atomic-red-team/Linux at master · tr3x85/atomic-red-team · GitHub

Name		Name	Last commit message	Last commit date
parent directory ..
Collection		Collection
Credential_Access		Credential_Access
Defense_Evasion		Defense_Evasion
Discovery		Discovery
Execution		Execution
Exfiltration		Exfiltration
Payloads		Payloads
Persistence		Persistence
Privilege_Escalation		Privilege_Escalation
README.md		README.md

README.md

MITRE ATT&CK Matrix - Linux

Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Execution	Collection	Exfiltration	Command and Control
.bash_profile and .bashrc	Exploitation of Vulnerability	Binary Padding	Bash History	Account Discovery	Application Deployment Software	Command-Line Interface	Audio Capture	Automated Exfiltration	Commonly Used Port
Bootkit	Setuid and Setgid	Clear Command History	Brute Force	File and Directory Discovery	Exploitation of Vulnerability	Graphical User Interface	Automated Collection	Data Compressed	Communication Through Removable Media
Browser Extensions	Sudo	Disabling Security Tools	Create Account	Network Service Scanning	Remote File Copy	Scripting	Browser Extensions	Data Encrypted	Connection Proxy
Cron Job	Valid Accounts	Exploitation of Vulnerability	Credentials in Files	Permission Groups Discovery	Remote Services	Source	Clipboard Data	Data Transfer Size Limits	Custom Command and Control Protocol
Hidden Files and Directories	Web Shell	File Deletion	Exploitation of Vulnerability	Process Discovery	Third-party Software	Space after Filename	Data Staged	Exfiltration Over Alternative Protocol	Custom Cryptographic Protocol
Rc.common		HISTCONTROL	Input Capture	Remote System Discovery		Third-party Software	Data from Local System	Exfiltration Over Command and Control Channel	Data Encoding
Redundant Access		Hidden Files and Directories	Network Sniffing	System Information Discovery		Trap	Data from Network Shared Drive	Exfiltration Over Other Network Medium	Data Obfuscation
Trap		Indicator Removal from Tools	Private Keys	System Network Configuration Discovery			Data from Removable Media	Exfiltration Over Physical Medium	Fallback Channels
Valid Accounts		Indicator Removal on Host	Two-Factor Authentication Interception	System Network Connections Discovery			Input Capture	Scheduled Transfer	Multi-Stage Channels
Web Shell		Install Root Certificate		System Owner/User Discovery			Screen Capture		Multiband Communication
		Masquerading							Multilayer Encryption
		Redundant Access
		Rootkits							Remote File Copy
		Scripting							Standard Application Layer Protocol
		Space after Filename							Standard Cryptographic Protocol
		Timestomp							Standard Non-Application Layer Protocol
		Valid Accounts							Uncommonly Used Port
									Web Service