BluSapphire

Introduction
Product Videos
Unified Cyber Defense Platform
The Stack
Features and capabilities
Operations
Architecture
Integration
Cisco pxGrid Integration
MITRE ATT&CK
MITRE ATT&CK Coverage by Tactic
MITRE ATT&CK Coverage by Technique
BluArmour Endpoint Protection
BluArmour For ICS / AirGapped Networks
BluArmour Pre-Deployment Checklist & Roll out Process
Deploy BluArmour via SCCM
BluGenie
SIGMA Rules
Use cases
Threat Intel Sources
Windows Logging Recommendations
Lateral Movement Logging Recommendations
Best Data Sources for Detection
GPO for Service Account, WinRM and WMI
Log Forwarding - How To
Cloud Log Forwarding
Mirror / SPAN port configuration
Deploy Micro-Agent/Sysmon via GPO
Active-Defense-Services
- Services (ADS - LIADS)
  Network Services
  Database Services
  Web-Apps
- Tokens (ADS - Tokens)
Threat Hunt
CaseHub
Appendix A

Powered by GitBook

MITRE ATT&CK Coverage by Technique

(listed alphabetically)

PreviousMITRE ATT&CK Coverage by Tactic NextBluArmour Endpoint Protection

Last updated 3 years ago

On this page

Technique

Privilege Escalation

Defense Evasion

Credential Access

Lateral Movement

Command & Control

Access Token Manipulation

X

X

Accessibility Features

X

X

Account Discovery

X

Account Manipulation

X

X

AppCert DLLs

X

X

AppInit DLLs

X

X

Application Shimming

X

X

Application Window Discovery

X

Audio Capture

X

Authentication Package

X

Automated Collection

X

Binary Padding

X

BITS Jobs

X

X

Bootkit

X

Browser Extensions

X

Brute Force

X

Bypass User Account Control

X

X

Change Default File Association

X

Clipboard Data

X

CMSTP

X

X

Code Signing

X

Command-Line Interface

X

Commonly Used Port

X

Communication Through Removable Media

X

Compile After Delivery

X

Compiled HTML File

X

X

Component Object Model Hijacking

X

X

Connection Proxy

X

Control Panel Items

X

X

Create Account

X

Credential Dumping

X

Credentials in Files

X

Credentials in Registry

X

Custom Command and Control Protocol

X

Data Compressed

X

Data Destruction

X

Data Encoding

X

Data Encrypted for Impact

X

Data from Local System

X

Data from Network Shared Drive

X

Data from Removable Media

X

Data Obfuscation

X

Data Staged

X

Data Transfer Size Limits

X

DCShadow

X

Deobfuscate/Decode Files or Information

X

Disabling Security Tools

X

Disk Content Wipe

X

Disk Structure Wipe

X

DLL Search Order Hijacking

X

X

DLL Side-Loading

X

Domain Generation Algorithms

X

Domain Trust Discovery

X

Drive-by Compromise

X

Dynamic Data Exchange

X

Email Collection

X

Execution through API

X

Execution through Module Load

X

Exfiltration Over Alternative Protocol

X

Exfiltration Over Command and Control Channel

X

Exfiltration Over Other Network Medium

X

Exfiltration Over Physical Medium

X

Exploit Public-Facing Application

X

Exploitation for Client Execution

X

Exploitation for Credential Access

X

Exploitation for Defense Evasion

X

Exploitation for Privilege Escalation

X

Exploitation of Remote Services

X

External Remote Services

X

X

Extra Window Memory Injection

X

Fallback Channels

X

File and Directory Discovery

X

File Deletion

X

Forced Authentication

X

Group Policy Modification

X

Hardware Additions

X

Hidden Files and Directories

X

X

Hooking

X

X

X

Hypervisor

X

Image File Execution Options Injection

X

X

X

Indicator Blocking

X

Indicator Removal on Host

X

Indirect Command Execution

X

Inhibit System Recovery

X

Input Capture

X

X

Input Prompt

X

Install Root Certificate

X

InstallUtil

X

X

Kerberoasting

X

LLMNR/NBT-NS Poisoning and Relay

X

Logon Scripts

X

X

LSASS Driver

X

X

Masquerading

X

Modify Existing Service

X

Modify Registry

X

Mshta

X

X

Multi-hop Proxy

X

Multi-Stage Channels

X

Network Service Scanning

X

Network Share Connection Removal

X

Network Share Discovery

X

Network Sniffing

X

X

New Service

X

X

NTFS File Attributes

X

Obfuscated Files or Information

X

Office Application Startup

X

Pass the Hash

X

Pass the Ticket

X

Password Policy Discovery

X

Path Interception

X

X

Peripheral Device Discovery

X

Permission Groups Discovery

X

Port Monitors

X

X

PowerShell

X

Private Keys

X

Process Discovery

X

Process Injection

X

X

Query Registry

X

Registry Run Keys / Startup Folder

X

Regsvcs/Regasm

X

X

Regsvr32

X

X

Remote Access Tools

X

Remote Desktop Protocol

X

Remote File Copy

X

X

Remote Services

X

Remote System Discovery

X

Replication Through Removable Media

X

X

Rundll32

X

X

Scheduled Task

X

X

X

Scheduled Transfer

X

Screensaver

X

Scripting

X

X

Security Software Discovery

X

Security Support Provider

X

Service Execution

X

Service Stop

X

Signed Binary Proxy Execution

X

X

Signed Script Proxy Execution

X

X

Spearphishing Attachment

X

Spearphishing Link

X

Standard Application Layer Protocol

X

Standard Non-Application Layer Protocol

X

Stored Data Manipulation

X

System Information Discovery

X

System Network Configuration Discovery

X

System Network Connections Discovery

X

System Owner/User Discovery

X

System Service Discovery

X

System Time Discovery

X

Third-party Software

X

X

Timestomp

X

Trusted Developer Utilities

X

X

Trusted Relationship

X

Uncommonly Used Port

X

User Execution

X

Valid Accounts

X

X

X

Virtualization/Sandbox Evasion

X

Web Service

X

X

Web Shell

X

X

Windows Admin Shares

X

Windows Management Instrumentation

X

Windows Management Instrumentation Event Subscription

X

Windows Remote Management

X

X

Winlogon Helper DLL

X

jjjj