CIC-ATT&CK

Critical Infrastructure Cybersecurity

Secure Environment

Critical Infrastructure Cybersecurity Framework|Secure Environment

CIC-ATT&CKCRITICAL INFRASTRUCTURECYBERSECURITY

HomeATT&CK Matrix

Enterprise ATT&CK Matrix

The ATT&CK Matrix for Enterprise covers adversary tactics and techniques for Windows, macOS, Linux, Cloud, Network, and Container platforms.

Showing 226 of 226 techniques

Recon

Resource Dev

Initial Access

Execution

Persistence

Priv Esc

Defense Evasion

Cred Access

Discovery

Lateral Move

Collection

C2

Exfiltration

Impact

Active Scanning

Gather Victim Host Information

Gather Victim Identity Information

Gather Victim Network Information

Gather Victim Org Information

Phishing for Information

Search Closed Sources

Search Open Technical Databases

Search Open Websites/Domains

Search Victim-Owned Websites

Acquire Infrastructure

Compromise Accounts

Compromise Infrastructure

Develop Capabilities

Establish Accounts

Obtain Capabilities

Stage Capabilities

Content Injection

Drive-by Compromise

Exploit Public-Facing Application

External Remote Services

Hardware Additions

Replication Through Removable Media

Supply Chain Compromise

Trusted Relationship

Cloud Administration Command

Command and Scripting Interpreter

Container Administration Command

Deploy Container

ESXi Administration Command

Exploitation for Client Execution

Input Injection

Inter-Process Communication

Scheduled Task/Job

Software Deployment Tools

System Services

Windows Management Instrumentation

Input Injection

ESXi Administration Command

Account Manipulation

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

Create or Modify System Process

Event Triggered Execution

Hijack Execution Flow

Modify Authentication Process

Server Software Component

Traffic Signaling

Office Application Startup

Browser Extensions

Implant Internal Image

Scheduled Task/Job

Compromise Host Software Binary

Abuse Elevation Control Mechanism

Access Token Manipulation

Exploitation for Privilege Escalation

Process Injection

Domain/Tenant Policy Modification

Deobfuscate/Decode Files or Information

Direct Volume Access

Execution Guardrails

Exploitation for Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Indicator Removal

Obfuscated Files or Information

System Binary Proxy Execution

Virtualization/Sandbox Evasion

Indirect Command Execution

Rogue Domain Controller

System Script Proxy Execution

XSL Script Processing

Template Injection

Subvert Trust Controls

Modify Registry

Trusted Developer Utilities Proxy Execution

Unused/Unsupported Cloud Regions

Use Alternate Authentication Material

Reflective Code Loading

Modify Cloud Compute Infrastructure

Network Boundary Bridging

Weaken Encryption

Modify System Image

Plist File Modification

Hide Infrastructure

Modify Cloud Resource Hierarchy

Delay Execution

Adversary-in-the-Middle

Credentials from Password Stores

Exploitation for Credential Access

Forced Authentication

Forge Web Credentials

OS Credential Dumping

Steal Application Access Token

Steal or Forge Authentication Certificates

Steal or Forge Kerberos Tickets

Steal Web Session Cookie

Multi-Factor Authentication Interception

Unsecured Credentials

Multi-Factor Authentication Request Generation

Account Discovery

Application Window Discovery

Browser Information Discovery

Cloud Infrastructure Discovery

Cloud Service Dashboard

Cloud Service Discovery

Container and Resource Discovery

Debugger Evasion

Device Driver Discovery

Domain Trust Discovery

File and Directory Discovery

Group Policy Discovery

Log Enumeration

Network Service Discovery

Network Share Discovery

Network Sniffing

Password Policy Discovery

Peripheral Device Discovery

Permission Groups Discovery

Process Discovery

Remote System Discovery

Software Discovery

System Information Discovery

System Location Discovery

System Network Configuration Discovery

System Network Connections Discovery

System Owner/User Discovery

System Service Discovery

System Time Discovery

Virtualization/Sandbox Evasion

Cloud Storage Object Discovery

Local Storage Discovery

Exploitation of Remote Services

Internal Spearphishing

Lateral Tool Transfer

Remote Service Session Hijacking

Remote Services

Replication Through Removable Media

Software Deployment Tools

Taint Shared Content

Use Alternate Authentication Material

Adversary-in-the-Middle

Archive Collected Data

Automated Collection

Browser Session Hijacking

Data from Cloud Storage

Data from Configuration Repository

Data from Information Repositories

Data from Local System

Data from Network Shared Drive

Data from Removable Media

Email Collection

Communication Through Removable Media

Application Layer Protocol

Data Obfuscation

Dynamic Resolution

Encrypted Channel

Fallback Channels

Ingress Tool Transfer

Multi-Stage Channels

Non-Application Layer Protocol

Non-Standard Port

Protocol Tunneling

Remote Access Software

Traffic Signaling

Automated Exfiltration

Data Transfer Size Limits

Exfiltration Over Alternative Protocol

Exfiltration Over C2 Channel

Exfiltration Over Other Network Medium

Exfiltration Over Physical Medium

Exfiltration Over Web Service

Scheduled Transfer

Transfer Data to Cloud Account

Tactic

Technique

Hover for details

By using this website, you agree to our legal documents. Please review our Privacy Policy, Terms of Use, and Accessibility Statement in the footer.