from Removable Media A-TITLE T1025 | |
| /techniques/T1074 | Data Staged (2) A-TITLE T1074 | |
| /techniques/T1074/001 | Local Data Staging A-TITLE T1074.001 | |
| /techniques/T1074/002 | Remote Data Staging A-TITLE T1074.002 | |
| /techniques/T1114 | Email Collection (3) A-TITLE T1114 | |
| /techniques/T1114/001 | Local Email Collection A-TITLE T1114.001 | |
| /techniques/T1114/002 | Remote Email Collection A-TITLE T1114.002 | |
| /techniques/T1114/003 | Email Forwarding Rule A-TITLE T1114.003 | |
| /techniques/T1056 | Text duplicate | Input Capture (4) A-TITLE T1056 |
| /techniques/T1056/001 | Text duplicate | Keylogging A-TITLE T1056.001 |
| /techniques/T1056/002 | Text duplicate | GUI Input Capture A-TITLE T1056.002 |
| /techniques/T1056/003 | Text duplicate | Web Portal Capture A-TITLE T1056.003 |
| /techniques/T1056/004 | Text duplicate | Credential API Hooking A-TITLE T1056.004 |
| /techniques/T1113 | Screen Capture A-TITLE T1113 | |
| /techniques/T1125 | Video Capture A-TITLE T1125 | |
| /techniques/T1071 | Application Layer Protocol (5) A-TITLE T1071 | |
| /techniques/T1071/001 | Web Protocols A-TITLE T1071.001 | |
| /techniques/T1071/002 | File Transfer Protocols A-TITLE T1071.002 | |
| /techniques/T1071/003 | Mail Protocols A-TITLE T1071.003 | |
| /techniques/T1071/004 | Text duplicate | DNS A-TITLE T1071.004 |
| /techniques/T1071/005 | Publish/Subscribe Protocols A-TITLE T1071.005 | |
| /techniques/T1092 | Communication Through Removable Media A-TITLE T1092 | |
| /techniques/T1659 | Text duplicate | Content Injection A-TITLE T1659 |
| /techniques/T1132 | Data Encoding (2) A-TITLE T1132 | |
| /techniques/T1132/001 | Standard Encoding A-TITLE T1132.001 | |
| /techniques/T1132/002 | Non-Standard Encoding A-TITLE T1132.002 | |
| /techniques/T1001 | Data Obfuscation (3) A-TITLE T1001 | |
| /techniques/T1001/001 | Junk Data A-TITLE T1001.001 | |
| /techniques/T1001/002 | Text duplicate | Steganography A-TITLE T1001.002 |
| /techniques/T1001/003 | Protocol or Service Impersonation A-TITLE T1001.003 | |
| /techniques/T1568 | Dynamic Resolution (3) A-TITLE T1568 | |
| /techniques/T1568/001 | Fast Flux DNS A-TITLE T1568.001 | |
| /techniques/T1568/002 | Domain Generation Algorithms A-TITLE T1568.002 | |
| /techniques/T1568/003 | DNS Calculation A-TITLE T1568.003 | |
| /techniques/T1573 | Encrypted Channel (2) A-TITLE T1573 | |
| /techniques/T1573/001 | Symmetric Cryptography A-TITLE T1573.001 | |
| /techniques/T1573/002 | Asymmetric Cryptography A-TITLE T1573.002 | |
| /techniques/T1008 | Fallback Channels A-TITLE T1008 | |
| /techniques/T1665 | Hide Infrastructure A-TITLE T1665 | |
| /techniques/T1105 | Ingress Tool Transfer A-TITLE T1105 | |
| /techniques/T1104 | Multi-Stage Channels A-TITLE T1104 | |
| /techniques/T1095 | Non-Application Layer Protocol A-TITLE T1095 | |
| /techniques/T1571 | Non-Standard Port A-TITLE T1571 | |
| /techniques/T1572 | Protocol Tunneling A-TITLE T1572 | |
| /techniques/T1090 | Proxy (4) A-TITLE T1090 | |
| /techniques/T1090/001 | Internal Proxy A-TITLE T1090.001 | |
| /techniques/T1090/002 | External Proxy A-TITLE T1090.002 | |
| /techniques/T1090/003 | Multi-hop Proxy A-TITLE T1090.003 | |
| /techniques/T1090/004 | Domain Fronting A-TITLE T1090.004 | |
| /techniques/T1219 | Remote Access Tools (3) A-TITLE T1219 | |
| /techniques/T1219/001 | IDE Tunneling A-TITLE T1219.001 | |
| /techniques/T1219/002 | Remote Desktop Software A-TITLE T1219.002 | |
| /techniques/T1219/003 | Remote Access Hardware A-TITLE T1219.003 | |
| /techniques/T1205 | Text duplicate | Traffic Signaling (2) A-TITLE T1205 |
| /techniques/T1205/001 | Text duplicate | Port Knocking A-TITLE T1205.001 |
| /techniques/T1205/002 | Text duplicate | Socket Filters A-TITLE T1205.002 |
| /techniques/T1102 | Web Service (3) A-TITLE T1102 | |
| /techniques/T1102/001 | Dead Drop Resolver A-TITLE T1102.001 | |
| /techniques/T1102/002 | Bidirectional Communication A-TITLE T1102.002 | |
| /techniques/T1102/003 | One-Way Communication A-TITLE T1102.003 | |
| /techniques/T1020 | Automated Exfiltration (1) A-TITLE T1020 | |
| /techniques/T1020/001 | Traffic Duplication A-TITLE T1020.001 | |
| /techniques/T1030 | Data Transfer Size Limits A-TITLE T1030 | |
| /techniques/T1048 | Exfiltration Over Alternative Protocol (3) A-TITLE T1048 | |
| /techniques/T1048/001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol A-TITLE T1048.001 | |
| /techniques/T1048/002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol A-TITLE T1048.002 | |
| /techniques/T1048/003 | Exfiltration Over Unencrypted Non-C2 Protocol A-TITLE T1048.003 | |
| /techniques/T1041 | Exfiltration Over C2 Channel A-TITLE T1041 | |
| /techniques/T1011 | Exfiltration Over Other Network Medium (1) A-TITLE T1011 | |
| /techniques/T1011/001 | Exfiltration Over Bluetooth A-TITLE T1011.001 | |
| /techniques/T1052 | Exfiltration Over Physical Medium (1) A-TITLE T1052 | |
| /techniques/T1052/001 | Exfiltration over USB A-TITLE T1052.001 | |
| /techniques/T1567 | Exfiltration Over Web Service (4) A-TITLE T1567 | |
| /techniques/T1567/001 | Exfiltration to Code Repository A-TITLE T1567.001 | |
| /techniques/T1567/002 | Exfiltration to Cloud Storage A-TITLE T1567.002 | |
| /techniques/T1567/003 | Exfiltration to Text Storage Sites A-TITLE T1567.003 | |
| /techniques/T1567/004 | Exfiltration Over Webhook A-TITLE T1567.004 | |
| /techniques/T1029 | Scheduled Transfer A-TITLE T1029 | |
| /techniques/T1537 | Transfer Data to Cloud Account A-TITLE T1537 | |
| /techniques/T1531 | Account Access Removal A-TITLE T1531 | |
| /techniques/T1485 | Data Destruction (1) A-TITLE T1485 | |
| /techniques/T1485/001 | Lifecycle-Triggered Deletion A-TITLE T1485.001 | |
| /techniques/T1486 | Data Encrypted for Impact A-TITLE T1486 | |
| /techniques/T1565 | Data Manipulation (3) A-TITLE T1565 | |
| /techniques/T1565/001 | Stored Data Manipulation A-TITLE T1565.001 | |
| /techniques/T1565/002 | Transmitted Data Manipulation A-TITLE T1565.002 | |
| /techniques/T1565/003 | Runtime Data Manipulation A-TITLE T1565.003 | |
| /techniques/T1491 | Defacement (2) A-TITLE T1491 | |
| /techniques/T1491/001 | Internal Defacement A-TITLE T1491.001 | |
| /techniques/T1491/002 | External Defacement A-TITLE T1491.002 | |
| /techniques/T1561 | Disk Wipe (2) A-TITLE T1561 | |
| /techniques/T1561/001 | Disk Content Wipe A-TITLE T1561.001 | |
| /techniques/T1561/002 | Disk Structure Wipe A-TITLE T1561.002 | |
| /techniques/T1667 | Email Bombing A-TITLE T1667 | |
| /techniques/T1499 | Endpoint Denial of Service (4) A-TITLE T1499 | |
| /techniques/T1499/001 | OS Exhaustion Flood A-TITLE T1499.001 | |
| /techniques/T1499/002 | Service Exhaustion Flood A-TITLE T1499.002 | |
| /techniques/T1499/003 | Application Exhaustion Flood A-TITLE T1499.003 | |
| /techniques/T1499/004 | Application or System Exploitation A-TITLE T1499.004 | |
| /techniques/T1657 | Financial Theft A-TITLE T1657 | |
| /techniques/T1495 | Firmware Corruption A-TITLE T1495 | |
| /techniques/T1490 | Inhibit System Recovery A-TITLE T1490 | |
| /techniques/T1498 | Network Denial of Service (2) A-TITLE T1498 | |
| /techniques/T1498/001 | Direct Network Flood A-TITLE T1498.001 | |
| /techniques/T1498/002 | Reflection Amplification A-TITLE T1498.002 | |
| /techniques/T1496 | Resource Hijacking (4) A-TITLE T1496 | |
| /techniques/T1496/001 | Compute Hijacking A-TITLE T1496.001 | |
| /techniques/T1496/002 | Bandwidth Hijacking A-TITLE T1496.002 | |
| /techniques/T1496/003 | SMS Pumping A-TITLE T1496.003 | |
| /techniques/T1496/004 | Cloud Service Hijacking A-TITLE T1496.004 | |
| /techniques/T1489 | Service Stop A-TITLE T1489 | |
| /techniques/T1529 | System Shutdown/Reboot A-TITLE T1529 | |
| /tactics/TA0043 | Text duplicate | Reconnaissance A-TITLE TA0043 |
| /tactics/TA0042 | Text duplicate | Resource Development A-TITLE TA0042 |
| /tactics/TA0001 | Text duplicate | Initial Access A-TITLE TA0001 |
| /tactics/TA0002 | Text duplicate | Execution A-TITLE TA0002 |
| /tactics/TA0003 | Text duplicate | Persistence A-TITLE TA0003 |
| /tactics/TA0004 | Text duplicate | Privilege Escalation A-TITLE TA0004 |
| /tactics/TA0005 | Text duplicate | Defense Evasion A-TITLE TA0005 |
| /tactics/TA0006 | Text duplicate | Credential Access A-TITLE TA0006 |
| /tactics/TA0007 | Text duplicate | Discovery A-TITLE TA0007 |
| /tactics/TA0008 | Text duplicate | Lateral Movement A-TITLE TA0008 |
| /tactics/TA0009 | Text duplicate | Collection A-TITLE TA0009 |
| /tactics/TA0011 | Text duplicate | Command and Control A-TITLE TA0011 |
| /tactics/TA0010 | Text duplicate | Exfiltration A-TITLE TA0010 |
| /tactics/TA0040 | Text duplicate | Impact A-TITLE TA0040 |
| /techniques/T1595 | Text duplicate | Active Scanning (3) A-TITLE T1595 |
| /techniques/T1595/001 | Text duplicate | Scanning IP Blocks A-TITLE T1595.001 |
| /techniques/T1595/002 | Text duplicate | Vulnerability Scanning A-TITLE T1595.002 |
| /techniques/T1595/003 | Text duplicate | Wordlist Scanning A-TITLE T1595.003 |
| /techniques/T1592 | Text duplicate | Gather Victim Host Information (4) A-TITLE T1592 |
| /techniques/T1592/001 | Text duplicate | Hardware A-TITLE T1592.001 |
| /techniques/T1592/002 | Text duplicate | Software A-TITLE T1592.002 |
| /techniques/T1592/003 | Text duplicate | Firmware A-TITLE T1592.003 |
| /techniques/T1592/004 | Text duplicate | Client Configurations A-TITLE T1592.004 |
| /techniques/T1589 | Text duplicate | Gather Victim Identity Information (3) A-TITLE T1589 |
| /techniques/T1589/001 | Text duplicate | Credentials A-TITLE T1589.001 |
| /techniques/T1589/002 | Text duplicate | Email Addresses A-TITLE T1589.002 |
| /techniques/T1589/003 | Text duplicate | Employee Names A-TITLE T1589.003 |
| /techniques/T1590 | Text duplicate | Gather Victim Network Information (6) A-TITLE T1590 |
| /techniques/T1590/001 | Text duplicate | Domain Properties A-TITLE T1590.001 |
| /techniques/T1590/002 | Text duplicate | DNS A-TITLE T1590.002 |
| /techniques/T1590/003 | Text duplicate | Network Trust Dependencies A-TITLE T1590.003 |
| /techniques/T1590/004 | Text duplicate | Network Topology A-TITLE T1590.004 |
| /techniques/T1590/005 | Text duplicate | IP Addresses A-TITLE T1590.005 |
| /techniques/T1590/006 | Text duplicate | Network Security Appliances A-TITLE T1590.006 |
| /techniques/T1591 | Text duplicate | Gather Victim Org Information (4) A-TITLE T1591 |
| /techniques/T1591/001 | Text duplicate | Determine Physical Locations A-TITLE T1591.001 |
