212 indexed
ATT&CKATT&CK techniques
212 top-level MITRE ATT&CK Enterprise techniques (T-IDs), grouped by tactic. Filter to a tactic or browse the full kill chain, then click into a technique for sub-techniques and mitigations. Authored by Adam Lundqvist.
13 in Execution · 212 total
| ID | Title | Summary |
|---|---|---|
| T1047 | Windows Management Instrumentation | Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uni… |
| T1053 | Scheduled Task/Job | Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating … |
| T1059 | Command and Scripting Interpreter | Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting wit… |
| T1072 | Software Deployment Tools | Adversaries may gain access to and use third-party software suites installed within an enterprise network, such as administration, monitoring, and deployment s… |
| T1106 | Native API | Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low… |
| T1129 | Shared Modules | Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to … |
| T1203 | Exploitation for Client Execution | Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices… |
| T1204 | User Execution | An adversary may rely upon specific actions by a user in order to gain execution. Users may be subjected to social engineering to get them to execute malicious… |
| T1559 | Inter-Process Communication | Adversaries may abuse inter-process communication (IPC) mechanisms for local code or command execution. IPC is typically used by processes to share data, commu… |
| T1569 | System Services | Adversaries may abuse system services or daemons to execute commands or programs. Adversaries can execute malicious content by interacting with or creating ser… |
| T1609 | Container Administration Command | Adversaries may abuse a container administration service to execute commands within a container. A container administration service such as the Docker daemon, … |
| T1648 | Serverless Execution | Adversaries may abuse serverless computing, integration, and automation services to execute arbitrary code in cloud environments. Many cloud providers offer a … |
| T1651 | Cloud Administration Command | Adversaries may abuse cloud management services to execute commands within virtual machines or hybrid-joined devices. Resources such as AWS Systems Manager, Az… |