|
4
|
Abuse Elevation Control Mechanism
|
|
5
|
Access Token Manipulation
|
|
19
|
Application Access Token
|
|
30
|
Asynchronous Procedure Call
|
|
37
|
BITS Jobs
|
|
40
|
Binary Padding
|
|
43
|
Bootkit
|
|
49
|
Build Image on Host
|
|
51
|
Bypass User Account Control
|
|
53
|
CMSTP
|
|
54
|
COR_PROFILER
|
|
57
|
Clear Command History
|
|
58
|
Clear Linux or Mac System Logs
|
|
59
|
Clear Windows Event Logs
|
|
64
|
Cloud Accounts
|
|
70
|
Code Signing
|
|
73
|
Code Signing Policy Modification
|
|
77
|
Compile After Delivery
|
|
78
|
Compiled HTML File
|
|
79
|
Component Firmware
|
|
94
|
Control Panel
|
|
96
|
Create Cloud Instance
|
|
97
|
Create Process with Token
|
|
98
|
Create Snapshot
|
|
109
|
DLL Search Order Hijacking
|
|
110
|
DLL Side-Loading
|
|
132
|
Default Accounts
|
|
133
|
Delete Cloud Instance
|
|
134
|
Deobfuscate/Decode Files or Information
|
|
135
|
Deploy Container
|
|
142
|
Direct Volume Access
|
|
143
|
Disable Cloud Logs
|
|
144
|
Disable Crypto Hardware
|
|
145
|
Disable Windows Event Logging
|
|
146
|
Disable or Modify Cloud Firewall
|
|
147
|
Disable or Modify System Firewall
|
|
148
|
Disable or Modify Tools
|
|
155
|
Domain Accounts
|
|
156
|
Domain Controller Authentication
|
|
160
|
Domain Policy Modification
|
|
163
|
Domain Trust Modification
|
|
166
|
Downgrade System Image
|
|
169
|
Dylib Hijacking
|
|
171
|
Dynamic Linker Hijacking
|
|
173
|
Dynamic-link Library Injection
|
|
174
|
Elevated Execution with Prompt
|
|
185
|
Environmental Keying
|
|
190
|
Executable Installer File Permissions Weakness
|
|
191
|
Execution Guardrails
|
|
207
|
Exploitation for Defense Evasion
|
|
215
|
Extra Window Memory Injection
|
|
218
|
File Deletion
|
|
221
|
File and Directory Permissions Modification
|
|
227
|
Gatekeeper Bypass
|
|
234
|
Group Policy Modification
|
|
238
|
Hidden File System
|
|
239
|
Hidden Files and Directories
|
|
240
|
Hidden Users
|
|
241
|
Hidden Window
|
|
242
|
Hide Artifacts
|
|
243
|
Hijack Execution Flow
|
|
249
|
Impair Command History Logging
|
|
250
|
Impair Defenses
|
|
252
|
Indicator Blocking
|
|
253
|
Indicator Removal from Tools
|
|
254
|
Indicator Removal on Host
|
|
255
|
Indirect Command Execution
|
|
260
|
Install Root Certificate
|
|
261
|
InstallUtil
|
|
267
|
Invalid Code Signature
|
|
275
|
LC_MAIN Hijacking
|
|
286
|
Linux and Mac File and Directory Permissions Modification
|
|
289
|
Local Accounts
|
|
295
|
MSBuild
|
|
297
|
Make and Impersonate Token
|
|
305
|
Mark-of-the-Web Bypass
|
|
306
|
Masquerade Task or Service
|
|
307
|
Masquerading
|
|
308
|
Match Legitimate Name or Location
|
|
309
|
Modify Authentication Process
|
|
310
|
Modify Cloud Compute Infrastructure
|
|
311
|
Modify Registry
|
|
312
|
Modify System Image
|
|
313
|
Mshta
|
|
314
|
Msiexec
|
|
319
|
NTFS File Attributes
|
|
322
|
Network Address Translation Traversal
|
|
323
|
Network Boundary Bridging
|
|
325
|
Network Device Authentication
|
|
331
|
Network Share Connection Removal
|
|
341
|
Obfuscated Files or Information
|
|
343
|
Odbcconf
|
|
351
|
Parent PID Spoofing
|
|
352
|
Pass the Hash
|
|
353
|
Pass the Ticket
|
|
355
|
Password Filter DLL
|
|
360
|
Patch System Image
|
|
362
|
Path Interception by PATH Environment Variable
|
|
363
|
Path Interception by Search Order Hijacking
|
|
364
|
Path Interception by Unquoted Path
|
|
370
|
Pluggable Authentication Modules
|
|
371
|
Port Knocking
|
|
373
|
Portable Executable Injection
|
|
376
|
Pre-OS Boot
|
|
380
|
Proc Memory
|
|
382
|
Process Doppelgänging
|
|
383
|
Process Hollowing
|
|
384
|
Process Injection
|
|
388
|
Ptrace System Calls
|
|
389
|
PubPrn
|
|
395
|
ROMMONkit
|
|
397
|
Reduce Key Space
|
|
398
|
Redundant Access
|
|
401
|
Regsvcs/Regasm
|
|
402
|
Regsvr32
|
|
410
|
Rename System Utilities
|
|
413
|
Revert Cloud Instance
|
|
414
|
Right-to-Left Override
|
|
415
|
Rogue Domain Controller
|
|
416
|
Rootkit
|
|
417
|
Run Virtual Instance
|
|
418
|
Rundll32
|
|
421
|
SID-History Injection
|
|
422
|
SIP and Trust Provider Hijacking
|
|
436
|
Scripting
|
|
452
|
Services File Permissions Weakness
|
|
453
|
Services Registry Permissions Weakness
|
|
454
|
Setuid and Setgid
|
|
459
|
Signed Binary Proxy Execution
|
|
460
|
Signed Script Proxy Execution
|
|
468
|
Software Packing
|
|
470
|
Space after Filename
|
|
483
|
Steganography
|
|
486
|
Subvert Trust Controls
|
|
487
|
Sudo and Sudo Caching
|
|
490
|
System Checks
|
|
491
|
System Firmware
|
|
503
|
TFTP Boot
|
|
505
|
Template Injection
|
|
506
|
Thread Execution Hijacking
|
|
507
|
Thread Local Storage
|
|
509
|
Time Based Evasion
|
|
511
|
Timestomp
|
|
512
|
Token Impersonation/Theft
|
|
515
|
Traffic Signaling
|
|
520
|
Trusted Developer Utilities Proxy Execution
|
|
526
|
Unused/Unsupported Cloud Regions
|
|
529
|
Use Alternate Authentication Material
|
|
530
|
User Activity Based Checks
|
|
532
|
VBA Stomping
|
|
533
|
VDSO Hijacking
|
|
535
|
Valid Accounts
|
|
536
|
Verclsid
|
|
540
|
Virtualization/Sandbox Evasion
|
|
545
|
Weaken Encryption
|
|
552
|
Web Session Cookie
|
|
556
|
Windows File and Directory Permissions Modification
|
|
563
|
XSL Script Processing
|