NIST 800-53 MAPPINGS

National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. This project provides resources for assessing security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

NIST 800-53 Versions: rev5, rev4 ATT&CK Versions: 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain: Enterprise

NIST 800-53 Mapping Methodology | Mapping Scope

SELECT VERSIONS

NIST 800-53 Version

ATT&CK Version

ATT&CK Domain

Capability Groups

ID Capability Group Name Number of Mappings Number of Capabilities
AC Access Control 1111 18
CA Security Assessment and Authorization 257 3
CM Configuration Management 997 8
CP Contingency Planning 60 5
IA Identification and Authentication 325 10
MP Media Protection 5 1
PL Planning 1 1
RA Risk Assessment 116 3
SA System and Services Acquisition 99 10
SC System and Communications Protection 444 28
SI System and Information Integrity 923 11
SR Supply Chain Risk Management 40 4

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-10 Concurrent Session Control Protects T1137 Office Application Startup
AC-10 Concurrent Session Control Protects T1137.002 Office Test
AC-10 Concurrent Session Control Protects T1528 Steal Application Access Token
AC-11 Device Lock Protects T1021.001 Remote Desktop Protocol
AC-11 Device Lock Protects T1563.002 RDP Hijacking
AC-12 Session Termination Protects T1021.001 Remote Desktop Protocol
AC-12 Session Termination Protects T1072 Software Deployment Tools
AC-12 Session Termination Protects T1563.002 RDP Hijacking
AC-14 Permitted Actions Without Identification or Authentication Protects T1137.002 Office Test
AC-16 Security and Privacy Attributes Protects T1003 OS Credential Dumping
AC-16 Security and Privacy Attributes Protects T1003.003 NTDS
AC-16 Security and Privacy Attributes Protects T1020.001 Traffic Duplication
AC-16 Security and Privacy Attributes Protects T1040 Network Sniffing
AC-16 Security and Privacy Attributes Protects T1070 Indicator Removal on Host
AC-16 Security and Privacy Attributes Protects T1070.001 Clear Windows Event Logs
AC-16 Security and Privacy Attributes Protects T1070.002 Clear Linux or Mac System Logs
AC-16 Security and Privacy Attributes Protects T1114 Email Collection
AC-16 Security and Privacy Attributes Protects T1114.001 Local Email Collection
AC-16 Security and Privacy Attributes Protects T1114.002 Remote Email Collection
AC-16 Security and Privacy Attributes Protects T1114.003 Email Forwarding Rule
AC-16 Security and Privacy Attributes Protects T1119 Automated Collection
AC-16 Security and Privacy Attributes Protects T1213 Data from Information Repositories
AC-16 Security and Privacy Attributes Protects T1213.001 Confluence
AC-16 Security and Privacy Attributes Protects T1213.002 Sharepoint
AC-16 Security and Privacy Attributes Protects T1222 File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.001 Windows File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1530 Data from Cloud Storage Object
AC-16 Security and Privacy Attributes Protects T1537 Transfer Data to Cloud Account
AC-16 Security and Privacy Attributes Protects T1547.007 Re-opened Applications
AC-16 Security and Privacy Attributes Protects T1547.011 Plist Modification
AC-16 Security and Privacy Attributes Protects T1548 Abuse Elevation Control Mechanism
AC-16 Security and Privacy Attributes Protects T1548.003 Sudo and Sudo Caching
AC-16 Security and Privacy Attributes Protects T1550.001 Application Access Token
AC-16 Security and Privacy Attributes Protects T1552 Unsecured Credentials
AC-16 Security and Privacy Attributes Protects T1552.004 Private Keys
AC-16 Security and Privacy Attributes Protects T1552.005 Cloud Instance Metadata API
AC-16 Security and Privacy Attributes Protects T1557 Man-in-the-Middle
AC-16 Security and Privacy Attributes Protects T1557.002 ARP Cache Poisoning
AC-16 Security and Privacy Attributes Protects T1558 Steal or Forge Kerberos Tickets
AC-16 Security and Privacy Attributes Protects T1558.002 Silver Ticket
AC-16 Security and Privacy Attributes Protects T1558.003 Kerberoasting
AC-16 Security and Privacy Attributes Protects T1558.004 AS-REP Roasting
AC-16 Security and Privacy Attributes Protects T1564.004 NTFS File Attributes