| /techniques/T1591/002 | Text duplicate | Business Relationships A-TITLE T1591.002 |
| /techniques/T1591/003 | Text duplicate | Identify Business Tempo A-TITLE T1591.003 |
| /techniques/T1591/004 | Text duplicate | Identify Roles A-TITLE T1591.004 |
| /techniques/T1598 | Text duplicate | Phishing for Information (4) A-TITLE T1598 |
| /techniques/T1598/001 | Text duplicate | Spearphishing Service A-TITLE T1598.001 |
| /techniques/T1598/002 | Text duplicate | Spearphishing Attachment A-TITLE T1598.002 |
| /techniques/T1598/003 | Text duplicate | Spearphishing Link A-TITLE T1598.003 |
| /techniques/T1598/004 | Text duplicate | Spearphishing Voice A-TITLE T1598.004 |
| /techniques/T1597 | Text duplicate | Search Closed Sources (2) A-TITLE T1597 |
| /techniques/T1597/001 | Text duplicate | Threat Intel Vendors A-TITLE T1597.001 |
| /techniques/T1597/002 | Text duplicate | Purchase Technical Data A-TITLE T1597.002 |
| /techniques/T1596 | Text duplicate | Search Open Technical Databases (5) A-TITLE T1596 |
| /techniques/T1596/001 | Text duplicate | DNS/Passive DNS A-TITLE T1596.001 |
| /techniques/T1596/002 | Text duplicate | WHOIS A-TITLE T1596.002 |
| /techniques/T1596/003 | Text duplicate | Digital Certificates A-TITLE T1596.003 |
| /techniques/T1596/004 | Text duplicate | CDNs A-TITLE T1596.004 |
| /techniques/T1596/005 | Text duplicate | Scan Databases A-TITLE T1596.005 |
| /techniques/T1593 | Text duplicate | Search Open Websites/Domains (3) A-TITLE T1593 |
| /techniques/T1593/001 | Text duplicate | Social Media A-TITLE T1593.001 |
| /techniques/T1593/002 | Text duplicate | Search Engines A-TITLE T1593.002 |
| /techniques/T1593/003 | Text duplicate | Code Repositories A-TITLE T1593.003 |
| /techniques/T1594 | Text duplicate | Search Victim-Owned Websites A-TITLE T1594 |
| /techniques/T1650 | Text duplicate | Acquire Access A-TITLE T1650 |
| /techniques/T1583 | Text duplicate | Acquire Infrastructure (8) A-TITLE T1583 |
| /techniques/T1583/001 | Text duplicate | Domains A-TITLE T1583.001 |
| /techniques/T1583/002 | Text duplicate | DNS Server A-TITLE T1583.002 |
| /techniques/T1583/003 | Text duplicate | Virtual Private Server A-TITLE T1583.003 |
| /techniques/T1583/004 | Text duplicate | Server A-TITLE T1583.004 |
| /techniques/T1583/005 | Text duplicate | Botnet A-TITLE T1583.005 |
| /techniques/T1583/006 | Text duplicate | Web Services A-TITLE T1583.006 |
| /techniques/T1583/007 | Text duplicate | Serverless A-TITLE T1583.007 |
| /techniques/T1583/008 | Text duplicate | Malvertising A-TITLE T1583.008 |
| /techniques/T1586 | Text duplicate | Compromise Accounts (3) A-TITLE T1586 |
| /techniques/T1586/001 | Text duplicate | Social Media Accounts A-TITLE T1586.001 |
| /techniques/T1586/002 | Text duplicate | Email Accounts A-TITLE T1586.002 |
| /techniques/T1586/003 | Text duplicate | Cloud Accounts A-TITLE T1586.003 |
| /techniques/T1584 | Text duplicate | Compromise Infrastructure (8) A-TITLE T1584 |
| /techniques/T1584/001 | Text duplicate | Domains A-TITLE T1584.001 |
| /techniques/T1584/002 | Text duplicate | DNS Server A-TITLE T1584.002 |
| /techniques/T1584/003 | Text duplicate | Virtual Private Server A-TITLE T1584.003 |
| /techniques/T1584/004 | Text duplicate | Server A-TITLE T1584.004 |
| /techniques/T1584/005 | Text duplicate | Botnet A-TITLE T1584.005 |
| /techniques/T1584/006 | Text duplicate | Web Services A-TITLE T1584.006 |
| /techniques/T1584/007 | Text duplicate | Serverless A-TITLE T1584.007 |
| /techniques/T1584/008 | Text duplicate | Network Devices A-TITLE T1584.008 |
| /techniques/T1587 | Text duplicate | Develop Capabilities (4) A-TITLE T1587 |
| /techniques/T1587/001 | Text duplicate | Malware A-TITLE T1587.001 |
| /techniques/T1587/002 | Text duplicate | Code Signing Certificates A-TITLE T1587.002 |
| /techniques/T1587/003 | Text duplicate | Digital Certificates A-TITLE T1587.003 |
| /techniques/T1587/004 | Text duplicate | Exploits A-TITLE T1587.004 |
| /techniques/T1585 | Text duplicate | Establish Accounts (3) A-TITLE T1585 |
| /techniques/T1585/001 | Text duplicate | Social Media Accounts A-TITLE T1585.001 |
| /techniques/T1585/002 | Text duplicate | Email Accounts A-TITLE T1585.002 |
| /techniques/T1585/003 | Text duplicate | Cloud Accounts A-TITLE T1585.003 |
| /techniques/T1588 | Text duplicate | Obtain Capabilities (7) A-TITLE T1588 |
| /techniques/T1588/001 | Text duplicate | Malware A-TITLE T1588.001 |
| /techniques/T1588/002 | Text duplicate | Tool A-TITLE T1588.002 |
| /techniques/T1588/003 | Text duplicate | Code Signing Certificates A-TITLE T1588.003 |
| /techniques/T1588/004 | Text duplicate | Digital Certificates A-TITLE T1588.004 |
| /techniques/T1588/005 | Text duplicate | Exploits A-TITLE T1588.005 |
| /techniques/T1588/006 | Text duplicate | Vulnerabilities A-TITLE T1588.006 |
| /techniques/T1588/007 | Text duplicate | Artificial Intelligence A-TITLE T1588.007 |
| /techniques/T1608 | Text duplicate | Stage Capabilities (6) A-TITLE T1608 |
| /techniques/T1608/001 | Text duplicate | Upload Malware A-TITLE T1608.001 |
| /techniques/T1608/002 | Text duplicate | Upload Tool A-TITLE T1608.002 |
| /techniques/T1608/003 | Text duplicate | Install Digital Certificate A-TITLE T1608.003 |
| /techniques/T1608/004 | Text duplicate | Drive-by Target A-TITLE T1608.004 |
| /techniques/T1608/005 | Text duplicate | Link Target A-TITLE T1608.005 |
| /techniques/T1608/006 | Text duplicate | SEO Poisoning A-TITLE T1608.006 |
| /techniques/T1659 | Text duplicate | Content Injection A-TITLE T1659 |
| /techniques/T1189 | Text duplicate | Drive-by Compromise A-TITLE T1189 |
| /techniques/T1190 | Text duplicate | Exploit Public-Facing Application A-TITLE T1190 |
| /techniques/T1133 | Text duplicate | External Remote Services A-TITLE T1133 |
| /techniques/T1200 | Text duplicate | Hardware Additions A-TITLE T1200 |
| /techniques/T1566 | Text duplicate | Phishing (4) A-TITLE T1566 |
| /techniques/T1566/001 | Text duplicate | Spearphishing Attachment A-TITLE T1566.001 |
| /techniques/T1566/002 | Text duplicate | Spearphishing Link A-TITLE T1566.002 |
| /techniques/T1566/003 | Text duplicate | Spearphishing via Service A-TITLE T1566.003 |
| /techniques/T1566/004 | Text duplicate | Spearphishing Voice A-TITLE T1566.004 |
| /techniques/T1091 | Text duplicate | Replication Through Removable Media A-TITLE T1091 |
| /techniques/T1195 | Text duplicate | Supply Chain Compromise (3) A-TITLE T1195 |
| /techniques/T1195/001 | Text duplicate | Compromise Software Dependencies and Development Tools A-TITLE T1195.001 |
| /techniques/T1195/002 | Text duplicate | Compromise Software Supply Chain A-TITLE T1195.002 |
| /techniques/T1195/003 | Text duplicate | Compromise Hardware Supply Chain A-TITLE T1195.003 |
| /techniques/T1199 | Text duplicate | Trusted Relationship A-TITLE T1199 |
| /techniques/T1078 | Text duplicate | Valid Accounts (4) A-TITLE T1078 |
| /techniques/T1078/001 | Text duplicate | Default Accounts A-TITLE T1078.001 |
| /techniques/T1078/002 | Text duplicate | Domain Accounts A-TITLE T1078.002 |
| /techniques/T1078/003 | Text duplicate | Local Accounts A-TITLE T1078.003 |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1669 | Text duplicate | Wi-Fi Networks A-TITLE T1669 |
| /techniques/T1651 | Text duplicate | Cloud Administration Command A-TITLE T1651 |
| /techniques/T1059 | Text duplicate | Command and Scripting Interpreter (12) A-TITLE T1059 |
| /techniques/T1059/001 | Text duplicate | PowerShell A-TITLE T1059.001 |
| /techniques/T1059/002 | Text duplicate | AppleScript A-TITLE T1059.002 |
| /techniques/T1059/003 | Text duplicate | Windows Command Shell A-TITLE T1059.003 |
| /techniques/T1059/004 | Text duplicate | Unix Shell A-TITLE T1059.004 |
| /techniques/T1059/005 | Text duplicate | Visual Basic A-TITLE T1059.005 |
| /techniques/T1059/006 | Text duplicate | Python A-TITLE T1059.006 |
| /techniques/T1059/007 | Text duplicate | JavaScript A-TITLE T1059.007 |
| /techniques/T1059/008 | Text duplicate | Network Device CLI A-TITLE T1059.008 |
| /techniques/T1059/009 | Text duplicate | Cloud API A-TITLE T1059.009 |
| /techniques/T1059/010 | Text duplicate | AutoHotKey & AutoIT A-TITLE T1059.010 |
| /techniques/T1059/011 | Text duplicate | Lua A-TITLE T1059.011 |
| /techniques/T1059/012 | Text duplicate | Hypervisor CLI A-TITLE T1059.012 |
| /techniques/T1609 | Text duplicate | Container Administration Command A-TITLE T1609 |
| /techniques/T1610 | Text duplicate | Deploy Container A-TITLE T1610 |
| /techniques/T1675 | Text duplicate | ESXi Administration Command A-TITLE T1675 |
| /techniques/T1203 | Text duplicate | Exploitation for Client Execution A-TITLE T1203 |
| /techniques/T1674 | Text duplicate | Input Injection A-TITLE T1674 |
| /techniques/T1559 | Text duplicate | Inter-Process Communication (3) A-TITLE T1559 |
| /techniques/T1559/001 | Text duplicate | Component Object Model A-TITLE T1559.001 |
| /techniques/T1559/002 | Text duplicate | Dynamic Data Exchange A-TITLE T1559.002 |
| /techniques/T1559/003 | Text duplicate | XPC Services A-TITLE T1559.003 |
| /techniques/T1106 | Text duplicate | Native API A-TITLE T1106 |
| /techniques/T1053 | Text duplicate | Scheduled Task/Job (5) A-TITLE T1053 |
| /techniques/T1053/002 | Text duplicate | At A-TITLE T1053.002 |
| /techniques/T1053/003 | Text duplicate | Cron A-TITLE T1053.003 |
| /techniques/T1053/005 | Text duplicate | Scheduled Task A-TITLE T1053.005 |
| /techniques/T1053/006 | Text duplicate | Systemd Timers A-TITLE T1053.006 |
| /techniques/T1053/007 | Text duplicate | Container Orchestration Job A-TITLE T1053.007 |
| /techniques/T1648 | Text duplicate | Serverless Execution A-TITLE T1648 |
| /techniques/T1129 | Text duplicate | Shared Modules A-TITLE T1129 |
| /techniques/T1072 | Text duplicate | Software Deployment Tools A-TITLE T1072 |
| /techniques/T1569 | Text duplicate | System Services (3) A-TITLE T1569 |
| /techniques/T1569/001 | Text duplicate | Launchctl A-TITLE T1569.001 |
| /techniques/T1569/002 | Text duplicate | Service Execution A-TITLE T1569.002 |
| /techniques/T1569/003 | Text duplicate | Systemctl A-TITLE T1569.003 |
| /techniques/T1204 | Text duplicate | User Execution (4) A-TITLE T1204 |
| /techniques/T1204/001 | Text duplicate | Malicious Link A-TITLE T1204.001 |
| /techniques/T1204/002 | Text duplicate | Malicious File A-TITLE T1204.002 |
| /techniques/T1204/003 | Text duplicate | Malicious Image A-TITLE T1204.003 |
| /techniques/T1204/004 | Text duplicate | Malicious Copy and Paste A-TITLE T1204.004 |
