AttackTrace

Security field guide

ATT&CK Threat Activity ATLAS Search /

Browse techniques Threat activity Browse ATLAS Search

Loading AttackTrace...

AttackTrace - execution, telemetry, detection, investigation, mitigation.

Technique index

MITRE ATT&CK

Adversarial tactics and techniques

A reviewed, source-linked view of MITRE ATT&CK techniques across enterprise tactics, platforms, detections, investigations, and mitigations.

Resource Development

Privilege Escalation

Defense Impairment

Credential Access

Lateral Movement

Command and Control

Search techniques

697 techniquesPage 4 of 24

Exfiltration over USB

Exfiltration over USB (T1052.001) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may attempt to exfiltrate data over a USB connected physical device.

Scheduled Task/Job

Scheduled Task/Job (T1053) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code.

ExecutionPersistencePrivilege Escalation

Previous91–120 of 697Next

T1053.002

At

At (T1053.002) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse the at utility to perform task scheduling for initial or recurring execution of malicious code.

ExecutionPersistencePrivilege Escalation

3 platforms

Cron

Cron (T1053.003) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse the <code cron</code utility to perform task scheduling for initial or recurring execution of malicious code. The <code cron</code utility is a tim…

ExecutionPersistencePrivilege Escalation

Scheduled Task

Scheduled Task (T1053.005) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse the Windows Task Scheduler to perform task scheduling for initial or recurring execution of malicious code.

ExecutionPersistencePrivilege Escalation

Systemd Timers

Systemd Timers (T1053.006) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse systemd timers to perform task scheduling for initial or recurring execution of malicious code.

ExecutionPersistencePrivilege Escalation

Container Orchestration Job

Container Orchestration Job (T1053.007) is a MITRE ATT&CK technique associated with Execution, Persistence, Privilege Escalation . Adversaries may abuse task scheduling functionality provided by container orchestration tools such as Kubernetes to schedule deployment of contain…

ExecutionPersistencePrivilege Escalation

Process Injection

Process Injection (T1055) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject code into processes in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

Dynamic-link Library Injection

Dynamic link Library Injection (T1055.001) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject dynamic link libraries (DLLs) into processes in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

Portable Executable Injection

Portable Executable Injection (T1055.002) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject portable executables (PE) into processes in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

Thread Execution Hijacking

Thread Execution Hijacking (T1055.003) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into hijacked processes in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

Asynchronous Procedure Call

Asynchronous Procedure Call (T1055.004) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process based defenses as well as possibly…

StealthPrivilege Escalation

Thread Local Storage

Thread Local Storage (T1055.005) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via thread local storage (TLS) callbacks in order to evade process based defenses as well as possibly elevate privi…

StealthPrivilege Escalation

Ptrace System Calls

Ptrace System Calls (T1055.008) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via ptrace (process trace) system calls in order to evade process based defenses as well as possibly elevate privile…

StealthPrivilege Escalation

Proc Memory

Proc Memory (T1055.009) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via the /proc filesystem in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

Extra Window Memory Injection

Extra Window Memory Injection (T1055.011) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

Process Hollowing

Process Hollowing (T1055.012) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into suspended and hollowed processes in order to evade process based defenses.

StealthPrivilege Escalation

Process Doppelgänging

Process DoppelgÃ¤nging (T1055.013) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into process via process doppelgÃ¤nging in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

VDSO Hijacking

VDSO Hijacking (T1055.014) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may inject malicious code into processes via VDSO hijacking in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

ListPlanting

ListPlanting (T1055.015) is a MITRE ATT&CK technique associated with Stealth, Privilege Escalation . Adversaries may abuse list view controls to inject malicious code into hijacked processes in order to evade process based defenses as well as possibly elevate privileges.

StealthPrivilege Escalation

Input Capture

Input Capture (T1056) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may use methods of capturing user input to obtain credentials or collect information.

CollectionCredential Access

Keylogging

Keylogging (T1056.001) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may log user keystrokes to intercept credentials as the user types them.

CollectionCredential Access

GUI Input Capture

GUI Input Capture (T1056.002) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may mimic common operating system GUI components to prompt users for credentials with a seemingly legitimate prompt.

CollectionCredential Access

Web Portal Capture

Web Portal Capture (T1056.003) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may install code on externally facing portals, such as a VPN login page, to capture and transmit credentials of users who attempt to log into the service.

CollectionCredential Access

Credential API Hooking

Credential API Hooking (T1056.004) is a MITRE ATT&CK technique associated with Collection, Credential Access . Adversaries may hook into Windows application programming interface (API) functions and Linux system functions to collect user credentials.

CollectionCredential Access

Process Discovery

Process Discovery (T1057) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get information about running processes on a system.

Command and Scripting Interpreter

Command and Scripting Interpreter (T1059) is a MITRE ATT&CK technique associated with Execution . Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

PowerShell

PowerShell is a Windows automation and configuration environment built on .NET. Adversaries abuse it for execution, discovery, download, credential access, and administration because it is widely installed and can interact with operating system and cloud APIs. PowerShell use i…

AppleScript

AppleScript (T1059.002) is a MITRE ATT&CK technique associated with Execution . Adversaries may abuse AppleScript for execution.

Windows Command Shell

Windows Command Shell (T1059.003) is a MITRE ATT&CK technique associated with Execution . Adversaries may abuse the Windows command shell for execution.