AC-16 Security and Privacy Attributes Protects T1565 Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.001 Stored Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.002 Transmitted Data Manipulation
AC-16 Security and Privacy Attributes Protects T1602 Data from Configuration Repository
AC-16 Security and Privacy Attributes Protects T1602.001 SNMP (MIB Dump)
AC-16 Security and Privacy Attributes Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1021 Remote Services
AC-17 Remote Access Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access Protects T1021.003 Distributed Component Object Model
AC-17 Remote Access Protects T1021.004 SSH
AC-17 Remote Access Protects T1021.005 VNC
AC-17 Remote Access Protects T1021.006 Windows Remote Management
AC-17 Remote Access Protects T1037 Boot or Logon Initialization Scripts
AC-17 Remote Access Protects T1037.001 Logon Script (Windows)
AC-17 Remote Access Protects T1040 Network Sniffing
AC-17 Remote Access Protects T1047 Windows Management Instrumentation
AC-17 Remote Access Protects T1070 Indicator Removal on Host
AC-17 Remote Access Protects T1070.001 Clear Windows Event Logs
AC-17 Remote Access Protects T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access Protects T1114 Email Collection
AC-17 Remote Access Protects T1114.001 Local Email Collection
AC-17 Remote Access Protects T1114.002 Remote Email Collection
AC-17 Remote Access Protects T1114.003 Email Forwarding Rule
AC-17 Remote Access Protects T1119 Automated Collection
AC-17 Remote Access Protects T1133 External Remote Services
AC-17 Remote Access Protects T1137 Office Application Startup
AC-17 Remote Access Protects T1137.002 Office Test
AC-17 Remote Access Protects T1213 Data from Information Repositories
AC-17 Remote Access Protects T1213.001 Confluence
AC-17 Remote Access Protects T1213.002 Sharepoint
AC-17 Remote Access Protects T1219 Remote Access Software
AC-17 Remote Access Protects T1530 Data from Cloud Storage Object
AC-17 Remote Access Protects T1537 Transfer Data to Cloud Account
AC-17 Remote Access Protects T1543 Create or Modify System Process
AC-17 Remote Access Protects T1543.003 Windows Service
AC-17 Remote Access Protects T1547.003 Time Providers
AC-17 Remote Access Protects T1547.004 Winlogon Helper DLL
AC-17 Remote Access Protects T1547.009 Shortcut Modification
AC-17 Remote Access Protects T1547.011 Plist Modification
AC-17 Remote Access Protects T1547.012 Print Processors
AC-17 Remote Access Protects T1547.013 XDG Autostart Entries
AC-17 Remote Access Protects T1550.001 Application Access Token
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1552.002 Credentials in Registry
AC-17 Remote Access Protects T1552.004 Private Keys
AC-17 Remote Access Protects T1552.007 Container API
AC-17 Remote Access Protects T1557 Man-in-the-Middle
AC-17 Remote Access Protects T1557.002 ARP Cache Poisoning
AC-17 Remote Access Protects T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.003 Kerberoasting
AC-17 Remote Access Protects T1558.004 AS-REP Roasting
AC-17 Remote Access Protects T1563 Remote Service Session Hijacking
AC-17 Remote Access Protects T1563.001 SSH Hijacking
AC-17 Remote Access Protects T1563.002 RDP Hijacking
AC-17 Remote Access Protects T1565 Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.002 Transmitted Data Manipulation
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1609 Container Administration Command
AC-17 Remote Access Protects T1610 Deploy Container
AC-17 Remote Access Protects T1612 Build Image on Host
AC-17 Remote Access Protects T1613 Container and Resource Discovery
AC-18 Wireless Access Protects T1011 Exfiltration Over Other Network Medium
AC-18 Wireless Access Protects T1011.001 Exfiltration Over Bluetooth
AC-18 Wireless Access Protects T1020.001 Traffic Duplication
AC-18 Wireless Access Protects T1040 Network Sniffing
AC-18 Wireless Access Protects T1070 Indicator Removal on Host
AC-18 Wireless Access Protects T1070.001 Clear Windows Event Logs
AC-18 Wireless Access Protects T1070.002 Clear Linux or Mac System Logs
AC-18 Wireless Access Protects T1119 Automated Collection
AC-18 Wireless Access Protects T1530 Data from Cloud Storage Object
AC-18 Wireless Access Protects T1552 Unsecured Credentials
AC-18 Wireless Access Protects T1552.004 Private Keys
