Control Validation

Control Validation Tests

Explore Atomic Red Team Tests mapped to MITRE ATT&CK techniques to help validate security controls and test detections.

Search:

Test Name	MITRE ATT&CK ID	Platform
Detect Virtualization Environment (Linux)	T1497.001	linux
Detect Virtualization Environment (FreeBSD)	T1497.001	linux
Detect Virtualization Environment (Windows)	T1497.001	windows
Detect Virtualization Environment (MacOS)	T1497.001	macos
Detect Virtualization Environment via WMI Manufacturer/Model Listing (Windows)	T1497.001	windows
Odbcconf.exe - Execute Arbitrary DLL	T1218.008	windows
Odbcconf.exe - Load Response File	T1218.008	windows
At.exe Scheduled task	T1053.002	windows
At - Schedule a job	T1053.002	linux
Staging Local Certificates via Export-Certificate	T1649	windows
Pad Binary to Change Hash - Linux/macOS dd	T1027.001	linux, macos
Pad Binary to Change Hash using truncate command - Linux/macOS	T1027.001	linux, macos
Execute a process from a directory masquerading as the current parent directory.	T1036.005	macos, linux
Masquerade as a built-in system executable	T1036.005	windows
Replace Desktop Wallpaper	T1491.001	windows
Configure LegalNoticeCaption and LegalNoticeText registry keys to display ransom message	T1491.001	windows
Linux - Load Kernel Module via insmod	T1547.006	linux
MacOS - Load Kernel Module via kextload and kmutil	T1547.006	macos
MacOS - Load Kernel Module via KextManagerLoadKextWithURL()	T1547.006	macos
Snake Malware Kernel Driver Comadmin	T1547.006	windows
User scope COR_PROFILER	T1574.012	windows
System Scope COR_PROFILER	T1574.012	windows
Registry-free process scope COR_PROFILER	T1574.012	windows
Trap EXIT	T1546.005	macos, linux
Trap EXIT (freebsd)	T1546.005	linux
Trap SIGINT	T1546.005	macos, linux
Trap SIGINT (freebsd)	T1546.005	linux
Register Portable Virtualbox	T1564.006	windows
Create and start VirtualBox virtual machine	T1564.006	windows
Create and start Hyper-V virtual machine	T1564.006	windows
Make and modify binary from C source	T1548.001	macos, linux
Make and modify binary from C source (freebsd)	T1548.001	linux
Set a SetUID flag on file	T1548.001	macos, linux
Set a SetUID flag on file (freebsd)	T1548.001	linux
Set a SetGID flag on file	T1548.001	macos, linux
Set a SetGID flag on file (freebsd)	T1548.001	linux
Make and modify capabilities of a binary	T1548.001	linux
Provide the SetUID capability to a file	T1548.001	linux
Do reconnaissance for files that have the setuid bit set	T1548.001	linux
Do reconnaissance for files that have the setgid bit set	T1548.001	linux
Simulate Patching termsrv.dll	T1505.005	windows
Modify Terminal Services DLL Path	T1505.005	windows
SIP (Subject Interface Package) Hijacking via Custom DLL	T1553.003	windows
Persistance with Event Monitor - emond	T1546.014	macos
OpenSSL C2	T1573	windows
Decode base64 Data into Script	T1027	macos, linux
Execute base64-encoded PowerShell	T1027	windows
Execute base64-encoded PowerShell from Windows Registry	T1027	windows
Execution from Compressed File	T1027	windows
DLP Evasion via Sensitive Data in VBA Macro over email	T1027	windows

Showing 1 to 50 of 1,543 entries