| /techniques/T1047 | Text duplicate | Windows Management Instrumentation A-TITLE T1047 |
| /techniques/T1098 | Text duplicate | Account Manipulation (7) A-TITLE T1098 |
| /techniques/T1098/001 | Text duplicate | Additional Cloud Credentials A-TITLE T1098.001 |
| /techniques/T1098/002 | Text duplicate | Additional Email Delegate Permissions A-TITLE T1098.002 |
| /techniques/T1098/003 | Text duplicate | Additional Cloud Roles A-TITLE T1098.003 |
| /techniques/T1098/004 | Text duplicate | SSH Authorized Keys A-TITLE T1098.004 |
| /techniques/T1098/005 | Text duplicate | Device Registration A-TITLE T1098.005 |
| /techniques/T1098/006 | Text duplicate | Additional Container Cluster Roles A-TITLE T1098.006 |
| /techniques/T1098/007 | Text duplicate | Additional Local or Domain Groups A-TITLE T1098.007 |
| /techniques/T1197 | Text duplicate | BITS Jobs A-TITLE T1197 |
| /techniques/T1547 | Text duplicate | Boot or Logon Autostart Execution (14) A-TITLE T1547 |
| /techniques/T1547/001 | Text duplicate | Registry Run Keys / Startup Folder A-TITLE T1547.001 |
| /techniques/T1547/002 | Text duplicate | Authentication Package A-TITLE T1547.002 |
| /techniques/T1547/003 | Text duplicate | Time Providers A-TITLE T1547.003 |
| /techniques/T1547/004 | Text duplicate | Winlogon Helper DLL A-TITLE T1547.004 |
| /techniques/T1547/005 | Text duplicate | Security Support Provider A-TITLE T1547.005 |
| /techniques/T1547/006 | Text duplicate | Kernel Modules and Extensions A-TITLE T1547.006 |
| /techniques/T1547/007 | Text duplicate | Re-opened Applications A-TITLE T1547.007 |
| /techniques/T1547/008 | Text duplicate | LSASS Driver A-TITLE T1547.008 |
| /techniques/T1547/009 | Text duplicate | Shortcut Modification A-TITLE T1547.009 |
| /techniques/T1547/010 | Text duplicate | Port Monitors A-TITLE T1547.010 |
| /techniques/T1547/012 | Text duplicate | Print Processors A-TITLE T1547.012 |
| /techniques/T1547/013 | Text duplicate | XDG Autostart Entries A-TITLE T1547.013 |
| /techniques/T1547/014 | Text duplicate | Active Setup A-TITLE T1547.014 |
| /techniques/T1547/015 | Text duplicate | Login Items A-TITLE T1547.015 |
| /techniques/T1037 | Text duplicate | Boot or Logon Initialization Scripts (5) A-TITLE T1037 |
| /techniques/T1037/001 | Text duplicate | Logon Script (Windows) A-TITLE T1037.001 |
| /techniques/T1037/002 | Text duplicate | Login Hook A-TITLE T1037.002 |
| /techniques/T1037/003 | Text duplicate | Network Logon Script A-TITLE T1037.003 |
| /techniques/T1037/004 | Text duplicate | RC Scripts A-TITLE T1037.004 |
| /techniques/T1037/005 | Text duplicate | Startup Items A-TITLE T1037.005 |
| /techniques/T1671 | Text duplicate | Cloud Application Integration A-TITLE T1671 |
| /techniques/T1554 | Text duplicate | Compromise Host Software Binary A-TITLE T1554 |
| /techniques/T1136 | Text duplicate | Create Account (3) A-TITLE T1136 |
| /techniques/T1136/001 | Text duplicate | Local Account A-TITLE T1136.001 |
| /techniques/T1136/002 | Text duplicate | Domain Account A-TITLE T1136.002 |
| /techniques/T1136/003 | Text duplicate | Cloud Account A-TITLE T1136.003 |
| /techniques/T1543 | Text duplicate | Create or Modify System Process (5) A-TITLE T1543 |
| /techniques/T1543/001 | Text duplicate | Launch Agent A-TITLE T1543.001 |
| /techniques/T1543/002 | Text duplicate | Systemd Service A-TITLE T1543.002 |
| /techniques/T1543/003 | Text duplicate | Windows Service A-TITLE T1543.003 |
| /techniques/T1543/004 | Text duplicate | Launch Daemon A-TITLE T1543.004 |
| /techniques/T1543/005 | Text duplicate | Container Service A-TITLE T1543.005 |
| /techniques/T1546 | Text duplicate | Event Triggered Execution (17) A-TITLE T1546 |
| /techniques/T1546/001 | Text duplicate | Change Default File Association A-TITLE T1546.001 |
| /techniques/T1546/002 | Text duplicate | Screensaver A-TITLE T1546.002 |
| /techniques/T1546/003 | Text duplicate | Windows Management Instrumentation Event Subscription A-TITLE T1546.003 |
| /techniques/T1546/004 | Text duplicate | Unix Shell Configuration Modification A-TITLE T1546.004 |
| /techniques/T1546/005 | Text duplicate | Trap A-TITLE T1546.005 |
| /techniques/T1546/006 | Text duplicate | LC_LOAD_DYLIB Addition A-TITLE T1546.006 |
| /techniques/T1546/007 | Text duplicate | Netsh Helper DLL A-TITLE T1546.007 |
| /techniques/T1546/008 | Text duplicate | Accessibility Features A-TITLE T1546.008 |
| /techniques/T1546/009 | Text duplicate | AppCert DLLs A-TITLE T1546.009 |
| /techniques/T1546/010 | Text duplicate | AppInit DLLs A-TITLE T1546.010 |
| /techniques/T1546/011 | Text duplicate | Application Shimming A-TITLE T1546.011 |
| /techniques/T1546/012 | Text duplicate | Image File Execution Options Injection A-TITLE T1546.012 |
| /techniques/T1546/013 | Text duplicate | PowerShell Profile A-TITLE T1546.013 |
| /techniques/T1546/014 | Text duplicate | Emond A-TITLE T1546.014 |
| /techniques/T1546/015 | Text duplicate | Component Object Model Hijacking A-TITLE T1546.015 |
| /techniques/T1546/016 | Text duplicate | Installer Packages A-TITLE T1546.016 |
| /techniques/T1546/017 | Text duplicate | Udev Rules A-TITLE T1546.017 |
| /techniques/T1668 | Text duplicate | Exclusive Control A-TITLE T1668 |
| /techniques/T1133 | Text duplicate | External Remote Services A-TITLE T1133 |
| /techniques/T1574 | Text duplicate | Hijack Execution Flow (12) A-TITLE T1574 |
| /techniques/T1574/001 | Text duplicate | DLL A-TITLE T1574.001 |
| /techniques/T1574/004 | Text duplicate | Dylib Hijacking A-TITLE T1574.004 |
| /techniques/T1574/005 | Text duplicate | Executable Installer File Permissions Weakness A-TITLE T1574.005 |
| /techniques/T1574/006 | Text duplicate | Dynamic Linker Hijacking A-TITLE T1574.006 |
| /techniques/T1574/007 | Text duplicate | Path Interception by PATH Environment Variable A-TITLE T1574.007 |
| /techniques/T1574/008 | Text duplicate | Path Interception by Search Order Hijacking A-TITLE T1574.008 |
| /techniques/T1574/009 | Text duplicate | Path Interception by Unquoted Path A-TITLE T1574.009 |
| /techniques/T1574/010 | Text duplicate | Services File Permissions Weakness A-TITLE T1574.010 |
| /techniques/T1574/011 | Text duplicate | Services Registry Permissions Weakness A-TITLE T1574.011 |
| /techniques/T1574/012 | Text duplicate | COR_PROFILER A-TITLE T1574.012 |
| /techniques/T1574/013 | Text duplicate | KernelCallbackTable A-TITLE T1574.013 |
| /techniques/T1574/014 | Text duplicate | AppDomainManager A-TITLE T1574.014 |
| /techniques/T1525 | Text duplicate | Implant Internal Image A-TITLE T1525 |
| /techniques/T1556 | Text duplicate | Modify Authentication Process (9) A-TITLE T1556 |
| /techniques/T1556/001 | Text duplicate | Domain Controller Authentication A-TITLE T1556.001 |
| /techniques/T1556/002 | Text duplicate | Password Filter DLL A-TITLE T1556.002 |
| /techniques/T1556/003 | Text duplicate | Pluggable Authentication Modules A-TITLE T1556.003 |
| /techniques/T1556/004 | Text duplicate | Network Device Authentication A-TITLE T1556.004 |
| /techniques/T1556/005 | Text duplicate | Reversible Encryption A-TITLE T1556.005 |
| /techniques/T1556/006 | Text duplicate | Multi-Factor Authentication A-TITLE T1556.006 |
| /techniques/T1556/007 | Text duplicate | Hybrid Identity A-TITLE T1556.007 |
| /techniques/T1556/008 | Text duplicate | Network Provider DLL A-TITLE T1556.008 |
| /techniques/T1556/009 | Text duplicate | Conditional Access Policies A-TITLE T1556.009 |
| /techniques/T1112 | Text duplicate | Modify Registry A-TITLE T1112 |
| /techniques/T1137 | Text duplicate | Office Application Startup (6) A-TITLE T1137 |
| /techniques/T1137/001 | Text duplicate | Office Template Macros A-TITLE T1137.001 |
| /techniques/T1137/002 | Text duplicate | Office Test A-TITLE T1137.002 |
| /techniques/T1137/003 | Text duplicate | Outlook Forms A-TITLE T1137.003 |
| /techniques/T1137/004 | Text duplicate | Outlook Home Page A-TITLE T1137.004 |
| /techniques/T1137/005 | Text duplicate | Outlook Rules A-TITLE T1137.005 |
| /techniques/T1137/006 | Text duplicate | Add-ins A-TITLE T1137.006 |
| /techniques/T1653 | Text duplicate | Power Settings A-TITLE T1653 |
| /techniques/T1542 | Text duplicate | Pre-OS Boot (5) A-TITLE T1542 |
| /techniques/T1542/001 | Text duplicate | System Firmware A-TITLE T1542.001 |
| /techniques/T1542/002 | Text duplicate | Component Firmware A-TITLE T1542.002 |
| /techniques/T1542/003 | Text duplicate | Bootkit A-TITLE T1542.003 |
| /techniques/T1542/004 | Text duplicate | ROMMONkit A-TITLE T1542.004 |
| /techniques/T1542/005 | Text duplicate | TFTP Boot A-TITLE T1542.005 |
| /techniques/T1053 | Text duplicate | Scheduled Task/Job (5) A-TITLE T1053 |
| /techniques/T1053/002 | Text duplicate | At A-TITLE T1053.002 |
| /techniques/T1053/003 | Text duplicate | Cron A-TITLE T1053.003 |
| /techniques/T1053/005 | Text duplicate | Scheduled Task A-TITLE T1053.005 |
| /techniques/T1053/006 | Text duplicate | Systemd Timers A-TITLE T1053.006 |
| /techniques/T1053/007 | Text duplicate | Container Orchestration Job A-TITLE T1053.007 |
| /techniques/T1505 | Text duplicate | Server Software Component (6) A-TITLE T1505 |
| /techniques/T1505/001 | Text duplicate | SQL Stored Procedures A-TITLE T1505.001 |
| /techniques/T1505/002 | Text duplicate | Transport Agent A-TITLE T1505.002 |
| /techniques/T1505/003 | Text duplicate | Web Shell A-TITLE T1505.003 |
| /techniques/T1505/004 | Text duplicate | IIS Components A-TITLE T1505.004 |
| /techniques/T1505/005 | Text duplicate | Terminal Services DLL A-TITLE T1505.005 |
| /techniques/T1505/006 | Text duplicate | vSphere Installation Bundles A-TITLE T1505.006 |
| /techniques/T1176 | Text duplicate | Software Extensions (2) A-TITLE T1176 |
| /techniques/T1176/001 | Text duplicate | Browser Extensions A-TITLE T1176.001 |
| /techniques/T1176/002 | Text duplicate | IDE Extensions A-TITLE T1176.002 |
| /techniques/T1205 | Text duplicate | Traffic Signaling (2) A-TITLE T1205 |
| /techniques/T1205/001 | Text duplicate | Port Knocking A-TITLE T1205.001 |
| /techniques/T1205/002 | Text duplicate | Socket Filters A-TITLE T1205.002 |
| /techniques/T1078 | Text duplicate | Valid Accounts (4) A-TITLE T1078 |
| /techniques/T1078/001 | Text duplicate | Default Accounts A-TITLE T1078.001 |
| /techniques/T1078/002 | Text duplicate | Domain Accounts A-TITLE T1078.002 |
| /techniques/T1078/003 | Text duplicate | Local Accounts A-TITLE T1078.003 |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1548 | Text duplicate | Abuse Elevation Control Mechanism (6) A-TITLE T1548 |
