Bengaluru, Karnataka, INDIA 560042
+91-9784367546, +91-8839669785
support@cyberwarfare.live

Red Team

A Real World Adversary Labs

MITRE ATT&CK Framework: Adversary Tactics, Techniques and Procedures

Initial access Execution Persistence Privilege escalation Defense Evasion Credential access Discovery Lateral movement Collection Command and Control Exfiltration
Drive-by-Compromise Command and scripting interpreter Account manipulation Abuse Elevation Control Mechanism Abuse Elevation Control Mechanism Brute Force Account Discovery Exploitation of Remote Services Archive Collected Data Application Layer Protocol Automated Exfiltration
Exploit Public-Facing Application Exploitation for Client Execution BITS Jobs Access Token Manipulation Access Token Manipulation Credentials from Password Stores Application Window Discovery Internal Spearphishing Audio Capture Communication Through Removable Media Data Transfer Size Limits
External Remote Services Inter-Process Communication Boot or Logon Autostart Execution Boot or Logon Autostart Execution BITS Jobs Exploitation for Credential Access Browser Bookmark Discovery Lateral Tool Transfer Automated Collection Data Encoding Exfiltration Over Alternative Protocol
Hardware Additions Native API Boot or Logon Initialization Scripts Boot or Logon Initialization Scripts Deobfuscate/Decode Files or Information Forced Authentication Domain Trust Discovery Remote Service Session Hijacking Clipboard Data Data Obfuscation Exfiltration Over C2 Channel
Phishing Scheduled Task/Job Browser Extensions Create or Modify System Process Direct Volume Access Input Capture File and Directory Discovery Remote Services Data from Information Repositories Dynamic Resolution Exfiltration Over Other Network Medium
Replication Through Removable Media Shared Modules Compromise Client Software Binary Event Triggered Execution Execution Guardrails Man-in-the-Middle Network Service Scanning Replication Through Removable Media Data from Local System Encrypted Channel Exfiltration Over Physical Medium
Supply Chain Compromise Software Deployment Tools Create Account Exploitation for Privilege Escalation Exploitation for Defense Evasion Modify Authentication Process Network Share Discovery Software Deployment Tools Data from Network Shared Drive Fallback Channels Exfiltration Over Web Service
Trusted Relationship System Services Create or Modify System Process Group Policy Modification File and Directory Permissions Modification Network Sniffing Network Sniffing Taint Shared Content Data from Removable Media Ingress Tool Transfer Scheduled Transfer
Valid Accounts User Execution Event Triggered Execution Hijack Execution Flow Group Policy Modification OS Credential Dumping Password Policy Discovery Use Alternate Authentication Material Data Staged Multi-Stage Channels
Windows Management Instrumentation External Remote Services Process Injection Hide Artifacts Steal or Forge Kerberos Tickets Peripheral Device Discovery Email Collection Non-Application Layer Protocol
Hijack Execution Flow Scheduled Task/Job Hijack Execution Flow Steal Web Session Cookie Permission Groups Discovery Input Capture Non-Standard Port
Office Application Startup Valid Accounts Impair Defenses Two-Factor Authentication Interception Process Discovery Man in the Browser Protocol Tunneling
Pre-OS Boot Indicator Removal on Host Unsecured Credentials Query Registry Man-in-the-Middle Proxy
Scheduled Task/Job Indirect Command Execution Remote System Discovery Screen Capture Remote Access Software
Server Software Component Masquerading Software Discovery Video Capture Traffic Signaling
Valid Accounts Modify Registry System Network Configuration Discovery
Obfuscated Files or Information System Network Connections Discovery
Pre-OS Boot System Owner/User Discovery
Process Injection System Service Discovery
Rogue Domain Controller System Time Discovery
Rootkit Virtualization/Sandbox Evasion
Signed Binary Proxy Execution
Signed Script Proxy Execution
Subvert Trust Controls
Template Injection
Traffic Signaling
Trusted Developer Utilities Proxy Execution
Use Alternate Authentication Material
Valid Accounts
Virtualization/Sandbox Evasion
XSL Script Processing