|
6
|
Accessibility Features
|
|
9
|
Account Manipulation
|
|
12
|
Active Setup
|
|
13
|
Add Office 365 Global Administrator Role
|
|
14
|
Add-ins
|
|
15
|
Additional Cloud Credentials
|
|
16
|
AppCert DLLs
|
|
17
|
AppInit DLLs
|
|
22
|
Application Shimming
|
|
31
|
At (Linux)
|
|
32
|
At (Windows)
|
|
34
|
Authentication Package
|
|
37
|
BITS Jobs
|
|
41
|
Boot or Logon Autostart Execution
|
|
42
|
Boot or Logon Initialization Scripts
|
|
43
|
Bootkit
|
|
47
|
Browser Extensions
|
|
54
|
COR_PROFILER
|
|
56
|
Change Default File Association
|
|
62
|
Cloud Account
|
|
64
|
Cloud Accounts
|
|
79
|
Component Firmware
|
|
81
|
Component Object Model Hijacking
|
|
84
|
Compromise Client Software Binary
|
|
92
|
Container Orchestration Job
|
|
95
|
Create Account
|
|
99
|
Create or Modify System Process
|
|
107
|
Cron
|
|
109
|
DLL Search Order Hijacking
|
|
110
|
DLL Side-Loading
|
|
132
|
Default Accounts
|
|
153
|
Domain Account
|
|
155
|
Domain Accounts
|
|
156
|
Domain Controller Authentication
|
|
169
|
Dylib Hijacking
|
|
171
|
Dynamic Linker Hijacking
|
|
181
|
Emond
|
|
188
|
Event Triggered Execution
|
|
189
|
Exchange Email Delegate Permissions
|
|
190
|
Executable Installer File Permissions Weakness
|
|
214
|
External Remote Services
|
|
243
|
Hijack Execution Flow
|
|
244
|
Hypervisor
|
|
248
|
Image File Execution Options Injection
|
|
251
|
Implant Internal Image
|
|
271
|
Kernel Modules and Extensions
|
|
274
|
LC_LOAD_DYLIB Addition
|
|
278
|
LSASS Driver
|
|
281
|
Launch Agent
|
|
282
|
Launch Daemon
|
|
284
|
Launchd
|
|
287
|
Local Account
|
|
289
|
Local Accounts
|
|
293
|
Logon Script (Mac)
|
|
294
|
Logon Script (Windows)
|
|
309
|
Modify Authentication Process
|
|
321
|
Netsh Helper DLL
|
|
325
|
Network Device Authentication
|
|
328
|
Network Logon Script
|
|
344
|
Office Application Startup
|
|
345
|
Office Template Macros
|
|
346
|
Office Test
|
|
348
|
Outlook Forms
|
|
349
|
Outlook Home Page
|
|
350
|
Outlook Rules
|
|
355
|
Password Filter DLL
|
|
361
|
Path Interception
|
|
362
|
Path Interception by PATH Environment Variable
|
|
363
|
Path Interception by Search Order Hijacking
|
|
364
|
Path Interception by Unquoted Path
|
|
369
|
Plist Modification
|
|
370
|
Pluggable Authentication Modules
|
|
371
|
Port Knocking
|
|
372
|
Port Monitors
|
|
375
|
PowerShell Profile
|
|
376
|
Pre-OS Boot
|
|
377
|
Print Processors
|
|
393
|
RC Scripts
|
|
395
|
ROMMONkit
|
|
396
|
Re-opened Applications
|
|
398
|
Redundant Access
|
|
400
|
Registry Run Keys / Startup Folder
|
|
425
|
SQL Stored Procedures
|
|
427
|
SSH Authorized Keys
|
|
431
|
Scheduled Task
|
|
432
|
Scheduled Task/Job
|
|
435
|
Screensaver
|
|
444
|
Security Support Provider
|
|
448
|
Server Software Component
|
|
452
|
Services File Permissions Weakness
|
|
453
|
Services Registry Permissions Weakness
|
|
458
|
Shortcut Modification
|
|
479
|
Startup Items
|
|
491
|
System Firmware
|
|
501
|
Systemd Service
|
|
502
|
Systemd Timers
|
|
503
|
TFTP Boot
|
|
510
|
Time Providers
|
|
515
|
Traffic Signaling
|
|
518
|
Transport Agent
|
|
519
|
Trap
|
|
524
|
Unix Shell Configuration Modification
|
|
535
|
Valid Accounts
|
|
553
|
Web Shell
|
|
558
|
Windows Management Instrumentation Event Subscription
|
|
560
|
Windows Service
|
|
561
|
Winlogon Helper DLL
|
|
562
|
XDG Autostart Entries
|