AC-18 Wireless Access Protects T1557 Man-in-the-Middle
AC-18 Wireless Access Protects T1557.002 ARP Cache Poisoning
AC-18 Wireless Access Protects T1558 Steal or Forge Kerberos Tickets
AC-18 Wireless Access Protects T1558.002 Silver Ticket
AC-18 Wireless Access Protects T1558.003 Kerberoasting
AC-18 Wireless Access Protects T1558.004 AS-REP Roasting
AC-18 Wireless Access Protects T1565 Data Manipulation
AC-18 Wireless Access Protects T1565.001 Stored Data Manipulation
AC-18 Wireless Access Protects T1565.002 Transmitted Data Manipulation
AC-18 Wireless Access Protects T1602 Data from Configuration Repository
AC-18 Wireless Access Protects T1602.001 SNMP (MIB Dump)
AC-18 Wireless Access Protects T1602.002 Network Device Configuration Dump
AC-19 Access Control for Mobile Devices Protects T1020.001 Traffic Duplication
AC-19 Access Control for Mobile Devices Protects T1040 Network Sniffing
AC-19 Access Control for Mobile Devices Protects T1070 Indicator Removal on Host
AC-19 Access Control for Mobile Devices Protects T1070.001 Clear Windows Event Logs
AC-19 Access Control for Mobile Devices Protects T1070.002 Clear Linux or Mac System Logs
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.001 Local Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.002 Remote Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.003 Email Forwarding Rule
AC-19 Access Control for Mobile Devices Protects T1119 Automated Collection
AC-19 Access Control for Mobile Devices Protects T1530 Data from Cloud Storage Object
AC-19 Access Control for Mobile Devices Protects T1550.001 Application Access Token
AC-19 Access Control for Mobile Devices Protects T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices Protects T1552.004 Private Keys
AC-19 Access Control for Mobile Devices Protects T1557 Man-in-the-Middle
AC-19 Access Control for Mobile Devices Protects T1557.002 ARP Cache Poisoning
AC-19 Access Control for Mobile Devices Protects T1558 Steal or Forge Kerberos Tickets
AC-19 Access Control for Mobile Devices Protects T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices Protects T1558.003 Kerberoasting
AC-19 Access Control for Mobile Devices Protects T1558.004 AS-REP Roasting
AC-19 Access Control for Mobile Devices Protects T1565 Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.002 Transmitted Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices Protects T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices Protects T1602.002 Network Device Configuration Dump
AC-2 Account Management Protects T1003 OS Credential Dumping
AC-2 Account Management Protects T1003.001 LSASS Memory
AC-2 Account Management Protects T1003.002 Security Account Manager
AC-2 Account Management Protects T1003.003 NTDS
AC-2 Account Management Protects T1003.004 LSA Secrets
AC-2 Account Management Protects T1003.005 Cached Domain Credentials
AC-2 Account Management Protects T1003.006 DCSync
AC-2 Account Management Protects T1003.007 Proc Filesystem
AC-2 Account Management Protects T1003.008 /etc/passwd and /etc/shadow
AC-2 Account Management Protects T1021 Remote Services
AC-2 Account Management Protects T1021.001 Remote Desktop Protocol
AC-2 Account Management Protects T1021.002 SMB/Windows Admin Shares
AC-2 Account Management Protects T1021.003 Distributed Component Object Model
AC-2 Account Management Protects T1021.004 SSH
AC-2 Account Management Protects T1021.005 VNC
AC-2 Account Management Protects T1021.006 Windows Remote Management
AC-2 Account Management Protects T1036 Masquerading
AC-2 Account Management Protects T1036.003 Rename System Utilities
AC-2 Account Management Protects T1036.005 Match Legitimate Name or Location
AC-2 Account Management Protects T1047 Windows Management Instrumentation
AC-2 Account Management Protects T1053 Scheduled Task/Job
AC-2 Account Management Protects T1053.001 At (Linux)
AC-2 Account Management Protects T1053.002 At (Windows)
AC-2 Account Management Protects T1053.003 Cron
AC-2 Account Management Protects T1053.004 Launchd
AC-2 Account Management Protects T1053.005 Scheduled Task
AC-2 Account Management Protects T1053.006 Systemd Timers
AC-2 Account Management Protects T1053.007 Container Orchestration Job
AC-2 Account Management Protects T1055 Process Injection
