Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Execution | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|
.bash_profile and .bashrc | Exploitation of Vulnerability | Binary Padding | Bash History | Account Discovery | Application Deployment Software | Command-Line Interface | Audio Capture | Automated Exfiltration | Commonly Used Port |
Bootkit | Setuid and Setgid | Clear Command History | Brute Force | File and Directory Discovery | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media |
Browser Extensions | Sudo | Disabling Security Tools | Create Account | Network Service Scanning | Remote File Copy | Scripting | Browser Extensions | Data Encrypted | Connection Proxy |
Cron Job | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Permission Groups Discovery | Remote Services | Source | Clipboard Data | Data Transfer Size Limits | Custom Command and Control Protocol |
Hidden Files and Directories | Web Shell | File Deletion | Exploitation of Vulnerability | Process Discovery | Third-party Software | Space after Filename | Data Staged | Exfiltration Over Alternative Protocol | Custom Cryptographic Protocol |
Rc.common | HISTCONTROL | Input Capture | Remote System Discovery | Third-party Software | Data from Local System | Exfiltration Over Command and Control Channel | Data Encoding | ||
Redundant Access | Hidden Files and Directories | Network Sniffing | System Information Discovery | Trap | Data from Network Shared Drive | Exfiltration Over Other Network Medium | Data Obfuscation | ||
Trap | Indicator Removal from Tools | Private Keys | System Network Configuration Discovery | Data from Removable Media | Exfiltration Over Physical Medium | Fallback Channels | |||
Valid Accounts | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | Input Capture | Scheduled Transfer | Multi-Stage Channels | |||
Web Shell | Install Root Certificate | System Owner/User Discovery | Screen Capture | Multiband Communication | |||||
Masquerading | Multilayer Encryption | ||||||||
Redundant Access | |||||||||
Rootkits | Remote File Copy | ||||||||
Scripting | Standard Application Layer Protocol | ||||||||
Space after Filename | Standard Cryptographic Protocol | ||||||||
Timestomp | Standard Non-Application Layer Protocol | ||||||||
Valid Accounts | Uncommonly Used Port | ||||||||
Web Service |
Linux
Folders and files
Name | Name | Last commit date | ||
---|---|---|---|---|
parent directory.. | ||||