MITRE ATT&CK Techniques
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1001 | Data Obfuscation | Command and Control |
| T1001.001 | Junk Data | Command and Control |
| T1001.002 | Steganography | Command and Control |
| T1001.003 | Protocol Impersonation | Command and Control |
| T1003 | OS Credential Dumping | Credential Access |
| T1003.001 | LSASS Memory | Credential Access |
| T1003.002 | Security Account Manager | Credential Access |
| T1003.003 | NTDS | Credential Access |
| T1003.004 | LSA Secrets | Credential Access |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1003.006 | DCSync | Credential Access |
| T1003.007 | Proc Filesystem | Credential Access |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
| T1005 | Data from Local System | Collection |
| T1006 | Direct Volume Access | Defense Evasion |
| T1007 | System Service Discovery | Discovery |
| T1008 | Fallback Channels | Command and Control |
| T1010 | Application Window Discovery | Discovery |
| T1011 | Exfiltration Over Other Network Medium | Exfiltration |
| T1011.001 | Exfiltration Over Bluetooth | Exfiltration |
| T1012 | Query Registry | Discovery |
| T1014 | Rootkit | Defense Evasion |
| T1016 | System Network Configuration Discovery | Discovery |
| T1016.001 | Internet Connection Discovery | Discovery |
| T1016.002 | Wi-Fi Discovery | Discovery |
| T1018 | Remote System Discovery | Discovery |
| T1020 | Automated Exfiltration | Exfiltration |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1021 | Remote Services | Lateral Movement |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1021.004 | SSH | Lateral Movement |
| T1021.005 | VNC | Lateral Movement |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1021.007 | Cloud Services | Lateral Movement |
| T1021.008 | Direct Cloud VM Connections | Lateral Movement |
| T1025 | Data from Removable Media | Collection |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1027.001 | Binary Padding | Defense Evasion |
| T1027.002 | Software Packing | Defense Evasion |
| T1027.003 | Steganography | Defense Evasion |
| T1027.004 | Compile After Delivery | Defense Evasion |
| T1027.005 | Indicator Removal from Tools | Defense Evasion |
| T1027.006 | HTML Smuggling | Defense Evasion |
| T1027.007 | Dynamic API Resolution | Defense Evasion |
| T1027.008 | Stripped Payloads | Defense Evasion |
| T1027.009 | Embedded Payloads | Defense Evasion |
| T1027.010 | Command Obfuscation | Defense Evasion |
| T1027.011 | Fileless Storage | Defense Evasion |