AC-2 Account Management Protects T1055.008 Ptrace System Calls
AC-2 Account Management Protects T1056.003 Web Portal Capture
AC-2 Account Management Protects T1059 Command and Scripting Interpreter
AC-2 Account Management Protects T1059.001 PowerShell
AC-2 Account Management Protects T1059.008 Network Device CLI
AC-2 Account Management Protects T1068 Exploitation for Privilege Escalation
AC-2 Account Management Protects T1070 Indicator Removal on Host
AC-2 Account Management Protects T1070.001 Clear Windows Event Logs
AC-2 Account Management Protects T1070.002 Clear Linux or Mac System Logs
AC-2 Account Management Protects T1070.003 Clear Command History
AC-2 Account Management Protects T1072 Software Deployment Tools
AC-2 Account Management Protects T1078 Valid Accounts
AC-2 Account Management Protects T1078.001 Default Accounts
AC-2 Account Management Protects T1078.002 Domain Accounts
AC-2 Account Management Protects T1078.003 Local Accounts
AC-2 Account Management Protects T1078.004 Cloud Accounts
AC-2 Account Management Protects T1087.004 Cloud Account
AC-2 Account Management Protects T1098 Account Manipulation
AC-2 Account Management Protects T1098.001 Additional Cloud Credentials
AC-2 Account Management Protects T1098.002 Exchange Email Delegate Permissions
AC-2 Account Management Protects T1098.003 Add Office 365 Global Administrator Role
AC-2 Account Management Protects T1110 Brute Force
AC-2 Account Management Protects T1110.001 Password Guessing
AC-2 Account Management Protects T1110.002 Password Cracking
AC-2 Account Management Protects T1110.003 Password Spraying
AC-2 Account Management Protects T1110.004 Credential Stuffing
AC-2 Account Management Protects T1134 Access Token Manipulation
AC-2 Account Management Protects T1134.001 Token Impersonation/Theft
AC-2 Account Management Protects T1134.002 Create Process with Token
AC-2 Account Management Protects T1134.003 Make and Impersonate Token
AC-2 Account Management Protects T1136 Create Account
AC-2 Account Management Protects T1136.001 Local Account
AC-2 Account Management Protects T1136.002 Domain Account
AC-2 Account Management Protects T1136.003 Cloud Account
AC-2 Account Management Protects T1185 Man in the Browser
AC-2 Account Management Protects T1190 Exploit Public-Facing Application
AC-2 Account Management Protects T1197 BITS Jobs
AC-2 Account Management Protects T1210 Exploitation of Remote Services
AC-2 Account Management Protects T1212 Exploitation for Credential Access
AC-2 Account Management Protects T1213 Data from Information Repositories
AC-2 Account Management Protects T1213.001 Confluence
AC-2 Account Management Protects T1213.002 Sharepoint
AC-2 Account Management Protects T1218 Signed Binary Proxy Execution
AC-2 Account Management Protects T1218.007 Msiexec
AC-2 Account Management Protects T1222 File and Directory Permissions Modification
AC-2 Account Management Protects T1222.001 Windows File and Directory Permissions Modification
AC-2 Account Management Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-2 Account Management Protects T1484 Domain Policy Modification
AC-2 Account Management Protects T1489 Service Stop
AC-2 Account Management Protects T1495 Firmware Corruption
AC-2 Account Management Protects T1505 Server Software Component
AC-2 Account Management Protects T1505.001 SQL Stored Procedures
AC-2 Account Management Protects T1505.002 Transport Agent
AC-2 Account Management Protects T1525 Implant Internal Image
AC-2 Account Management Protects T1528 Steal Application Access Token
AC-2 Account Management Protects T1530 Data from Cloud Storage Object
AC-2 Account Management Protects T1537 Transfer Data to Cloud Account
AC-2 Account Management Protects T1538 Cloud Service Dashboard
AC-2 Account Management Protects T1542 Pre-OS Boot
AC-2 Account Management Protects T1542.001 System Firmware
AC-2 Account Management Protects T1542.003 Bootkit
AC-2 Account Management Protects T1542.005 TFTP Boot
AC-2 Account Management Protects T1543 Create or Modify System Process
AC-2 Account Management Protects T1543.001 Launch Agent
AC-2 Account Management Protects T1543.002 Systemd Service
AC-2 Account Management Protects T1543.003 Windows Service
AC-2 Account Management Protects T1543.004 Launch Daemon
