212 indexed
ATT&CKATT&CK techniques
212 top-level MITRE ATT&CK Enterprise techniques (T-IDs), grouped by tactic. Filter to a tactic or browse the full kill chain, then click into a technique for sub-techniques and mitigations. Authored by Adam Lundqvist.
16 in Collection · 212 total
| ID | Title | Summary |
|---|---|---|
| T1005 | Data from Local System | Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prio… |
| T1025 | Data from Removable Media | Adversaries may search connected removable media on computers they have compromised to find files of interest. Sensitive data can be collected from any removab… |
| T1039 | Data from Network Shared Drive | Adversaries may search network shares on computers they have compromised to find files of interest. Sensitive data can be collected from remote systems via sha… |
| T1056 | Input Capture | Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials t… |
| T1074 | Data Staged | Adversaries may stage collected data in a central location or directory prior to Exfiltration. Data may be kept in separate files or combined into one file thr… |
| T1113 | Screen Capture | Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be inc… |
| T1114 | Email Collection | Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that ca… |
| T1115 | Clipboard Data | Adversaries may collect data stored in the clipboard from users copying information within or between applications. For example, on Windows adversaries can a… |
| T1119 | Automated Collection | Once established within a system or network, an adversary may use automated techniques for collecting internal data. Methods for performing this technique coul… |
| T1123 | Audio Capture | An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audi… |
| T1125 | Video Capture | An adversary can leverage a computer's peripheral devices (e.g., integrated cameras or webcams) or applications (e.g., video call services) to capture video re… |
| T1185 | Browser Session Hijacking | Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and interce… |
| T1213 | Data from Information Repositories | Adversaries may leverage information repositories to mine valuable information. Information repositories are tools that allow for storage of information, typic… |
| T1530 | Data from Cloud Storage | Adversaries may access data from cloud storage. Many IaaS providers offer solutions for online data object storage such as Amazon S3, Azure Storage, and Googl… |
| T1560 | Archive Collected Data | An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimi… |
| T1602 | Data from Configuration Repository | Adversaries may collect data related to managed devices from configuration repositories. Configuration repositories are used by management systems in order to … |