MITRE ATT&CK Coverage by Technique

(listed alphabetically)

Technique

Initial Access

Access Token Manipulation

Accessibility Features

Account Discovery

Account Manipulation

AppCert DLLs

AppInit DLLs

Application Shimming

Application Window Discovery

Audio Capture

Authentication Package

Automated Collection

Binary Padding

BITS Jobs

Bootkit

Browser Extensions

Brute Force

Bypass User Account Control

Change Default File Association

Clipboard Data

CMSTP

Code Signing

Command-Line Interface

Commonly Used Port

Communication Through Removable Media

Compile After Delivery

Compiled HTML File

Component Object Model Hijacking

Connection Proxy

Control Panel Items

Create Account

Credential Dumping

Credentials in Files

Credentials in Registry

Custom Command and Control Protocol

Data Compressed

Data Destruction

Data Encoding

Data Encrypted for Impact

Data from Local System

Data from Network Shared Drive

Data from Removable Media

Data Obfuscation

Data Staged

Data Transfer Size Limits

DCShadow

Deobfuscate/Decode Files or Information

Disabling Security Tools

Disk Content Wipe

Disk Structure Wipe

DLL Search Order Hijacking

DLL Side-Loading

Domain Generation Algorithms

Domain Trust Discovery

Drive-by Compromise

Dynamic Data Exchange

Email Collection

Execution through API

Execution through Module Load

Exfiltration Over Alternative Protocol

Exfiltration Over Command and Control Channel

Exfiltration Over Other Network Medium

Exfiltration Over Physical Medium

Exploit Public-Facing Application

Exploitation for Client Execution

Exploitation for Credential Access

Exploitation for Defense Evasion

Exploitation for Privilege Escalation

Exploitation of Remote Services

External Remote Services

Extra Window Memory Injection

Fallback Channels

File and Directory Discovery

File Deletion

Forced Authentication

Group Policy Modification

Hardware Additions

Hidden Files and Directories

Hooking

Hypervisor

Image File Execution Options Injection

Indicator Blocking

Indicator Removal on Host

Indirect Command Execution

Inhibit System Recovery

Input Capture

Input Prompt

Install Root Certificate

InstallUtil

Kerberoasting

LLMNR/NBT-NS Poisoning and Relay

Logon Scripts

LSASS Driver

Masquerading

Modify Existing Service

Modify Registry

Mshta

Multi-hop Proxy

Multi-Stage Channels

Network Service Scanning

Network Share Connection Removal

Network Share Discovery

Network Sniffing

New Service

NTFS File Attributes

Obfuscated Files or Information

Office Application Startup

Pass the Hash

Pass the Ticket

Password Policy Discovery

Path Interception

Peripheral Device Discovery

Permission Groups Discovery

Port Monitors

PowerShell

Private Keys

Process Discovery

Process Injection

Query Registry

Registry Run Keys / Startup Folder

Regsvcs/Regasm

Regsvr32

Remote Access Tools

Remote Desktop Protocol

Remote File Copy

Remote Services

Remote System Discovery

Replication Through Removable Media

Rundll32

Scheduled Task

Scheduled Transfer

Screensaver

Scripting

Security Software Discovery

Security Support Provider

Service Execution

Service Stop

Signed Binary Proxy Execution

Signed Script Proxy Execution

Spearphishing Attachment

Spearphishing Link

Standard Application Layer Protocol

Standard Non-Application Layer Protocol

Stored Data Manipulation

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

System Owner/User Discovery

System Service Discovery

System Time Discovery

Third-party Software

Timestomp

Trusted Developer Utilities

Trusted Relationship

Uncommonly Used Port

User Execution

Valid Accounts

Virtualization/Sandbox Evasion

Web Service

Web Shell

Windows Admin Shares

Windows Management Instrumentation

Windows Management Instrumentation Event Subscription

Windows Remote Management

Winlogon Helper DLL

jjjj

PreviousMITRE ATT&CK Coverage by Tactic NextBluArmour Endpoint Protection

Last updated 3 years ago