Loading page content
Loading...
Cybersecurity. Redefined.
Explore all 203 techniques across 14 tactics. See how our services protect against the entire MITRE ATT&CK framework.
Filter by Service:
Filter by Tactic:
Showing 203 of 203 techniques
The adversary is trying to gather information they can use to plan future operations.
Adversaries may execute active reconnaissance scans to gather information about target networks.
Protected by 3 services:
Adversaries may gather information about victim hosts that can be used during targeting.
Protected by 3 services:
Adversaries may gather information about victim identities for targeting.
Protected by 3 services:
Adversaries may gather information about victim networks for targeting.
Protected by 3 services:
Adversaries may gather information about victim organizations for targeting.
Protected by 3 services:
Adversaries may send phishing messages to elicit sensitive information.
Protected by 3 services:
Adversaries may search and gather information from closed sources.
Protected by 3 services:
Adversaries may search freely available technical databases for information.
Protected by 3 services:
Adversaries may search freely available websites and domains for information.
Protected by 3 services:
Adversaries may search websites owned by the victim for information.
Protected by 3 services:
The adversary is trying to establish resources they can use to support operations.
Adversaries may buy, lease, or rent infrastructure for staging operations.
Protected by 3 services:
Adversaries may compromise accounts with services that can be used in targeting.
Protected by 3 services:
Adversaries may compromise third-party infrastructure for operations.
Protected by 3 services:
Adversaries may build capabilities to support operations.
Protected by 3 services:
Adversaries may create accounts with services for operations.
Protected by 3 services:
Adversaries may buy or steal capabilities for operations.
Protected by 3 services:
Adversaries may upload or install capabilities on compromised infrastructure.
Protected by 3 services:
The adversary is trying to get into your network.
Adversaries may gain access through visiting websites controlled by the adversary.
Protected by 3 services:
Adversaries may exploit weaknesses in internet-facing applications.
Protected by 4 services:
Adversaries may leverage external remote services to gain access.
Protected by 4 services:
Adversaries may introduce hardware devices as a vector for access.
Protected by 3 services:
Adversaries may send phishing messages to gain access to victim systems.
Protected by 4 services:
Adversaries may move through systems using infected removable media.
Protected by 3 services:
Adversaries may manipulate products prior to receipt by final consumer.
Protected by 4 services:
Adversaries may breach organizations through trusted third parties.
Protected by 4 services:
Adversaries may use legitimate credentials to gain initial access.
Protected by 5 services:
Adversaries may move onto systems through infected media.
Protected by 3 services:
The adversary is trying to run malicious code.
Adversaries may abuse command and script interpreters to execute commands.
Protected by 4 services:
Adversaries may abuse container administration services to execute commands.
Protected by 3 services:
Adversaries may deploy containers to execute processes.
Protected by 3 services:
Adversaries may exploit software vulnerabilities to execute code.
Protected by 4 services:
Adversaries may abuse IPC mechanisms to execute code.
Protected by 3 services:
Adversaries may interact with native OS APIs to execute behaviors.
Protected by 3 services:
Adversaries may abuse task scheduling functionality to execute code.
Protected by 4 services:
Adversaries may abuse serverless computing to execute code.
Protected by 3 services:
Adversaries may execute by loading shared modules.
Protected by 3 services:
Adversaries may gain access to and use centralized software deployment tools.
Protected by 4 services:
Adversaries may abuse system services to execute commands.
Protected by 3 services:
Adversaries may rely upon user actions to gain execution.
Protected by 4 services:
Adversaries may abuse WMI to execute malicious commands.
Protected by 3 services:
Adversaries may gain access to and use software deployment systems.
Protected by 4 services:
The adversary is trying to maintain their foothold.
Adversaries may leverage external remote services to gain access.
Protected by 4 services:
Adversaries may use legitimate credentials to gain initial access.
Protected by 5 services:
Adversaries may abuse task scheduling functionality to execute code.
Protected by 4 services:
Adversaries may manipulate accounts to maintain access.
Protected by 4 services:
Adversaries may create accounts to maintain access to victim systems.
Protected by 4 services:
Adversaries may create or modify system processes to repeatedly execute malicious payloads.