AC-2 Account Management Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-2 Account Management Protects T1547.004 Winlogon Helper DLL
AC-2 Account Management Protects T1547.006 Kernel Modules and Extensions
AC-2 Account Management Protects T1547.009 Shortcut Modification
AC-2 Account Management Protects T1547.012 Print Processors
AC-2 Account Management Protects T1547.013 XDG Autostart Entries
AC-2 Account Management Protects T1548 Abuse Elevation Control Mechanism
AC-2 Account Management Protects T1548.002 Bypass User Account Control
AC-2 Account Management Protects T1548.003 Sudo and Sudo Caching
AC-2 Account Management Protects T1550 Use Alternate Authentication Material
AC-2 Account Management Protects T1550.002 Pass the Hash
AC-2 Account Management Protects T1550.003 Pass the Ticket
AC-2 Account Management Protects T1552 Unsecured Credentials
AC-2 Account Management Protects T1552.001 Credentials In Files
AC-2 Account Management Protects T1552.002 Credentials in Registry
AC-2 Account Management Protects T1552.004 Private Keys
AC-2 Account Management Protects T1552.006 Group Policy Preferences
AC-2 Account Management Protects T1552.007 Container API
AC-2 Account Management Protects T1556 Modify Authentication Process
AC-2 Account Management Protects T1556.001 Domain Controller Authentication
AC-2 Account Management Protects T1556.003 Pluggable Authentication Modules
AC-2 Account Management Protects T1556.004 Network Device Authentication
AC-2 Account Management Protects T1558 Steal or Forge Kerberos Tickets
AC-2 Account Management Protects T1558.001 Golden Ticket
AC-2 Account Management Protects T1558.002 Silver Ticket
AC-2 Account Management Protects T1558.003 Kerberoasting
AC-2 Account Management Protects T1558.004 AS-REP Roasting
AC-2 Account Management Protects T1559 Inter-Process Communication
AC-2 Account Management Protects T1559.001 Component Object Model
AC-2 Account Management Protects T1562 Impair Defenses
AC-2 Account Management Protects T1562.001 Disable or Modify Tools
AC-2 Account Management Protects T1562.002 Disable Windows Event Logging
AC-2 Account Management Protects T1562.004 Disable or Modify System Firewall
AC-2 Account Management Protects T1562.006 Indicator Blocking
AC-2 Account Management Protects T1562.007 Disable or Modify Cloud Firewall
AC-2 Account Management Protects T1562.008 Disable Cloud Logs
AC-2 Account Management Protects T1563 Remote Service Session Hijacking
AC-2 Account Management Protects T1563.001 SSH Hijacking
AC-2 Account Management Protects T1563.002 RDP Hijacking
AC-2 Account Management Protects T1569 System Services
AC-2 Account Management Protects T1569.001 Launchctl
AC-2 Account Management Protects T1569.002 Service Execution
AC-2 Account Management Protects T1574 Hijack Execution Flow
AC-2 Account Management Protects T1574.004 Dylib Hijacking
AC-2 Account Management Protects T1574.005 Executable Installer File Permissions Weakness
AC-2 Account Management Protects T1574.007 Path Interception by PATH Environment Variable
AC-2 Account Management Protects T1574.008 Path Interception by Search Order Hijacking
AC-2 Account Management Protects T1574.009 Path Interception by Unquoted Path
AC-2 Account Management Protects T1574.010 Services File Permissions Weakness
AC-2 Account Management Protects T1574.012 COR_PROFILER
AC-2 Account Management Protects T1578 Modify Cloud Compute Infrastructure
AC-2 Account Management Protects T1578.001 Create Snapshot
AC-2 Account Management Protects T1578.002 Create Cloud Instance
AC-2 Account Management Protects T1578.003 Delete Cloud Instance
AC-2 Account Management Protects T1580 Cloud Infrastructure Discovery
AC-2 Account Management Protects T1599 Network Boundary Bridging
AC-2 Account Management Protects T1599.001 Network Address Translation Traversal
AC-2 Account Management Protects T1601 Modify System Image
AC-2 Account Management Protects T1601.001 Patch System Image
AC-2 Account Management Protects T1601.002 Downgrade System Image
AC-2 Account Management Protects T1609 Container Administration Command
AC-2 Account Management Protects T1610 Deploy Container
AC-2 Account Management Protects T1611 Escape to Host
AC-2 Account Management Protects T1612 Build Image on Host