| /techniques/T1548/001 | Text duplicate | Setuid and Setgid A-TITLE T1548.001 |
| /techniques/T1548/002 | Text duplicate | Bypass User Account Control A-TITLE T1548.002 |
| /techniques/T1548/003 | Text duplicate | Sudo and Sudo Caching A-TITLE T1548.003 |
| /techniques/T1548/004 | Text duplicate | Elevated Execution with Prompt A-TITLE T1548.004 |
| /techniques/T1548/005 | Text duplicate | Temporary Elevated Cloud Access A-TITLE T1548.005 |
| /techniques/T1548/006 | Text duplicate | TCC Manipulation A-TITLE T1548.006 |
| /techniques/T1134 | Text duplicate | Access Token Manipulation (5) A-TITLE T1134 |
| /techniques/T1134/001 | Text duplicate | Token Impersonation/Theft A-TITLE T1134.001 |
| /techniques/T1134/002 | Text duplicate | Create Process with Token A-TITLE T1134.002 |
| /techniques/T1134/003 | Text duplicate | Make and Impersonate Token A-TITLE T1134.003 |
| /techniques/T1134/004 | Text duplicate | Parent PID Spoofing A-TITLE T1134.004 |
| /techniques/T1134/005 | Text duplicate | SID-History Injection A-TITLE T1134.005 |
| /techniques/T1098 | Text duplicate | Account Manipulation (7) A-TITLE T1098 |
| /techniques/T1098/001 | Text duplicate | Additional Cloud Credentials A-TITLE T1098.001 |
| /techniques/T1098/002 | Text duplicate | Additional Email Delegate Permissions A-TITLE T1098.002 |
| /techniques/T1098/003 | Text duplicate | Additional Cloud Roles A-TITLE T1098.003 |
| /techniques/T1098/004 | Text duplicate | SSH Authorized Keys A-TITLE T1098.004 |
| /techniques/T1098/005 | Text duplicate | Device Registration A-TITLE T1098.005 |
| /techniques/T1098/006 | Text duplicate | Additional Container Cluster Roles A-TITLE T1098.006 |
| /techniques/T1098/007 | Text duplicate | Additional Local or Domain Groups A-TITLE T1098.007 |
| /techniques/T1547 | Text duplicate | Boot or Logon Autostart Execution (14) A-TITLE T1547 |
| /techniques/T1547/001 | Text duplicate | Registry Run Keys / Startup Folder A-TITLE T1547.001 |
| /techniques/T1547/002 | Text duplicate | Authentication Package A-TITLE T1547.002 |
| /techniques/T1547/003 | Text duplicate | Time Providers A-TITLE T1547.003 |
| /techniques/T1547/004 | Text duplicate | Winlogon Helper DLL A-TITLE T1547.004 |
| /techniques/T1547/005 | Text duplicate | Security Support Provider A-TITLE T1547.005 |
| /techniques/T1547/006 | Text duplicate | Kernel Modules and Extensions A-TITLE T1547.006 |
| /techniques/T1547/007 | Text duplicate | Re-opened Applications A-TITLE T1547.007 |
| /techniques/T1547/008 | Text duplicate | LSASS Driver A-TITLE T1547.008 |
| /techniques/T1547/009 | Text duplicate | Shortcut Modification A-TITLE T1547.009 |
| /techniques/T1547/010 | Text duplicate | Port Monitors A-TITLE T1547.010 |
| /techniques/T1547/012 | Text duplicate | Print Processors A-TITLE T1547.012 |
| /techniques/T1547/013 | Text duplicate | XDG Autostart Entries A-TITLE T1547.013 |
| /techniques/T1547/014 | Text duplicate | Active Setup A-TITLE T1547.014 |
| /techniques/T1547/015 | Text duplicate | Login Items A-TITLE T1547.015 |
| /techniques/T1037 | Text duplicate | Boot or Logon Initialization Scripts (5) A-TITLE T1037 |
| /techniques/T1037/001 | Text duplicate | Logon Script (Windows) A-TITLE T1037.001 |
| /techniques/T1037/002 | Text duplicate | Login Hook A-TITLE T1037.002 |
| /techniques/T1037/003 | Text duplicate | Network Logon Script A-TITLE T1037.003 |
| /techniques/T1037/004 | Text duplicate | RC Scripts A-TITLE T1037.004 |
| /techniques/T1037/005 | Text duplicate | Startup Items A-TITLE T1037.005 |
| /techniques/T1543 | Text duplicate | Create or Modify System Process (5) A-TITLE T1543 |
| /techniques/T1543/001 | Text duplicate | Launch Agent A-TITLE T1543.001 |
| /techniques/T1543/002 | Text duplicate | Systemd Service A-TITLE T1543.002 |
| /techniques/T1543/003 | Text duplicate | Windows Service A-TITLE T1543.003 |
| /techniques/T1543/004 | Text duplicate | Launch Daemon A-TITLE T1543.004 |
| /techniques/T1543/005 | Text duplicate | Container Service A-TITLE T1543.005 |
| /techniques/T1484 | Text duplicate | Domain or Tenant Policy Modification (2) A-TITLE T1484 |
| /techniques/T1484/001 | Text duplicate | Group Policy Modification A-TITLE T1484.001 |
| /techniques/T1484/002 | Text duplicate | Trust Modification A-TITLE T1484.002 |
| /techniques/T1611 | Text duplicate | Escape to Host A-TITLE T1611 |
| /techniques/T1546 | Text duplicate | Event Triggered Execution (17) A-TITLE T1546 |
| /techniques/T1546/001 | Text duplicate | Change Default File Association A-TITLE T1546.001 |
| /techniques/T1546/002 | Text duplicate | Screensaver A-TITLE T1546.002 |
| /techniques/T1546/003 | Text duplicate | Windows Management Instrumentation Event Subscription A-TITLE T1546.003 |
| /techniques/T1546/004 | Text duplicate | Unix Shell Configuration Modification A-TITLE T1546.004 |
| /techniques/T1546/005 | Text duplicate | Trap A-TITLE T1546.005 |
| /techniques/T1546/006 | Text duplicate | LC_LOAD_DYLIB Addition A-TITLE T1546.006 |
| /techniques/T1546/007 | Text duplicate | Netsh Helper DLL A-TITLE T1546.007 |
| /techniques/T1546/008 | Text duplicate | Accessibility Features A-TITLE T1546.008 |
| /techniques/T1546/009 | Text duplicate | AppCert DLLs A-TITLE T1546.009 |
| /techniques/T1546/010 | Text duplicate | AppInit DLLs A-TITLE T1546.010 |
| /techniques/T1546/011 | Text duplicate | Application Shimming A-TITLE T1546.011 |
| /techniques/T1546/012 | Text duplicate | Image File Execution Options Injection A-TITLE T1546.012 |
| /techniques/T1546/013 | Text duplicate | PowerShell Profile A-TITLE T1546.013 |
| /techniques/T1546/014 | Text duplicate | Emond A-TITLE T1546.014 |
| /techniques/T1546/015 | Text duplicate | Component Object Model Hijacking A-TITLE T1546.015 |
| /techniques/T1546/016 | Text duplicate | Installer Packages A-TITLE T1546.016 |
| /techniques/T1546/017 | Text duplicate | Udev Rules A-TITLE T1546.017 |
| /techniques/T1068 | Text duplicate | Exploitation for Privilege Escalation A-TITLE T1068 |
| /techniques/T1574 | Text duplicate | Hijack Execution Flow (12) A-TITLE T1574 |
| /techniques/T1574/001 | Text duplicate | DLL A-TITLE T1574.001 |
| /techniques/T1574/004 | Text duplicate | Dylib Hijacking A-TITLE T1574.004 |
| /techniques/T1574/005 | Text duplicate | Executable Installer File Permissions Weakness A-TITLE T1574.005 |
| /techniques/T1574/006 | Text duplicate | Dynamic Linker Hijacking A-TITLE T1574.006 |
| /techniques/T1574/007 | Text duplicate | Path Interception by PATH Environment Variable A-TITLE T1574.007 |
| /techniques/T1574/008 | Text duplicate | Path Interception by Search Order Hijacking A-TITLE T1574.008 |
| /techniques/T1574/009 | Text duplicate | Path Interception by Unquoted Path A-TITLE T1574.009 |
| /techniques/T1574/010 | Text duplicate | Services File Permissions Weakness A-TITLE T1574.010 |
| /techniques/T1574/011 | Text duplicate | Services Registry Permissions Weakness A-TITLE T1574.011 |
| /techniques/T1574/012 | Text duplicate | COR_PROFILER A-TITLE T1574.012 |
| /techniques/T1574/013 | Text duplicate | KernelCallbackTable A-TITLE T1574.013 |
| /techniques/T1574/014 | Text duplicate | AppDomainManager A-TITLE T1574.014 |
| /techniques/T1055 | Text duplicate | Process Injection (12) A-TITLE T1055 |
| /techniques/T1055/001 | Text duplicate | Dynamic-link Library Injection A-TITLE T1055.001 |
| /techniques/T1055/002 | Text duplicate | Portable Executable Injection A-TITLE T1055.002 |
| /techniques/T1055/003 | Text duplicate | Thread Execution Hijacking A-TITLE T1055.003 |
| /techniques/T1055/004 | Text duplicate | Asynchronous Procedure Call A-TITLE T1055.004 |
| /techniques/T1055/005 | Text duplicate | Thread Local Storage A-TITLE T1055.005 |
| /techniques/T1055/008 | Text duplicate | Ptrace System Calls A-TITLE T1055.008 |
| /techniques/T1055/009 | Text duplicate | Proc Memory A-TITLE T1055.009 |
| /techniques/T1055/011 | Text duplicate | Extra Window Memory Injection A-TITLE T1055.011 |
| /techniques/T1055/012 | Text duplicate | Process Hollowing A-TITLE T1055.012 |
| /techniques/T1055/013 | Text duplicate | Process Doppelg??nging A-TITLE T1055.013 |
| /techniques/T1055/014 | Text duplicate | VDSO Hijacking A-TITLE T1055.014 |
| /techniques/T1055/015 | Text duplicate | ListPlanting A-TITLE T1055.015 |
| /techniques/T1053 | Text duplicate | Scheduled Task/Job (5) A-TITLE T1053 |
| /techniques/T1053/002 | Text duplicate | At A-TITLE T1053.002 |
| /techniques/T1053/003 | Text duplicate | Cron A-TITLE T1053.003 |
| /techniques/T1053/005 | Text duplicate | Scheduled Task A-TITLE T1053.005 |
| /techniques/T1053/006 | Text duplicate | Systemd Timers A-TITLE T1053.006 |
| /techniques/T1053/007 | Text duplicate | Container Orchestration Job A-TITLE T1053.007 |
| /techniques/T1078 | Text duplicate | Valid Accounts (4) A-TITLE T1078 |
| /techniques/T1078/001 | Text duplicate | Default Accounts A-TITLE T1078.001 |
| /techniques/T1078/002 | Text duplicate | Domain Accounts A-TITLE T1078.002 |
| /techniques/T1078/003 | Text duplicate | Local Accounts A-TITLE T1078.003 |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1548 | Text duplicate | Abuse Elevation Control Mechanism (6) A-TITLE T1548 |
| /techniques/T1548/001 | Text duplicate | Setuid and Setgid A-TITLE T1548.001 |
| /techniques/T1548/002 | Text duplicate | Bypass User Account Control A-TITLE T1548.002 |
| /techniques/T1548/003 | Text duplicate | Sudo and Sudo Caching A-TITLE T1548.003 |
| /techniques/T1548/004 | Text duplicate | Elevated Execution with Prompt A-TITLE T1548.004 |
| /techniques/T1548/005 | Text duplicate | Temporary Elevated Cloud Access A-TITLE T1548.005 |
| /techniques/T1548/006 | Text duplicate | TCC Manipulation A-TITLE T1548.006 |
| /techniques/T1134 | Text duplicate | Access Token Manipulation (5) A-TITLE T1134 |
| /techniques/T1134/001 | Text duplicate | Token Impersonation/Theft A-TITLE T1134.001 |
| /techniques/T1134/002 | Text duplicate | Create Process with Token A-TITLE T1134.002 |
| /techniques/T1134/003 | Text duplicate | Make and Impersonate Token A-TITLE T1134.003 |
| /techniques/T1134/004 | Text duplicate | Parent PID Spoofing A-TITLE T1134.004 |
| /techniques/T1134/005 | Text duplicate | SID-History Injection A-TITLE T1134.005 |
| /techniques/T1197 | Text duplicate | BITS Jobs A-TITLE T1197 |
| /techniques/T1612 | Text duplicate | Build Image on Host A-TITLE T1612 |
| /techniques/T1622 | Text duplicate | Debugger Evasion A-TITLE T1622 |
