|
4
|
Abuse Elevation Control Mechanism
|
|
5
|
Access Token Manipulation
|
|
6
|
Accessibility Features
|
|
12
|
Active Setup
|
|
16
|
AppCert DLLs
|
|
17
|
AppInit DLLs
|
|
22
|
Application Shimming
|
|
30
|
Asynchronous Procedure Call
|
|
31
|
At (Linux)
|
|
32
|
At (Windows)
|
|
34
|
Authentication Package
|
|
41
|
Boot or Logon Autostart Execution
|
|
42
|
Boot or Logon Initialization Scripts
|
|
51
|
Bypass User Account Control
|
|
54
|
COR_PROFILER
|
|
56
|
Change Default File Association
|
|
64
|
Cloud Accounts
|
|
81
|
Component Object Model Hijacking
|
|
92
|
Container Orchestration Job
|
|
97
|
Create Process with Token
|
|
99
|
Create or Modify System Process
|
|
107
|
Cron
|
|
109
|
DLL Search Order Hijacking
|
|
110
|
DLL Side-Loading
|
|
132
|
Default Accounts
|
|
155
|
Domain Accounts
|
|
160
|
Domain Policy Modification
|
|
163
|
Domain Trust Modification
|
|
169
|
Dylib Hijacking
|
|
171
|
Dynamic Linker Hijacking
|
|
173
|
Dynamic-link Library Injection
|
|
174
|
Elevated Execution with Prompt
|
|
181
|
Emond
|
|
186
|
Escape to Host
|
|
188
|
Event Triggered Execution
|
|
190
|
Executable Installer File Permissions Weakness
|
|
208
|
Exploitation for Privilege Escalation
|
|
215
|
Extra Window Memory Injection
|
|
234
|
Group Policy Modification
|
|
243
|
Hijack Execution Flow
|
|
248
|
Image File Execution Options Injection
|
|
271
|
Kernel Modules and Extensions
|
|
274
|
LC_LOAD_DYLIB Addition
|
|
278
|
LSASS Driver
|
|
281
|
Launch Agent
|
|
282
|
Launch Daemon
|
|
284
|
Launchd
|
|
289
|
Local Accounts
|
|
293
|
Logon Script (Mac)
|
|
294
|
Logon Script (Windows)
|
|
297
|
Make and Impersonate Token
|
|
321
|
Netsh Helper DLL
|
|
328
|
Network Logon Script
|
|
351
|
Parent PID Spoofing
|
|
361
|
Path Interception
|
|
362
|
Path Interception by PATH Environment Variable
|
|
363
|
Path Interception by Search Order Hijacking
|
|
364
|
Path Interception by Unquoted Path
|
|
369
|
Plist Modification
|
|
372
|
Port Monitors
|
|
373
|
Portable Executable Injection
|
|
375
|
PowerShell Profile
|
|
377
|
Print Processors
|
|
380
|
Proc Memory
|
|
382
|
Process Doppelgänging
|
|
383
|
Process Hollowing
|
|
384
|
Process Injection
|
|
388
|
Ptrace System Calls
|
|
393
|
RC Scripts
|
|
396
|
Re-opened Applications
|
|
400
|
Registry Run Keys / Startup Folder
|
|
421
|
SID-History Injection
|
|
431
|
Scheduled Task
|
|
432
|
Scheduled Task/Job
|
|
435
|
Screensaver
|
|
444
|
Security Support Provider
|
|
452
|
Services File Permissions Weakness
|
|
453
|
Services Registry Permissions Weakness
|
|
454
|
Setuid and Setgid
|
|
458
|
Shortcut Modification
|
|
479
|
Startup Items
|
|
487
|
Sudo and Sudo Caching
|
|
501
|
Systemd Service
|
|
502
|
Systemd Timers
|
|
506
|
Thread Execution Hijacking
|
|
507
|
Thread Local Storage
|
|
510
|
Time Providers
|
|
512
|
Token Impersonation/Theft
|
|
519
|
Trap
|
|
524
|
Unix Shell Configuration Modification
|
|
533
|
VDSO Hijacking
|
|
535
|
Valid Accounts
|
|
558
|
Windows Management Instrumentation Event Subscription
|
|
560
|
Windows Service
|
|
561
|
Winlogon Helper DLL
|
|
562
|
XDG Autostart Entries
|