Protected by 4 services:
Adversaries may establish persistence through system mechanisms that trigger execution.
Protected by 3 services:
Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs.
Protected by 4 services:
Adversaries may implant cloud images with malicious code to establish persistence.
Protected by 3 services:
Adversaries may modify authentication mechanisms to access user credentials.
Protected by 4 services:
Adversaries may leverage Microsoft Office-based applications for persistence.
Protected by 3 services:
Adversaries may abuse pre-OS boot mechanisms as a way to establish persistence.
Protected by 4 services:
Adversaries may configure system settings to automatically execute programs during boot or logon.
Protected by 4 services:
Adversaries may use scripts automatically executed at boot or logon initialization to establish persistence.
Protected by 3 services:
Adversaries may abuse browser extensions to establish persistence.
Protected by 3 services:
Adversaries may modify client software binaries to establish persistence.
Protected by 3 services:
Adversaries may abuse BITS to persistently execute code.
Protected by 3 services:
Adversaries may abuse server applications to establish persistence.
Protected by 4 services:
Adversaries may use traffic signaling to hide open ports or trigger responses.
Protected by 3 services:
Adversaries may modify authentication to access credentials or enable access.
Protected by 4 services:
Adversaries may use signaling to hide ports.
Protected by 3 services:
Adversaries may modify authentication to access credentials.
Protected by 4 services:
Adversaries may use traffic signaling to hide open ports.
Protected by 3 services:
The adversary is trying to gain higher-level permissions.
Adversaries may use legitimate credentials to gain initial access.
Protected by 5 services:
Adversaries may abuse task scheduling functionality to execute code.
Protected by 4 services:
Adversaries may manipulate accounts to maintain access.
Protected by 4 services:
Adversaries may create or modify system processes to repeatedly execute malicious payloads.
Protected by 4 services:
Adversaries may establish persistence through system mechanisms that trigger execution.
Protected by 3 services:
Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs.
Protected by 4 services:
Adversaries may configure system settings to automatically execute programs during boot or logon.
Protected by 4 services:
Adversaries may use scripts automatically executed at boot or logon initialization to establish persistence.
Protected by 3 services:
Adversaries may bypass mechanisms designed to control elevated privileges.
Protected by 4 services:
Adversaries may modify access tokens to operate under different security context.
Protected by 3 services:
Adversaries may break out of a container to gain access to the underlying host.
Protected by 3 services:
Adversaries may modify domain policy to establish persistence or escalate privileges.
Protected by 4 services:
Adversaries may exploit software vulnerabilities to elevate privileges.
Protected by 5 services:
Adversaries may inject code into processes to evade process-based defenses.
Protected by 3 services:
Adversaries may modify domain policy settings.
Protected by 3 services:
The adversary is trying to avoid being detected.
Adversaries may use legitimate credentials to gain initial access.
Protected by 5 services:
Adversaries may deploy containers to execute processes.
Protected by 3 services:
Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs.
Protected by 4 services:
Adversaries may modify authentication mechanisms to access user credentials.
Protected by 4 services:
Adversaries may abuse pre-OS boot mechanisms as a way to establish persistence.
Protected by 4 services:
Adversaries may abuse BITS to persistently execute code.
Protected by 3 services:
Adversaries may use traffic signaling to hide open ports or trigger responses.
Protected by 3 services:
Adversaries may bypass mechanisms designed to control elevated privileges.
Protected by 4 services:
Adversaries may modify access tokens to operate under different security context.
Protected by 3 services:
Adversaries may modify domain policy to establish persistence or escalate privileges.
Protected by 4 services:
Adversaries may inject code into processes to evade process-based defenses.
Protected by 3 services:
Adversaries may use obfuscated files to hide artifacts of an intrusion.
Protected by 3 services:
Adversaries may directly access a volume to bypass protections.
Protected by 3 services:
Adversaries may modify domain policy settings.
Protected by 3 services:
Adversaries may use guardrails to constrain execution based on conditions.
Protected by 3 services:
Adversaries may exploit vulnerabilities to bypass security features.