| /techniques/T1140 | Text duplicate | Deobfuscate/Decode Files or Information A-TITLE T1140 |
| /techniques/T1610 | Text duplicate | Deploy Container A-TITLE T1610 |
| /techniques/T1006 | Text duplicate | Direct Volume Access A-TITLE T1006 |
| /techniques/T1484 | Text duplicate | Domain or Tenant Policy Modification (2) A-TITLE T1484 |
| /techniques/T1484/001 | Text duplicate | Group Policy Modification A-TITLE T1484.001 |
| /techniques/T1484/002 | Text duplicate | Trust Modification A-TITLE T1484.002 |
| /techniques/T1672 | Text duplicate | Email Spoofing A-TITLE T1672 |
| /techniques/T1480 | Text duplicate | Execution Guardrails (2) A-TITLE T1480 |
| /techniques/T1480/001 | Text duplicate | Environmental Keying A-TITLE T1480.001 |
| /techniques/T1480/002 | Text duplicate | Mutual Exclusion A-TITLE T1480.002 |
| /techniques/T1211 | Text duplicate | Exploitation for Defense Evasion A-TITLE T1211 |
| /techniques/T1222 | Text duplicate | File and Directory Permissions Modification (2) A-TITLE T1222 |
| /techniques/T1222/001 | Text duplicate | Windows File and Directory Permissions Modification A-TITLE T1222.001 |
| /techniques/T1222/002 | Text duplicate | Linux and Mac File and Directory Permissions Modification A-TITLE T1222.002 |
| /techniques/T1564 | Text duplicate | Hide Artifacts (14) A-TITLE T1564 |
| /techniques/T1564/001 | Text duplicate | Hidden Files and Directories A-TITLE T1564.001 |
| /techniques/T1564/002 | Text duplicate | Hidden Users A-TITLE T1564.002 |
| /techniques/T1564/003 | Text duplicate | Hidden Window A-TITLE T1564.003 |
| /techniques/T1564/004 | Text duplicate | NTFS File Attributes A-TITLE T1564.004 |
| /techniques/T1564/005 | Text duplicate | Hidden File System A-TITLE T1564.005 |
| /techniques/T1564/006 | Text duplicate | Run Virtual Instance A-TITLE T1564.006 |
| /techniques/T1564/007 | Text duplicate | VBA Stomping A-TITLE T1564.007 |
| /techniques/T1564/008 | Text duplicate | Email Hiding Rules A-TITLE T1564.008 |
| /techniques/T1564/009 | Text duplicate | Resource Forking A-TITLE T1564.009 |
| /techniques/T1564/010 | Text duplicate | Process Argument Spoofing A-TITLE T1564.010 |
| /techniques/T1564/011 | Text duplicate | Ignore Process Interrupts A-TITLE T1564.011 |
| /techniques/T1564/012 | Text duplicate | File/Path Exclusions A-TITLE T1564.012 |
| /techniques/T1564/013 | Text duplicate | Bind Mounts A-TITLE T1564.013 |
| /techniques/T1564/014 | Text duplicate | Extended Attributes A-TITLE T1564.014 |
| /techniques/T1574 | Text duplicate | Hijack Execution Flow (12) A-TITLE T1574 |
| /techniques/T1574/001 | Text duplicate | DLL A-TITLE T1574.001 |
| /techniques/T1574/004 | Text duplicate | Dylib Hijacking A-TITLE T1574.004 |
| /techniques/T1574/005 | Text duplicate | Executable Installer File Permissions Weakness A-TITLE T1574.005 |
| /techniques/T1574/006 | Text duplicate | Dynamic Linker Hijacking A-TITLE T1574.006 |
| /techniques/T1574/007 | Text duplicate | Path Interception by PATH Environment Variable A-TITLE T1574.007 |
| /techniques/T1574/008 | Text duplicate | Path Interception by Search Order Hijacking A-TITLE T1574.008 |
| /techniques/T1574/009 | Text duplicate | Path Interception by Unquoted Path A-TITLE T1574.009 |
| /techniques/T1574/010 | Text duplicate | Services File Permissions Weakness A-TITLE T1574.010 |
| /techniques/T1574/011 | Text duplicate | Services Registry Permissions Weakness A-TITLE T1574.011 |
| /techniques/T1574/012 | Text duplicate | COR_PROFILER A-TITLE T1574.012 |
| /techniques/T1574/013 | Text duplicate | KernelCallbackTable A-TITLE T1574.013 |
| /techniques/T1574/014 | Text duplicate | AppDomainManager A-TITLE T1574.014 |
| /techniques/T1562 | Text duplicate | Impair Defenses (11) A-TITLE T1562 |
| /techniques/T1562/001 | Text duplicate | Disable or Modify Tools A-TITLE T1562.001 |
| /techniques/T1562/002 | Text duplicate | Disable Windows Event Logging A-TITLE T1562.002 |
| /techniques/T1562/003 | Text duplicate | Impair Command History Logging A-TITLE T1562.003 |
| /techniques/T1562/004 | Text duplicate | Disable or Modify System Firewall A-TITLE T1562.004 |
| /techniques/T1562/006 | Text duplicate | Indicator Blocking A-TITLE T1562.006 |
| /techniques/T1562/007 | Text duplicate | Disable or Modify Cloud Firewall A-TITLE T1562.007 |
| /techniques/T1562/008 | Text duplicate | Disable or Modify Cloud Logs A-TITLE T1562.008 |
| /techniques/T1562/009 | Text duplicate | Safe Mode Boot A-TITLE T1562.009 |
| /techniques/T1562/010 | Text duplicate | Downgrade Attack A-TITLE T1562.010 |
| /techniques/T1562/011 | Text duplicate | Spoof Security Alerting A-TITLE T1562.011 |
| /techniques/T1562/012 | Text duplicate | Disable or Modify Linux Audit System A-TITLE T1562.012 |
| /techniques/T1656 | Text duplicate | Impersonation A-TITLE T1656 |
| /techniques/T1070 | Text duplicate | Indicator Removal (10) A-TITLE T1070 |
| /techniques/T1070/001 | Text duplicate | Clear Windows Event Logs A-TITLE T1070.001 |
| /techniques/T1070/002 | Text duplicate | Clear Linux or Mac System Logs A-TITLE T1070.002 |
| /techniques/T1070/003 | Text duplicate | Clear Command History A-TITLE T1070.003 |
| /techniques/T1070/004 | Text duplicate | File Deletion A-TITLE T1070.004 |
| /techniques/T1070/005 | Text duplicate | Network Share Connection Removal A-TITLE T1070.005 |
| /techniques/T1070/006 | Text duplicate | Timestomp A-TITLE T1070.006 |
| /techniques/T1070/007 | Text duplicate | Clear Network Connection History and Configurations A-TITLE T1070.007 |
| /techniques/T1070/008 | Text duplicate | Clear Mailbox Data A-TITLE T1070.008 |
| /techniques/T1070/009 | Text duplicate | Clear Persistence A-TITLE T1070.009 |
| /techniques/T1070/010 | Text duplicate | Relocate Malware A-TITLE T1070.010 |
| /techniques/T1202 | Text duplicate | Indirect Command Execution A-TITLE T1202 |
| /techniques/T1036 | Text duplicate | Masquerading (11) A-TITLE T1036 |
| /techniques/T1036/001 | Text duplicate | Invalid Code Signature A-TITLE T1036.001 |
| /techniques/T1036/002 | Text duplicate | Right-to-Left Override A-TITLE T1036.002 |
| /techniques/T1036/003 | Text duplicate | Rename Legitimate Utilities A-TITLE T1036.003 |
| /techniques/T1036/004 | Text duplicate | Masquerade Task or Service A-TITLE T1036.004 |
| /techniques/T1036/005 | Text duplicate | Match Legitimate Resource Name or Location A-TITLE T1036.005 |
| /techniques/T1036/006 | Text duplicate | Space after Filename A-TITLE T1036.006 |
| /techniques/T1036/007 | Text duplicate | Double File Extension A-TITLE T1036.007 |
| /techniques/T1036/008 | Text duplicate | Masquerade File Type A-TITLE T1036.008 |
| /techniques/T1036/009 | Text duplicate | Break Process Trees A-TITLE T1036.009 |
| /techniques/T1036/010 | Text duplicate | Masquerade Account Name A-TITLE T1036.010 |
| /techniques/T1036/011 | Text duplicate | Overwrite Process Arguments A-TITLE T1036.011 |
| /techniques/T1556 | Text duplicate | Modify Authentication Process (9) A-TITLE T1556 |
| /techniques/T1556/001 | Text duplicate | Domain Controller Authentication A-TITLE T1556.001 |
| /techniques/T1556/002 | Text duplicate | Password Filter DLL A-TITLE T1556.002 |
| /techniques/T1556/003 | Text duplicate | Pluggable Authentication Modules A-TITLE T1556.003 |
| /techniques/T1556/004 | Text duplicate | Network Device Authentication A-TITLE T1556.004 |
| /techniques/T1556/005 | Text duplicate | Reversible Encryption A-TITLE T1556.005 |
| /techniques/T1556/006 | Text duplicate | Multi-Factor Authentication A-TITLE T1556.006 |
| /techniques/T1556/007 | Text duplicate | Hybrid Identity A-TITLE T1556.007 |
| /techniques/T1556/008 | Text duplicate | Network Provider DLL A-TITLE T1556.008 |
| /techniques/T1556/009 | Text duplicate | Conditional Access Policies A-TITLE T1556.009 |
| /techniques/T1578 | Text duplicate | Modify Cloud Compute Infrastructure (5) A-TITLE T1578 |
| /techniques/T1578/001 | Text duplicate | Create Snapshot A-TITLE T1578.001 |
| /techniques/T1578/002 | Text duplicate | Create Cloud Instance A-TITLE T1578.002 |
| /techniques/T1578/003 | Text duplicate | Delete Cloud Instance A-TITLE T1578.003 |
| /techniques/T1578/004 | Text duplicate | Revert Cloud Instance A-TITLE T1578.004 |
| /techniques/T1578/005 | Text duplicate | Modify Cloud Compute Configurations A-TITLE T1578.005 |
| /techniques/T1666 | Text duplicate | Modify Cloud Resource Hierarchy A-TITLE T1666 |
| /techniques/T1112 | Text duplicate | Modify Registry A-TITLE T1112 |
| /techniques/T1601 | Text duplicate | Modify System Image (2) A-TITLE T1601 |
| /techniques/T1601/001 | Text duplicate | Patch System Image A-TITLE T1601.001 |
| /techniques/T1601/002 | Text duplicate | Downgrade System Image A-TITLE T1601.002 |
| /techniques/T1599 | Text duplicate | Network Boundary Bridging (1) A-TITLE T1599 |
| /techniques/T1599/001 | Text duplicate | Network Address Translation Traversal A-TITLE T1599.001 |
| /techniques/T1027 | Text duplicate | Obfuscated Files or Information (17) A-TITLE T1027 |
| /techniques/T1027/001 | Text duplicate | Binary Padding A-TITLE T1027.001 |
| /techniques/T1027/002 | Text duplicate | Software Packing A-TITLE T1027.002 |
| /techniques/T1027/003 | Text duplicate | Steganography A-TITLE T1027.003 |
| /techniques/T1027/004 | Text duplicate | Compile After Delivery A-TITLE T1027.004 |
| /techniques/T1027/005 | Text duplicate | Indicator Removal from Tools A-TITLE T1027.005 |
| /techniques/T1027/006 | Text duplicate | HTML Smuggling A-TITLE T1027.006 |
| /techniques/T1027/007 | Text duplicate | Dynamic API Resolution A-TITLE T1027.007 |
| /techniques/T1027/008 | Text duplicate | Stripped Payloads A-TITLE T1027.008 |
| /techniques/T1027/009 | Text duplicate | Embedded Payloads A-TITLE T1027.009 |
| /techniques/T1027/010 | Text duplicate | Command Obfuscation A-TITLE T1027.010 |
| /techniques/T1027/011 | Text duplicate | Fileless Storage A-TITLE T1027.011 |
| /techniques/T1027/012 | Text duplicate | LNK Icon Smuggling A-TITLE T1027.012 |
| /techniques/T1027/013 | Text duplicate | Encrypted/Encoded File A-TITLE T1027.013 |
| /techniques/T1027/014 | Text duplicate | Polymorphic Code A-TITLE T1027.014 |
| /techniques/T1027/015 | Text duplicate | Compression A-TITLE T1027.015 |
| /techniques/T1027/016 | Text duplicate | Junk Code Insertion A-TITLE T1027.016 |
| /techniques/T1027/017 | Text duplicate | SVG Smuggling A-TITLE T1027.017 |
| /techniques/T1647 | Text duplicate | Plist File Modification A-TITLE T1647 |
| /techniques/T1542 | Text duplicate | Pre-OS Boot (5) A-TITLE T1542 |
