Skip to content

Krimson-Squad/common-techniques-n-software

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

List of common T1 and SO(s) used by Threat groups

  • Application Layer Protocol: Adversaries use application layer protocols for communication and data transfer within a target network.

  • Boot or Logon Autostart Execution: This technique involves configuring mechanisms for executing malicious code during system boot or login.

  • Command and Scripting Interpreter: Adversaries use interpreters to execute commands, scripts, or code on a victim's system.

  • Shortcut Modification: Modification of shortcut files (.lnk) to execute malicious commands when accessed.

  • Remote File Copy: Copying files from a remote system to the local system for lateral movement or data exfiltration.

  • Masquerading: Adversaries attempt to masquerade as legitimate entities or software to evade detection.

  • Obfuscated Files or Information: Adversaries use obfuscation techniques to hide or protect malicious code, scripts, or other data.

  • Phishing: Adversaries use phishing emails or messages to deliver malicious payloads or trick victims into revealing sensitive information.

  • Service Stop: Attackers stop or disable essential services or processes to disrupt or compromise a target system.

  • System Information Discovery: Adversaries gather information about the target system, such as hardware, software, or network configurations.

  • System Owner/User Discovery: This technique involves adversaries identifying and gathering information about the system owner or user accounts on a target system.

  • User Execution: Adversaries rely on user interactions, such as opening malicious attachments or clicking on links, to execute malicious code.

  • Abuse Elevation Control Mechanism: Attackers exploit mechanisms designed to control privilege elevation to gain higher levels of access.

  • Data from Information Repositories: Adversaries search for and steal sensitive information stored in information repositories.

  • Signed Binary Proxy Execution: This technique involves the use of signed binaries to proxy execution of malicious code.

  • System Network Configuration Discovery: Adversaries gather information about the network configuration of a target system. #image

About

List of common T1 and SO(s) used by Threat groups

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published