Protected by 4 services:
Adversaries may modify permissions to evade access controls.
Protected by 3 services:
Adversaries may attempt to hide artifacts associated with their behaviors.
Protected by 3 services:
Adversaries may maliciously modify components to hinder defenses.
Protected by 3 services:
Adversaries may delete or modify artifacts to remove evidence.
Protected by 3 services:
Adversaries may abuse utilities that allow indirect command execution.
Protected by 3 services:
Adversaries may attempt to manipulate features to evade defenses.
Protected by 3 services:
Adversaries may modify authentication to access credentials or enable access.
Protected by 4 services:
Adversaries may modify cloud compute service infrastructure.
Protected by 3 services:
Adversaries may modify the Windows Registry to hide configuration.
Protected by 3 services:
Adversaries may modify system images to subvert controls.
Protected by 4 services:
Adversaries may bridge network boundaries to bypass isolation.
Protected by 4 services:
Adversaries may obfuscate to make analysis difficult.
Protected by 3 services:
Adversaries may modify plist files to enable execution.
Protected by 2 services:
Adversaries may register rogue Domain Controllers.
Protected by 4 services:
Adversaries may use rootkits to hide presence.
Protected by 4 services:
Adversaries may bypass defenses through proxy execution.
Protected by 3 services:
Adversaries may use scripts for proxy execution.
Protected by 3 services:
Adversaries may inject malicious code into templates.
Protected by 3 services:
Adversaries may use signaling to hide ports.
Protected by 3 services:
Adversaries may use trusted developer utilities for execution.
Protected by 3 services:
Adversaries may use unused cloud regions to evade detection.
Protected by 3 services:
Adversaries may use alternate authentication to move laterally.
Protected by 4 services:
Adversaries may check for virtualization and sandbox environments.
Protected by 4 services:
Adversaries may compromise encryption to enable exploitation.
Protected by 4 services:
Adversaries may use XSL scripts for code execution.
Protected by 3 services:
Adversaries may modify authentication to access credentials.
Protected by 4 services:
Adversaries may check for debugging to evade analysis.
Protected by 3 services:
Adversaries may check for virtualization and sandbox environments.
Protected by 4 services:
Adversaries may use alternate authentication material.
Protected by 4 services:
Adversaries may use traffic signaling to hide open ports.
Protected by 3 services:
The adversary is trying to steal account names and passwords.
Adversaries may modify authentication mechanisms to access user credentials.
Protected by 4 services:
Adversaries may modify authentication to access credentials or enable access.
Protected by 4 services:
Adversaries may use brute force techniques to gain access to accounts.
Protected by 4 services:
Adversaries may search for common password storage locations.
Protected by 4 services:
Adversaries may exploit vulnerabilities to obtain credentials.
Protected by 4 services:
Adversaries may gather credential material via forced authentication.
Protected by 3 services:
Adversaries may forge credential materials for web applications.
Protected by 3 services:
Adversaries may use methods to capture user input.
Protected by 4 services:
Adversaries may modify authentication to access credentials.
Protected by 4 services:
Adversaries may sniff network traffic to capture information.
Protected by 4 services:
Adversaries may attempt to dump credentials to obtain account login information.
Protected by 4 services:
Adversaries may steal tokens to acquire credentials.
Protected by 3 services:
Adversaries may steal or forge certificates for authentication.
Protected by 4 services:
Adversaries may attempt to subvert Kerberos authentication.
Protected by 4 services:
Adversaries may steal session cookies to bypass authentication.
Protected by 4 services:
Adversaries may target MFA mechanisms to gain access to credentials.
Protected by 4 services:
Adversaries may abuse MFA mechanisms to gain access.
Protected by 3 services:
Adversaries may search compromised systems for insecurely stored credentials.
Protected by 4 services:
Adversaries may sniff network traffic to capture information.
Protected by 4 services:
Adversaries may position themselves between communication flows.
Protected by 4 services:
Adversaries may use methods to capture user input.
Protected by 4 services:
The adversary is trying to figure out your environment.
Adversaries may check for virtualization and sandbox environments.
Protected by 4 services:
Adversaries may sniff network traffic to capture information.