| /techniques/T1542/001 | Text duplicate | System Firmware A-TITLE T1542.001 |
| /techniques/T1542/002 | Text duplicate | Component Firmware A-TITLE T1542.002 |
| /techniques/T1542/003 | Text duplicate | Bootkit A-TITLE T1542.003 |
| /techniques/T1542/004 | Text duplicate | ROMMONkit A-TITLE T1542.004 |
| /techniques/T1542/005 | Text duplicate | TFTP Boot A-TITLE T1542.005 |
| /techniques/T1055 | Text duplicate | Process Injection (12) A-TITLE T1055 |
| /techniques/T1055/001 | Text duplicate | Dynamic-link Library Injection A-TITLE T1055.001 |
| /techniques/T1055/002 | Text duplicate | Portable Executable Injection A-TITLE T1055.002 |
| /techniques/T1055/003 | Text duplicate | Thread Execution Hijacking A-TITLE T1055.003 |
| /techniques/T1055/004 | Text duplicate | Asynchronous Procedure Call A-TITLE T1055.004 |
| /techniques/T1055/005 | Text duplicate | Thread Local Storage A-TITLE T1055.005 |
| /techniques/T1055/008 | Text duplicate | Ptrace System Calls A-TITLE T1055.008 |
| /techniques/T1055/009 | Text duplicate | Proc Memory A-TITLE T1055.009 |
| /techniques/T1055/011 | Text duplicate | Extra Window Memory Injection A-TITLE T1055.011 |
| /techniques/T1055/012 | Text duplicate | Process Hollowing A-TITLE T1055.012 |
| /techniques/T1055/013 | Text duplicate | Process Doppelg??nging A-TITLE T1055.013 |
| /techniques/T1055/014 | Text duplicate | VDSO Hijacking A-TITLE T1055.014 |
| /techniques/T1055/015 | Text duplicate | ListPlanting A-TITLE T1055.015 |
| /techniques/T1620 | Text duplicate | Reflective Code Loading A-TITLE T1620 |
| /techniques/T1207 | Text duplicate | Rogue Domain Controller A-TITLE T1207 |
| /techniques/T1014 | Text duplicate | Rootkit A-TITLE T1014 |
| /techniques/T1553 | Text duplicate | Subvert Trust Controls (6) A-TITLE T1553 |
| /techniques/T1553/001 | Text duplicate | Gatekeeper Bypass A-TITLE T1553.001 |
| /techniques/T1553/002 | Text duplicate | Code Signing A-TITLE T1553.002 |
| /techniques/T1553/003 | Text duplicate | SIP and Trust Provider Hijacking A-TITLE T1553.003 |
| /techniques/T1553/004 | Text duplicate | Install Root Certificate A-TITLE T1553.004 |
| /techniques/T1553/005 | Text duplicate | Mark-of-the-Web Bypass A-TITLE T1553.005 |
| /techniques/T1553/006 | Text duplicate | Code Signing Policy Modification A-TITLE T1553.006 |
| /techniques/T1218 | Text duplicate | System Binary Proxy Execution (14) A-TITLE T1218 |
| /techniques/T1218/001 | Text duplicate | Compiled HTML File A-TITLE T1218.001 |
| /techniques/T1218/002 | Text duplicate | Control Panel A-TITLE T1218.002 |
| /techniques/T1218/003 | Text duplicate | CMSTP A-TITLE T1218.003 |
| /techniques/T1218/004 | Text duplicate | InstallUtil A-TITLE T1218.004 |
| /techniques/T1218/005 | Text duplicate | Mshta A-TITLE T1218.005 |
| /techniques/T1218/007 | Text duplicate | Msiexec A-TITLE T1218.007 |
| /techniques/T1218/008 | Text duplicate | Odbcconf A-TITLE T1218.008 |
| /techniques/T1218/009 | Text duplicate | Regsvcs/Regasm A-TITLE T1218.009 |
| /techniques/T1218/010 | Text duplicate | Regsvr32 A-TITLE T1218.010 |
| /techniques/T1218/011 | Text duplicate | Rundll32 A-TITLE T1218.011 |
| /techniques/T1218/012 | Text duplicate | Verclsid A-TITLE T1218.012 |
| /techniques/T1218/013 | Text duplicate | Mavinject A-TITLE T1218.013 |
| /techniques/T1218/014 | Text duplicate | MMC A-TITLE T1218.014 |
| /techniques/T1218/015 | Text duplicate | Electron Applications A-TITLE T1218.015 |
| /techniques/T1216 | Text duplicate | System Script Proxy Execution (2) A-TITLE T1216 |
| /techniques/T1216/001 | Text duplicate | PubPrn A-TITLE T1216.001 |
| /techniques/T1216/002 | Text duplicate | SyncAppvPublishingServer A-TITLE T1216.002 |
| /techniques/T1221 | Text duplicate | Template Injection A-TITLE T1221 |
| /techniques/T1205 | Text duplicate | Traffic Signaling (2) A-TITLE T1205 |
| /techniques/T1205/001 | Text duplicate | Port Knocking A-TITLE T1205.001 |
| /techniques/T1205/002 | Text duplicate | Socket Filters A-TITLE T1205.002 |
| /techniques/T1127 | Text duplicate | Trusted Developer Utilities Proxy Execution (3) A-TITLE T1127 |
| /techniques/T1127/001 | Text duplicate | MSBuild A-TITLE T1127.001 |
| /techniques/T1127/002 | Text duplicate | ClickOnce A-TITLE T1127.002 |
| /techniques/T1127/003 | Text duplicate | JamPlus A-TITLE T1127.003 |
| /techniques/T1535 | Text duplicate | Unused/Unsupported Cloud Regions A-TITLE T1535 |
| /techniques/T1550 | Text duplicate | Use Alternate Authentication Material (4) A-TITLE T1550 |
| /techniques/T1550/001 | Text duplicate | Application Access Token A-TITLE T1550.001 |
| /techniques/T1550/002 | Text duplicate | Pass the Hash A-TITLE T1550.002 |
| /techniques/T1550/003 | Text duplicate | Pass the Ticket A-TITLE T1550.003 |
| /techniques/T1550/004 | Text duplicate | Web Session Cookie A-TITLE T1550.004 |
| /techniques/T1078 | Text duplicate | Valid Accounts (4) A-TITLE T1078 |
| /techniques/T1078/001 | Text duplicate | Default Accounts A-TITLE T1078.001 |
| /techniques/T1078/002 | Text duplicate | Domain Accounts A-TITLE T1078.002 |
| /techniques/T1078/003 | Text duplicate | Local Accounts A-TITLE T1078.003 |
| /techniques/T1078/004 | Text duplicate | Cloud Accounts A-TITLE T1078.004 |
| /techniques/T1497 | Text duplicate | Virtualization/Sandbox Evasion (3) A-TITLE T1497 |
| /techniques/T1497/001 | Text duplicate | System Checks A-TITLE T1497.001 |
| /techniques/T1497/002 | Text duplicate | User Activity Based Checks A-TITLE T1497.002 |
| /techniques/T1497/003 | Text duplicate | Time Based Evasion A-TITLE T1497.003 |
| /techniques/T1600 | Text duplicate | Weaken Encryption (2) A-TITLE T1600 |
| /techniques/T1600/001 | Text duplicate | Reduce Key Space A-TITLE T1600.001 |
| /techniques/T1600/002 | Text duplicate | Disable Crypto Hardware A-TITLE T1600.002 |
| /techniques/T1220 | Text duplicate | XSL Script Processing A-TITLE T1220 |
| /techniques/T1557 | Text duplicate | Adversary-in-the-Middle (4) A-TITLE T1557 |
| /techniques/T1557/001 | Text duplicate | LLMNR/NBT-NS Poisoning and SMB Relay A-TITLE T1557.001 |
| /techniques/T1557/002 | Text duplicate | ARP Cache Poisoning A-TITLE T1557.002 |
| /techniques/T1557/003 | Text duplicate | DHCP Spoofing A-TITLE T1557.003 |
| /techniques/T1557/004 | Text duplicate | Evil Twin A-TITLE T1557.004 |
| /techniques/T1110 | Text duplicate | Brute Force (4) A-TITLE T1110 |
| /techniques/T1110/001 | Text duplicate | Password Guessing A-TITLE T1110.001 |
| /techniques/T1110/002 | Text duplicate | Password Cracking A-TITLE T1110.002 |
| /techniques/T1110/003 | Text duplicate | Password Spraying A-TITLE T1110.003 |
| /techniques/T1110/004 | Text duplicate | Credential Stuffing A-TITLE T1110.004 |
| /techniques/T1555 | Text duplicate | Credentials from Password Stores (6) A-TITLE T1555 |
| /techniques/T1555/001 | Text duplicate | Keychain A-TITLE T1555.001 |
| /techniques/T1555/002 | Text duplicate | Securityd Memory A-TITLE T1555.002 |
| /techniques/T1555/003 | Text duplicate | Credentials from Web Browsers A-TITLE T1555.003 |
| /techniques/T1555/004 | Text duplicate | Windows Credential Manager A-TITLE T1555.004 |
| /techniques/T1555/005 | Text duplicate | Password Managers A-TITLE T1555.005 |
| /techniques/T1555/006 | Text duplicate | Cloud Secrets Management Stores A-TITLE T1555.006 |
| /techniques/T1212 | Text duplicate | Exploitation for Credential Access A-TITLE T1212 |
| /techniques/T1187 | Text duplicate | Forced Authentication A-TITLE T1187 |
| /techniques/T1606 | Text duplicate | Forge Web Credentials (2) A-TITLE T1606 |
| /techniques/T1606/001 | Text duplicate | Web Cookies A-TITLE T1606.001 |
| /techniques/T1606/002 | Text duplicate | SAML Tokens A-TITLE T1606.002 |
| /techniques/T1056 | Text duplicate | Input Capture (4) A-TITLE T1056 |
| /techniques/T1056/001 | Text duplicate | Keylogging A-TITLE T1056.001 |
| /techniques/T1056/002 | Text duplicate | GUI Input Capture A-TITLE T1056.002 |
| /techniques/T1056/003 | Text duplicate | Web Portal Capture A-TITLE T1056.003 |
| /techniques/T1056/004 | Text duplicate | Credential API Hooking A-TITLE T1056.004 |
| /techniques/T1556 | Text duplicate | Modify Authentication Process (9) A-TITLE T1556 |
| /techniques/T1556/001 | Text duplicate | Domain Controller Authentication A-TITLE T1556.001 |
| /techniques/T1556/002 | Text duplicate | Password Filter DLL A-TITLE T1556.002 |
| /techniques/T1556/003 | Text duplicate | Pluggable Authentication Modules A-TITLE T1556.003 |
| /techniques/T1556/004 | Text duplicate | Network Device Authentication A-TITLE T1556.004 |
| /techniques/T1556/005 | Text duplicate | Reversible Encryption A-TITLE T1556.005 |
| /techniques/T1556/006 | Text duplicate | Multi-Factor Authentication A-TITLE T1556.006 |
| /techniques/T1556/007 | Text duplicate | Hybrid Identity A-TITLE T1556.007 |
| /techniques/T1556/008 | Text duplicate | Network Provider DLL A-TITLE T1556.008 |
| /techniques/T1556/009 | Text duplicate | Conditional Access Policies A-TITLE T1556.009 |
| /techniques/T1111 | Text duplicate | Multi-Factor Authentication Interception A-TITLE T1111 |
| /techniques/T1621 | Text duplicate | Multi-Factor Authentication Request Generation A-TITLE T1621 |
| /techniques/T1040 | Text duplicate | Network Sniffing A-TITLE T1040 |
| /techniques/T1003 | Text duplicate | OS Credential Dumping (8) A-TITLE T1003 |
| /techniques/T1003/001 | Text duplicate | LSASS Memory A-TITLE T1003.001 |
| /techniques/T1003/002 | Text duplicate | Security Account Manager A-TITLE T1003.002 |
| /techniques/T1003/003 | Text duplicate | NTDS A-TITLE T1003.003 |
| /techniques/T1003/004 | Text duplicate | LSA Secrets A-TITLE T1003.004 |
| /techniques/T1003/005 | Text duplicate | Cached Domain Credentials A-TITLE T1003.005 |
| /techniques/T1003/006 | Text duplicate | DCSync A-TITLE T1003.006 |
| /techniques/T1003/007 | Text duplicate | Proc Filesystem A-TITLE T1003.007 |
| /techniques/T1003/008 | Text duplicate | /etc/passwd and /etc/shadow A-TITLE T1003.008 |
| /techniques/T1528 | Text duplicate | Steal Application Access Token A-TITLE T1528 |
| /techniques/T1649 | Text duplicate | Steal or Forge Authentication Certificates A-TITLE T1649 |
| /techniques/T1558 | Text duplicate | Steal or Forge Kerberos Tickets (5) A-TITLE T1558 |
| /techniques/T1558/001 | Text duplicate | Golden Ticket A-TITLE T1558.001 |
| /techniques/T1558/002 | Text duplicate | Silver Ticket A-TITLE T1558.002 |
| /techniques/T1558/003 | Text duplicate | Kerberoasting A-TITLE T1558.003 |
