MITRE ATT&CK Coverage by Technique
(listed alphabetically)
Technique
Access Token Manipulation
X
X
Accessibility Features
X
X
Account Discovery
X
Account Manipulation
X
X
AppCert DLLs
X
X
AppInit DLLs
X
X
Application Shimming
X
X
Application Window Discovery
X
Audio Capture
X
Authentication Package
X
Automated Collection
X
Binary Padding
X
BITS Jobs
X
X
Bootkit
X
Browser Extensions
X
Brute Force
X
Bypass User Account Control
X
X
Change Default File Association
X
Clipboard Data
X
CMSTP
X
X
Code Signing
X
Command-Line Interface
X
Commonly Used Port
X
Communication Through Removable Media
X
Compile After Delivery
X
Compiled HTML File
X
X
Component Object Model Hijacking
X
X
Connection Proxy
X
Control Panel Items
X
X
Create Account
X
Credential Dumping
X
Credentials in Files
X
Credentials in Registry
X
Custom Command and Control Protocol
X
Data Compressed
X
Data Destruction
X
Data Encoding
X
Data Encrypted for Impact
X
Data from Local System
X
Data from Network Shared Drive
X
Data from Removable Media
X
Data Obfuscation
X
Data Staged
X
Data Transfer Size Limits
X
DCShadow
X
Deobfuscate/Decode Files or Information
X
Disabling Security Tools
X
Disk Content Wipe
X
Disk Structure Wipe
X
DLL Search Order Hijacking
X
X
DLL Side-Loading
X
Domain Generation Algorithms
X
Domain Trust Discovery
X
Drive-by Compromise
X
Dynamic Data Exchange
X
Email Collection
X
Execution through API
X
Execution through Module Load
X
Exfiltration Over Alternative Protocol
X
Exfiltration Over Command and Control Channel
X
Exfiltration Over Other Network Medium
X
Exfiltration Over Physical Medium
X
Exploit Public-Facing Application
X
Exploitation for Client Execution
X
Exploitation for Credential Access
X
Exploitation for Defense Evasion
X
Exploitation for Privilege Escalation
X
Exploitation of Remote Services
X
External Remote Services
X
X
Extra Window Memory Injection
X
Fallback Channels
X
File and Directory Discovery
X
File Deletion
X
Forced Authentication
X
Group Policy Modification
X
Hardware Additions
X
Hidden Files and Directories
X
X
Hooking
X
X
X
Hypervisor
X
Image File Execution Options Injection
X
X
X
Indicator Blocking
X
Indicator Removal on Host
X
Indirect Command Execution
X
Inhibit System Recovery
X
Input Capture
X
X
Input Prompt
X
Install Root Certificate
X
InstallUtil
X
X
Kerberoasting
X
LLMNR/NBT-NS Poisoning and Relay
X
Logon Scripts
X
X
LSASS Driver
X
X
Masquerading
X
Modify Existing Service
X
Modify Registry
X
Mshta
X
X
Multi-hop Proxy
X
Multi-Stage Channels
X
Network Service Scanning
X
Network Share Connection Removal
X
Network Share Discovery
X
Network Sniffing
X
X
New Service
X
X
NTFS File Attributes
X
Obfuscated Files or Information
X
Office Application Startup
X
Pass the Hash
X
Pass the Ticket
X
Password Policy Discovery
X
Path Interception
X
X
Peripheral Device Discovery
X
Permission Groups Discovery
X
Port Monitors
X
X
PowerShell
X
Private Keys
X
Process Discovery
X
Process Injection
X
X
Query Registry
X
Registry Run Keys / Startup Folder
X
Regsvcs/Regasm
X
X
Regsvr32
X
X
Remote Access Tools
X
Remote Desktop Protocol
X
Remote File Copy
X
X
Remote Services
X
Remote System Discovery
X
Replication Through Removable Media
X
X
Rundll32
X
X
Scheduled Task
X
X
X
Scheduled Transfer
X
Screensaver
X
Scripting
X
X
Security Software Discovery
X
Security Support Provider
X
Service Execution
X
Service Stop
X
Signed Binary Proxy Execution
X
X
Signed Script Proxy Execution
X
X
Spearphishing Attachment
X
Spearphishing Link
X
Standard Application Layer Protocol
X
Standard Non-Application Layer Protocol
X
Stored Data Manipulation
X
System Information Discovery
X
System Network Configuration Discovery
X
System Network Connections Discovery
X
System Owner/User Discovery
X
System Service Discovery
X
System Time Discovery
X
Third-party Software
X
X
Timestomp
X
Trusted Developer Utilities
X
X
Trusted Relationship
X
Uncommonly Used Port
X
User Execution
X
Valid Accounts
X
X
X
Virtualization/Sandbox Evasion
X
Web Service
X
X
Web Shell
X
X
Windows Admin Shares
X
Windows Management Instrumentation
X
Windows Management Instrumentation Event Subscription
X
Windows Remote Management
X
X
Winlogon Helper DLL
X
jjjj
Last updated