Protected by 4 services:
Adversaries may attempt to get a listing of accounts on a system.
Protected by 3 services:
Adversaries may attempt to get a listing of open windows.
Protected by 2 services:
Adversaries may enumerate browser information.
Protected by 3 services:
Adversaries may attempt to discover cloud infrastructure.
Protected by 3 services:
Adversaries may use cloud dashboards for discovery.
Protected by 3 services:
Adversaries may enumerate cloud services.
Protected by 3 services:
Adversaries may discover containers and cloud resources.
Protected by 3 services:
Adversaries may check for debugging to evade analysis.
Protected by 3 services:
Adversaries may enumerate device drivers on compromised systems.
Protected by 3 services:
Adversaries may attempt to gather information on domain trust relationships.
Protected by 3 services:
Adversaries may enumerate files and directories.
Protected by 2 services:
Adversaries may gather information on Group Policy settings.
Protected by 3 services:
Adversaries may enumerate system and application logs.
Protected by 3 services:
Adversaries may attempt to get a listing of services running on remote hosts.
Protected by 4 services:
Adversaries may look for folders and drives shared on remote systems.
Protected by 3 services:
Adversaries may sniff network traffic to capture information.
Protected by 4 services:
Adversaries may attempt to access password policy information.
Protected by 3 services:
Adversaries may attempt to gather information about attached devices.
Protected by 2 services:
Adversaries may enumerate permission groups.
Protected by 3 services:
Adversaries may attempt to get information about running processes.
Protected by 2 services:
Adversaries may interact with the Windows Registry to gather information.
Protected by 2 services:
Adversaries may attempt to get a listing of remote systems.
Protected by 3 services:
Adversaries may attempt to get a listing of installed software.
Protected by 4 services:
Adversaries may attempt to get detailed information about the system.
Protected by 2 services:
Adversaries may gather information to determine physical location.
Protected by 2 services:
Adversaries may look for details about network configuration.
Protected by 3 services:
Adversaries may attempt to get a listing of network connections.
Protected by 2 services:
Adversaries may attempt to identify the primary user of a system.
Protected by 2 services:
Adversaries may try to get information about registered services.
Protected by 3 services:
Adversaries may gather the system time to help with their operations.
Protected by 2 services:
Adversaries may check for virtualization and sandbox environments.
Protected by 4 services:
The adversary is trying to move through your environment.
Adversaries may move through systems using infected removable media.
Protected by 3 services:
Adversaries may gain access to and use centralized software deployment tools.
Protected by 4 services:
Adversaries may use alternate authentication to move laterally.
Protected by 4 services:
Adversaries may exploit remote services to gain access.
Protected by 4 services:
Adversaries may use internal spearphishing to gain access to additional information.
Protected by 3 services:
Adversaries may transfer tools between systems.
Protected by 3 services:
Adversaries may take control of preexisting sessions.
Protected by 3 services:
Adversaries may use valid accounts to log into a service.
Protected by 4 services:
Adversaries may move onto systems through infected media.
Protected by 3 services:
Adversaries may gain access to and use software deployment systems.
Protected by 4 services:
Adversaries may deliver payloads via shared content.
Protected by 3 services:
Adversaries may use alternate authentication material.
Protected by 4 services:
The adversary is trying to gather data of interest to their goal.
Adversaries may use methods to capture user input.
Protected by 4 services:
Adversaries may position themselves between communication flows.
Protected by 4 services:
Adversaries may compress and/or encrypt data prior to exfiltration.
Protected by 3 services:
Adversaries may capture audio to collect information.
Protected by 3 services:
Adversaries may use automated techniques for collecting.
Protected by 3 services:
Adversaries may take advantage of security vulnerabilities to hijack browser sessions.
Protected by 4 services:
Adversaries may collect data stored in the clipboard.
Protected by 3 services:
Adversaries may access data from cloud storage.
Protected by 3 services:
Adversaries may collect data from configuration repositories.
Protected by 3 services:
Adversaries may leverage information repositories to mine valuable information.
Protected by 3 services:
Adversaries may search local system sources.
Protected by 3 services:
Adversaries may search network shares for information.