| /techniques/T1558/004 | Text duplicate | AS-REP Roasting A-TITLE T1558.004 |
| /techniques/T1558/005 | Text duplicate | Ccache Files A-TITLE T1558.005 |
| /techniques/T1539 | Text duplicate | Steal Web Session Cookie A-TITLE T1539 |
| /techniques/T1552 | Text duplicate | Unsecured Credentials (8) A-TITLE T1552 |
| /techniques/T1552/001 | Text duplicate | Credentials In Files A-TITLE T1552.001 |
| /techniques/T1552/002 | Text duplicate | Credentials in Registry A-TITLE T1552.002 |
| /techniques/T1552/003 | Text duplicate | Bash History A-TITLE T1552.003 |
| /techniques/T1552/004 | Text duplicate | Private Keys A-TITLE T1552.004 |
| /techniques/T1552/005 | Text duplicate | Cloud Instance Metadata API A-TITLE T1552.005 |
| /techniques/T1552/006 | Text duplicate | Group Policy Preferences A-TITLE T1552.006 |
| /techniques/T1552/007 | Text duplicate | Container API A-TITLE T1552.007 |
| /techniques/T1552/008 | Text duplicate | Chat Messages A-TITLE T1552.008 |
| /techniques/T1087 | Text duplicate | Account Discovery (4) A-TITLE T1087 |
| /techniques/T1087/001 | Text duplicate | Local Account A-TITLE T1087.001 |
| /techniques/T1087/002 | Text duplicate | Domain Account A-TITLE T1087.002 |
| /techniques/T1087/003 | Text duplicate | Email Account A-TITLE T1087.003 |
| /techniques/T1087/004 | Text duplicate | Cloud Account A-TITLE T1087.004 |
| /techniques/T1010 | Text duplicate | Application Window Discovery A-TITLE T1010 |
| /techniques/T1217 | Text duplicate | Browser Information Discovery A-TITLE T1217 |
| /techniques/T1580 | Text duplicate | Cloud Infrastructure Discovery A-TITLE T1580 |
| /techniques/T1538 | Text duplicate | Cloud Service Dashboard A-TITLE T1538 |
| /techniques/T1526 | Text duplicate | Cloud Service Discovery A-TITLE T1526 |
| /techniques/T1619 | Text duplicate | Cloud Storage Object Discovery A-TITLE T1619 |
| /techniques/T1613 | Text duplicate | Container and Resource Discovery A-TITLE T1613 |
| /techniques/T1622 | Text duplicate | Debugger Evasion A-TITLE T1622 |
| /techniques/T1652 | Text duplicate | Device Driver Discovery A-TITLE T1652 |
| /techniques/T1482 | Text duplicate | Domain Trust Discovery A-TITLE T1482 |
| /techniques/T1083 | Text duplicate | File and Directory Discovery A-TITLE T1083 |
| /techniques/T1615 | Text duplicate | Group Policy Discovery A-TITLE T1615 |
| /techniques/T1654 | Text duplicate | Log Enumeration A-TITLE T1654 |
| /techniques/T1046 | Text duplicate | Network Service Discovery A-TITLE T1046 |
| /techniques/T1135 | Text duplicate | Network Share Discovery A-TITLE T1135 |
| /techniques/T1040 | Text duplicate | Network Sniffing A-TITLE T1040 |
| /techniques/T1201 | Text duplicate | Password Policy Discovery A-TITLE T1201 |
| /techniques/T1120 | Text duplicate | Peripheral Device Discovery A-TITLE T1120 |
| /techniques/T1069 | Text duplicate | Permission Groups Discovery (3) A-TITLE T1069 |
| /techniques/T1069/001 | Text duplicate | Local Groups A-TITLE T1069.001 |
| /techniques/T1069/002 | Text duplicate | Domain Groups A-TITLE T1069.002 |
| /techniques/T1069/003 | Text duplicate | Cloud Groups A-TITLE T1069.003 |
| /techniques/T1057 | Text duplicate | Process Discovery A-TITLE T1057 |
| /techniques/T1012 | Text duplicate | Query Registry A-TITLE T1012 |
| /techniques/T1018 | Text duplicate | Remote System Discovery A-TITLE T1018 |
| /techniques/T1518 | Text duplicate | Software Discovery (1) A-TITLE T1518 |
| /techniques/T1518/001 | Text duplicate | Security Software Discovery A-TITLE T1518.001 |
| /techniques/T1082 | Text duplicate | System Information Discovery A-TITLE T1082 |
| /techniques/T1614 | Text duplicate | System Location Discovery (1) A-TITLE T1614 |
| /techniques/T1614/001 | Text duplicate | System Language Discovery A-TITLE T1614.001 |
| /techniques/T1016 | Text duplicate | System Network Configuration Discovery (2) A-TITLE T1016 |
| /techniques/T1016/001 | Text duplicate | Internet Connection Discovery A-TITLE T1016.001 |
| /techniques/T1016/002 | Text duplicate | Wi-Fi Discovery A-TITLE T1016.002 |
| /techniques/T1049 | Text duplicate | System Network Connections Discovery A-TITLE T1049 |
| /techniques/T1033 | Text duplicate | System Owner/User Discovery A-TITLE T1033 |
| /techniques/T1007 | Text duplicate | System Service Discovery A-TITLE T1007 |
| /techniques/T1124 | Text duplicate | System Time Discovery A-TITLE T1124 |
| /techniques/T1673 | Text duplicate | Virtual Machine Discovery A-TITLE T1673 |
| /techniques/T1497 | Text duplicate | Virtualization/Sandbox Evasion (3) A-TITLE T1497 |
| /techniques/T1497/001 | Text duplicate | System Checks A-TITLE T1497.001 |
| /techniques/T1497/002 | Text duplicate | User Activity Based Checks A-TITLE T1497.002 |
| /techniques/T1497/003 | Text duplicate | Time Based Evasion A-TITLE T1497.003 |
| /techniques/T1210 | Text duplicate | Exploitation of Remote Services A-TITLE T1210 |
| /techniques/T1534 | Text duplicate | Internal Spearphishing A-TITLE T1534 |
| /techniques/T1570 | Text duplicate | Lateral Tool Transfer A-TITLE T1570 |
| /techniques/T1563 | Text duplicate | Remote Service Session Hijacking (2) A-TITLE T1563 |
| /techniques/T1563/001 | Text duplicate | SSH Hijacking A-TITLE T1563.001 |
| /techniques/T1563/002 | Text duplicate | RDP Hijacking A-TITLE T1563.002 |
| /techniques/T1021 | Text duplicate | Remote Services (8) A-TITLE T1021 |
| /techniques/T1021/001 | Text duplicate | Remote Desktop Protocol A-TITLE T1021.001 |
| /techniques/T1021/002 | Text duplicate | SMB/Windows Admin Shares A-TITLE T1021.002 |
| /techniques/T1021/003 | Text duplicate | Distributed Component Object Model A-TITLE T1021.003 |
| /techniques/T1021/004 | Text duplicate | SSH A-TITLE T1021.004 |
| /techniques/T1021/005 | Text duplicate | VNC A-TITLE T1021.005 |
| /techniques/T1021/006 | Text duplicate | Windows Remote Management A-TITLE T1021.006 |
| /techniques/T1021/007 | Text duplicate | Cloud Services A-TITLE T1021.007 |
| /techniques/T1021/008 | Text duplicate | Direct Cloud VM Connections A-TITLE T1021.008 |
| /techniques/T1091 | Text duplicate | Replication Through Removable Media A-TITLE T1091 |
| /techniques/T1072 | Text duplicate | Software Deployment Tools A-TITLE T1072 |
| /techniques/T1080 | Text duplicate | Taint Shared Content A-TITLE T1080 |
| /techniques/T1550 | Text duplicate | Use Alternate Authentication Material (4) A-TITLE T1550 |
| /techniques/T1550/001 | Text duplicate | Application Access Token A-TITLE T1550.001 |
| /techniques/T1550/002 | Text duplicate | Pass the Hash A-TITLE T1550.002 |
| /techniques/T1550/003 | Text duplicate | Pass the Ticket A-TITLE T1550.003 |
| /techniques/T1550/004 | Text duplicate | Web Session Cookie A-TITLE T1550.004 |
| /techniques/T1557 | Text duplicate | Adversary-in-the-Middle (4) A-TITLE T1557 |
| /techniques/T1557/001 | Text duplicate | LLMNR/NBT-NS Poisoning and SMB Relay A-TITLE T1557.001 |
| /techniques/T1557/002 | Text duplicate | ARP Cache Poisoning A-TITLE T1557.002 |
| /techniques/T1557/003 | Text duplicate | DHCP Spoofing A-TITLE T1557.003 |
| /techniques/T1557/004 | Text duplicate | Evil Twin A-TITLE T1557.004 |
| /techniques/T1560 | Text duplicate | Archive Collected Data (3) A-TITLE T1560 |
| /techniques/T1560/001 | Text duplicate | Archive via Utility A-TITLE T1560.001 |
| /techniques/T1560/002 | Text duplicate | Archive via Library A-TITLE T1560.002 |
| /techniques/T1560/003 | Text duplicate | Archive via Custom Method A-TITLE T1560.003 |
| /techniques/T1123 | Text duplicate | Audio Capture A-TITLE T1123 |
| /techniques/T1119 | Text duplicate | Automated Collection A-TITLE T1119 |
| /techniques/T1185 | Text duplicate | Browser Session Hijacking A-TITLE T1185 |
| /techniques/T1115 | Text duplicate | Clipboard Data A-TITLE T1115 |
| /techniques/T1530 | Text duplicate | Data from Cloud Storage A-TITLE T1530 |
| /techniques/T1602 | Text duplicate | Data from Configuration Repository (2) A-TITLE T1602 |
| /techniques/T1602/001 | Text duplicate | SNMP (MIB Dump) A-TITLE T1602.001 |
| /techniques/T1602/002 | Text duplicate | Network Device Configuration Dump A-TITLE T1602.002 |
| /techniques/T1213 | Text duplicate | Data from Information Repositories (5) A-TITLE T1213 |
| /techniques/T1213/001 | Text duplicate | Confluence A-TITLE T1213.001 |
| /techniques/T1213/002 | Text duplicate | Sharepoint A-TITLE T1213.002 |
| /techniques/T1213/003 | Text duplicate | Code Repositories A-TITLE T1213.003 |
| /techniques/T1213/004 | Text duplicate | Customer Relationship Management Software A-TITLE T1213.004 |
| /techniques/T1213/005 | Text duplicate | Messaging Applications A-TITLE T1213.005 |
| /techniques/T1005 | Text duplicate | Data from Local System A-TITLE T1005 |
| /techniques/T1039 | Text duplicate | Data from Network Shared Drive A-TITLE T1039 |
| /techniques/T1025 | Text duplicate | Data from Removable Media A-TITLE T1025 |
| /techniques/T1074 | Text duplicate | Data Staged (2) A-TITLE T1074 |
| /techniques/T1074/001 | Text duplicate | Local Data Staging A-TITLE T1074.001 |
| /techniques/T1074/002 | Text duplicate | Remote Data Staging A-TITLE T1074.002 |
| /techniques/T1114 | Text duplicate | Email Collection (3) A-TITLE T1114 |
| /techniques/T1114/001 | Text duplicate | Local Email Collection A-TITLE T1114.001 |
| /techniques/T1114/002 | Text duplicate | Remote Email Collection A-TITLE T1114.002 |
| /techniques/T1114/003 | Text duplicate | Email Forwarding Rule A-TITLE T1114.003 |
| /techniques/T1056 | Text duplicate | Input Capture (4) A-TITLE T1056 |
| /techniques/T1056/001 | Text duplicate | Keylogging A-TITLE T1056.001 |
| /techniques/T1056/002 | Text duplicate | GUI Input Capture A-TITLE T1056.002 |
| /techniques/T1056/003 | Text duplicate | Web Portal Capture A-TITLE T1056.003 |
| /techniques/T1056/004 | Text duplicate | Credential API Hooking A-TITLE T1056.004 |
| /techniques/T1113 | Text duplicate | Screen Capture A-TITLE T1113 |
| /techniques/T1125 | Text duplicate | Video Capture A-TITLE T1125 |
| /techniques/T1071 | Text duplicate | Application Layer Protocol (5) A-TITLE T1071 |
| /techniques/T1071/001 | Text duplicate | Web Protocols A-TITLE T1071.001 |
| /techniques/T1071/002 | Text duplicate | File Transfer Protocols A-TITLE T1071.002 |
| /techniques/T1071/003 | Text duplicate | Mail Protocols A-TITLE T1071.003 |
| /techniques/T1071/004 | Text duplicate | DNS A-TITLE T1071.004 |
| /techniques/T1071/005 | Text duplicate | Publish/Subscribe Protocols A-TITLE T1071.005 |
| /techniques/T1092 | Text duplicate | Communication Through Removable Media A-TITLE T1092 |
| /techniques/T1659 | Text duplicate | Content Injection A-TITLE T1659 |
| /techniques/T1132 | Text duplicate | Data Encoding (2) A-TITLE T1132 |
| /techniques/T1132/001 | Text duplicate | Standard Encoding A-TITLE T1132.001 |
| /techniques/T1132/002 | Text duplicate | Non-Standard Encoding A-TITLE T1132.002 |
| /techniques/T1001 | Text duplicate | Data Obfuscation (3) A-TITLE T1001 |
| /techniques/T1001/001 | Text duplicate | Junk Data A-TITLE T1001.001 |
| /techniques/T1001/002 | Text duplicate | Steganography A-TITLE T1001.002 |
| /techniques/T1001/003 | Text duplicate | Protocol or Service Impersonation A-TITLE T1001.003 |
| /techniques/T1568 | Text duplicate | Dynamic Resolution (3) A-TITLE T1568 |
| /techniques/T1568/001 | Text duplicate | Fast Flux DNS A-TITLE T1568.001 |
| /techniques/T1568/002 | Text duplicate | Domain Generation Algorithms A-TITLE T1568.002 |
| /techniques/T1568/003 | Text duplicate | DNS Calculation A-TITLE T1568.003 |
| /techniques/T1573 | Text duplicate | Encrypted Channel (2) A-TITLE T1573 |
| /techniques/T1573/001 | Text duplicate | Symmetric Cryptography A-TITLE T1573.001 |
| /techniques/T1573/002 | Text duplicate | Asymmetric Cryptography A-TITLE T1573.002 |
| /techniques/T1008 | Text duplicate | Fallback Channels A-TITLE T1008 |
| /techniques/T1665 | Text duplicate | Hide Infrastructure A-TITLE T1665 |
| /techniques/T1105 | Text duplicate | Ingress Tool Transfer A-TITLE T1105 |
| /techniques/T1104 | Text duplicate | Multi-Stage Channels A-TITLE T1104 |
| /techniques/T1095 | Text duplicate | Non-Application Layer Protocol A-TITLE T1095 |
| /techniques/T1571 | Text duplicate | Non-Standard Port A-TITLE T1571 |
| /techniques/T1572 | Text duplicate | Protocol Tunneling A-TITLE T1572 |
| /techniques/T1090 | Text duplicate | Proxy (4) A-TITLE T1090 |
| /techniques/T1090/001 | Text duplicate | Internal Proxy A-TITLE T1090.001 |
| /techniques/T1090/002 | Text duplicate | External Proxy A-TITLE T1090.002 |
| /techniques/T1090/003 | Text duplicate | Multi-hop Proxy A-TITLE T1090.003 |
| /techniques/T1090/004 | Text duplicate | Domain Fronting A-TITLE T1090.004 |
| /techniques/T1219 | Text duplicate | Remote Access Tools (3) A-TITLE T1219 |
| /techniques/T1219/001 | Text duplicate | IDE Tunneling A-TITLE T1219.001 |
| /techniques/T1219/002 | Text duplicate | Remote Desktop Software A-TITLE T1219.002 |
| /techniques/T1219/003 | Text duplicate | Remote Access Hardware A-TITLE T1219.003 |
| /techniques/T1205 | Text duplicate | Traffic Signaling (2) A-TITLE T1205 |
| /techniques/T1205/001 | Text duplicate | Port Knocking A-TITLE T1205.001 |
| /techniques/T1205/002 | Text duplicate | Socket Filters A-TITLE T1205.002 |
| /techniques/T1102 | Text duplicate | Web Service (3) A-TITLE T1102 |
| /techniques/T1102/001 | Text duplicate | Dead Drop Resolver A-TITLE T1102.001 |
| /techniques/T1102/002 | Text duplicate | Bidirectional Communication A-TITLE T1102.002 |
| /techniques/T1102/003 | Text duplicate | One-Way Communication A-TITLE T1102.003 |
| /techniques/T1020 | Text duplicate | Automated Exfiltration (1) A-TITLE T1020 |
| /techniques/T1020/001 | Text duplicate | Traffic Duplication A-TITLE T1020.001 |
| /techniques/T1030 | Text duplicate | Data Transfer Size Limits A-TITLE T1030 |
| /techniques/T1048 | Text duplicate | Exfiltration Over Alternative Protocol (3) A-TITLE T1048 |
| /techniques/T1048/001 | Text duplicate | Exfiltration Over Symmetric Encrypted Non-C2 Protocol A-TITLE T1048.001 |
| /techniques/T1048/002 | Text duplicate | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol A-TITLE T1048.002 |
| /techniques/T1048/003 | Text duplicate | Exfiltration Over Unencrypted Non-C2 Protocol A-TITLE T1048.003 |
| /techniques/T1041 | Text duplicate | Exfiltration Over C2 Channel A-TITLE T1041 |
| /techniques/T1011 | Text duplicate | Exfiltration Over Other Network Medium (1) A-TITLE T1011 |
| /techniques/T1011/001 | Text duplicate | Exfiltration Over Bluetooth A-TITLE T1011.001 |
| /techniques/T1052 | Text duplicate | Exfiltration Over Physical Medium (1) A-TITLE T1052 |
| /techniques/T1052/001 | Text duplicate | Exfiltration over USB A-TITLE T1052.001 |
| /techniques/T1567 | Text duplicate | Exfiltration Over Web Service (4) A-TITLE T1567 |
| /techniques/T1567/001 | Text duplicate | Exfiltration to Code Repository A-TITLE T1567.001 |
| /techniques/T1567/002 | Text duplicate | Exfiltration to Cloud Storage A-TITLE T1567.002 |
| /techniques/T1567/003 | Text duplicate | Exfiltration to Text Storage Sites A-TITLE T1567.003 |
| /techniques/T1567/004 | Text duplicate | Exfiltration Over Webhook A-TITLE T1567.004 |
| /techniques/T1029 | Text duplicate | Scheduled Transfer A-TITLE T1029 |
| /techniques/T1537 | Text duplicate | Transfer Data to Cloud Account A-TITLE T1537 |
| /techniques/T1531 | Text duplicate | Account Access Removal A-TITLE T1531 |
| /techniques/T1485 | Text duplicate | Data Destruction (1) A-TITLE T1485 |
| /techniques/T1485/001 | Text duplicate | Lifecycle-Triggered Deletion A-TITLE T1485.001 |
| /techniques/T1486 | Text duplicate | Data Encrypted for Impact A-TITLE T1486 |
| /techniques/T1565 | Text duplicate | Data Manipulation (3) A-TITLE T1565 |
| /techniques/T1565/001 | Text duplicate | Stored Data Manipulation A-TITLE T1565.001 |
| /techniques/T1565/002 | Text duplicate | Transmitted Data Manipulation A-TITLE T1565.002 |
| /techniques/T1565/003 | Text duplicate | Runtime Data Manipulation A-TITLE T1565.003 |
| /techniques/T1491 | Text duplicate | Defacement (2) A-TITLE T1491 |
| /techniques/T1491/001 | Text duplicate | Internal Defacement A-TITLE T1491.001 |
| /techniques/T1491/002 | Text duplicate | External Defacement A-TITLE T1491.002 |
| /techniques/T1561 | Text duplicate | Disk Wipe (2) A-TITLE T1561 |
| /techniques/T1561/001 | Text duplicate | Disk Content Wipe A-TITLE T1561.001 |
| /techniques/T1561/002 | Text duplicate | Disk Structure Wipe A-TITLE T1561.002 |
| /techniques/T1667 | Text duplicate | Email Bombing A-TITLE T1667 |
| /techniques/T1499 | Text duplicate | Endpoint Denial of Service (4) A-TITLE T1499 |
| /techniques/T1499/001 | Text duplicate | OS Exhaustion Flood A-TITLE T1499.001 |
| /techniques/T1499/002 | Text duplicate | Service Exhaustion Flood A-TITLE T1499.002 |
| /techniques/T1499/003 | Text duplicate | Application Exhaustion Flood A-TITLE T1499.003 |
| /techniques/T1499/004 | Text duplicate | Application or System Exploitation A-TITLE T1499.004 |
| /techniques/T1657 | Text duplicate | Financial Theft A-TITLE T1657 |
| /techniques/T1495 | Text duplicate | Firmware Corruption A-TITLE T1495 |
| /techniques/T1490 | Text duplicate | Inhibit System Recovery A-TITLE T1490 |
| /techniques/T1498 | Text duplicate | Network Denial of Service (2) A-TITLE T1498 |
| /techniques/T1498/001 | Text duplicate | Direct Network Flood A-TITLE T1498.001 |
| /techniques/T1498/002 | Text duplicate | Reflection Amplification A-TITLE T1498.002 |
| /techniques/T1496 | Text duplicate | Resource Hijacking (4) A-TITLE T1496 |
| /techniques/T1496/001 | Text duplicate | Compute Hijacking A-TITLE T1496.001 |
| /techniques/T1496/002 | Text duplicate | Bandwidth Hijacking A-TITLE T1496.002 |
| /techniques/T1496/003 | Text duplicate | SMS Pumping A-TITLE T1496.003 |
| /techniques/T1496/004 | Text duplicate | Cloud Service Hijacking A-TITLE T1496.004 |
| /techniques/T1489 | Text duplicate | Service Stop A-TITLE T1489 |
| /techniques/T1529 | Text duplicate | System Shutdown/Reboot A-TITLE T1529 |
| https://www.mitre.org/ | New window External Subdomain | No Text |
| /resources/engage-with-attack/... | Contact Us | |
| /resources/legal-and-branding/... | Terms of Use | |
| /resources/legal-and-branding/... | Privacy Policy | |
| /resources/changelog.html | Website Changelog A-TITLE ATT&CK content v17.1 Website v4.2.3 | |
| /resources/legal-and-branding/... | Cookie Preferences | |
| https://twitter.com/MITREattack | External | No Text |
| https://github.com/mitre-attack | External | No Text |
| Name | Value |
|---|---|
| server | GitHub.com |
| content-type | text/html; charset=utf-8 |
| last-modified | Wed, 02 Jul 2025 17:48:10 GMT |
| access-control-allow-origin | * |
| etag | W/"686570da-16c9f9" |
| expires | Sat, 26 Jul 2025 19:51:44 GMT |
| cache-control | max-age=600 |
| content-encoding | gzip |
| x-proxy-cache | MISS |
| x-github-request-id | 4E53:2E592A:2417463:24538DC:68852F78 |
| accept-ranges | bytes |
| age | 0 |
| date | Sat, 26 Jul 2025 19:41:44 GMT |
| via | 1.1 varnish |
| x-served-by | cache-fra-eddf8230164-FRA |
| x-cache | MISS |
| x-cache-hits | 0 |
| x-timer | S1753558905.657801,VS0,VE162 |
| vary | Accept-Encoding |
| x-fastly-request-id | bd2b42a1d36a9bd37c192263a6612efdbf4256c6 |
| content-length | 112126 |
| statuscode | 200 |
| http_version | HTTP/2 |
User-agent: * Disallow: /previous/ Disallow: /versions/
Following keywords were found. You can check the keyword optimization of this page for each keyword.
| Keyword | Result | Recheck |
|---|---|---|
| MITRE | 59% | Check |
| or Modify | 45% | Check |
| Files or | 45% | Check |
| or Service | 45% | Check |
| Boot or Logon | 41% | Check |
| or Modify System | 41% | Check |
| Disable or Modify | 41% | Check |
| Techniques | 39% | Check |
| Resource | 39% | Check |
| Disable or Modify Cloud | 39% | Check |
| External | 38% | Check |
| Defense Evasion | 37% | Check |
| Image | 36% | Check |
| System Image | 35% | Check |
| MITRE ATT&CK® | 35% | Check |
| Discovery | 34% | Check |
| Cloud | 34% | Check |
| Data | 34% | Check |
| System | 34% | Check |
| Network | 34% | Check |
| service | 34% | Check |
| File | 34% | Check |
| Execution | 34% | Check |
| Exfiltration | 34% | Check |
| Hijacking | 34% | Check |
Please select one of the following options for your request.
Contact options
Send us an email at support@seobility.net
Give us a call +49 911 23756261
Mo-Fr (CET)
from 9 am to 5 pm
None of these options suit your need?
You can also download our Quick Start Guide, visit the FAQ section, our Knowledge Base or Blog.
Please select one of the following options for your request.
We have received your message and will process it as soon as possible.
We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See the following links for more information.
We need these so the site can function properly
So we can better understand how visitors use our website
So we can serve you tailored ads and promotions
Meta Title
(Nice to have)