Protected by 3 services:
Adversaries may search removable media for sensitive information.
Protected by 3 services:
Adversaries may stage collected data in a central location.
Protected by 3 services:
Adversaries may access email to collect sensitive information.
Protected by 3 services:
Adversaries may use methods to capture user input.
Protected by 4 services:
Adversaries may take screen captures of the desktop.
Protected by 3 services:
Adversaries may use peripheral video devices or applications to capture video.
Protected by 3 services:
The adversary is trying to communicate with compromised systems to control them.
Adversaries may use traffic signaling to hide open ports or trigger responses.
Protected by 3 services:
Adversaries may use signaling to hide ports.
Protected by 3 services:
Adversaries may communicate using application layer protocols.
Protected by 3 services:
Adversaries may use removable media as a C2 channel.
Protected by 3 services:
Adversaries may encode data to make transfer less conspicuous.
Protected by 3 services:
Adversaries may obfuscate command and control traffic.
Protected by 3 services:
Adversaries may dynamically establish connections through resolution.
Protected by 2 services:
Adversaries may employ encryption to hide command and control traffic.
Protected by 3 services:
Adversaries may use fallback or alternate communication channels.
Protected by 3 services:
Adversaries may transfer tools into a compromised environment.
Protected by 3 services:
Adversaries may create multiple stages for command and control.
Protected by 3 services:
Adversaries may use non-application layer protocols for communication.
Protected by 3 services:
Adversaries may communicate over non-standard ports.
Protected by 3 services:
Adversaries may tunnel network communications to subvert defenses.
Protected by 3 services:
Adversaries may use a connection proxy to direct network traffic.
Protected by 3 services:
Adversaries may use legitimate remote access software.
Protected by 4 services:
Adversaries may use traffic signaling to hide open ports.
Protected by 3 services:
Adversaries may use popular websites and social media for C2.
Protected by 3 services:
The adversary is trying to steal data.
Adversaries may use automated processing for exfiltration.
Protected by 3 services:
Adversaries may exfiltrate data in fixed size chunks.
Protected by 3 services:
Adversaries may steal data by exfiltrating it over different protocol.
Protected by 3 services:
Adversaries may steal data by exfiltrating it through the command and control channel.
Protected by 4 services:
Adversaries may exfiltrate data over a different network medium.
Protected by 2 services:
Adversaries may exfiltrate data via a physical medium.
Protected by 3 services:
Adversaries may use web services to exfiltrate data.
Protected by 3 services:
Adversaries may schedule data exfiltration.
Protected by 3 services:
Adversaries may exfiltrate data to cloud storage services.
Protected by 3 services:
The adversary is trying to manipulate, interrupt, or destroy your systems and data.
Adversaries may remove account access to inhibit system recovery.
Protected by 3 services:
Adversaries may destroy data to render it irrecoverable.
Protected by 4 services:
Adversaries may encrypt data on target systems to render it inaccessible.
Protected by 4 services:
Adversaries may manipulate data to hide or corrupt information.
Protected by 3 services:
Adversaries may deface systems to deliver messaging.
Protected by 3 services:
Adversaries may wipe disk content to interrupt operations.
Protected by 3 services:
Adversaries may perform DoS attacks to degrade services.
Protected by 4 services:
Adversaries may steal monetary resources.
Protected by 4 services:
Adversaries may corrupt firmware to render systems inoperable.
Protected by 4 services:
Adversaries may delete or modify system recovery features.
Protected by 4 services:
Adversaries may perform Network DoS to degrade services.
Protected by 3 services:
Adversaries may leverage resources for cryptomining.
Protected by 3 services:
Adversaries may stop services on a system.
Protected by 4 services:
Adversaries may shutdown/reboot systems to interrupt access.
Protected by 3 services:
Extended detection powered by Microsoft's security suite
24/7 security operations center monitoring
Proactive threat detection across cloud platforms
Elite incident response and forensics
Adversary simulation and testing
Systematic security evaluation
Human firewall development
Attack Tactics
Attack Techniques
Security Services
Framework Coverage
Our comprehensive security services provide coverage across all 203 MITRE ATT&CK techniques