AC-2 Account Management Protects T1613 Container and Resource Discovery
AC-20 Use of External Systems Protects T1020.001 Traffic Duplication
AC-20 Use of External Systems Protects T1021 Remote Services
AC-20 Use of External Systems Protects T1021.001 Remote Desktop Protocol
AC-20 Use of External Systems Protects T1021.004 SSH
AC-20 Use of External Systems Protects T1072 Software Deployment Tools
AC-20 Use of External Systems Protects T1078.002 Domain Accounts
AC-20 Use of External Systems Protects T1078.004 Cloud Accounts
AC-20 Use of External Systems Protects T1098.001 Additional Cloud Credentials
AC-20 Use of External Systems Protects T1098.002 Exchange Email Delegate Permissions
AC-20 Use of External Systems Protects T1098.003 Add Office 365 Global Administrator Role
AC-20 Use of External Systems Protects T1110 Brute Force
AC-20 Use of External Systems Protects T1110.001 Password Guessing
AC-20 Use of External Systems Protects T1110.002 Password Cracking
AC-20 Use of External Systems Protects T1110.003 Password Spraying
AC-20 Use of External Systems Protects T1110.004 Credential Stuffing
AC-20 Use of External Systems Protects T1114 Email Collection
AC-20 Use of External Systems Protects T1114.001 Local Email Collection
AC-20 Use of External Systems Protects T1114.002 Remote Email Collection
AC-20 Use of External Systems Protects T1114.003 Email Forwarding Rule
AC-20 Use of External Systems Protects T1119 Automated Collection
AC-20 Use of External Systems Protects T1133 External Remote Services
AC-20 Use of External Systems Protects T1134.005 SID-History Injection
AC-20 Use of External Systems Protects T1136 Create Account
AC-20 Use of External Systems Protects T1136.001 Local Account
AC-20 Use of External Systems Protects T1136.002 Domain Account
AC-20 Use of External Systems Protects T1136.003 Cloud Account
AC-20 Use of External Systems Protects T1200 Hardware Additions
AC-20 Use of External Systems Protects T1530 Data from Cloud Storage Object
AC-20 Use of External Systems Protects T1537 Transfer Data to Cloud Account
AC-20 Use of External Systems Protects T1539 Steal Web Session Cookie
AC-20 Use of External Systems Protects T1550.001 Application Access Token
AC-20 Use of External Systems Protects T1552 Unsecured Credentials
AC-20 Use of External Systems Protects T1552.004 Private Keys
AC-20 Use of External Systems Protects T1552.005 Cloud Instance Metadata API
AC-20 Use of External Systems Protects T1556 Modify Authentication Process
AC-20 Use of External Systems Protects T1556.001 Domain Controller Authentication
AC-20 Use of External Systems Protects T1556.003 Pluggable Authentication Modules
AC-20 Use of External Systems Protects T1556.004 Network Device Authentication
AC-20 Use of External Systems Protects T1557 Man-in-the-Middle
AC-20 Use of External Systems Protects T1557.002 ARP Cache Poisoning
AC-20 Use of External Systems Protects T1565 Data Manipulation
AC-20 Use of External Systems Protects T1565.001 Stored Data Manipulation
AC-20 Use of External Systems Protects T1565.002 Transmitted Data Manipulation
AC-20 Use of External Systems Protects T1567 Exfiltration Over Web Service
AC-20 Use of External Systems Protects T1567.001 Exfiltration to Code Repository
AC-20 Use of External Systems Protects T1567.002 Exfiltration to Cloud Storage
AC-20 Use of External Systems Protects T1602 Data from Configuration Repository
AC-20 Use of External Systems Protects T1602.001 SNMP (MIB Dump)
AC-20 Use of External Systems Protects T1602.002 Network Device Configuration Dump
AC-21 Information Sharing Protects T1213 Data from Information Repositories
AC-21 Information Sharing Protects T1213.001 Confluence
AC-21 Information Sharing Protects T1213.002 Sharepoint
AC-23 Data Mining Protection Protects T1133 External Remote Services
AC-23 Data Mining Protection Protects T1213 Data from Information Repositories
AC-23 Data Mining Protection Protects T1213.001 Confluence
AC-23 Data Mining Protection Protects T1213.002 Sharepoint
AC-23 Data Mining Protection Protects T1552.007 Container API
AC-3 Access Enforcement Protects T1003 OS Credential Dumping
AC-3 Access Enforcement Protects T1003.001 LSASS Memory
AC-3 Access Enforcement Protects T1003.002 Security Account Manager
AC-3 Access Enforcement Protects T1003.003 NTDS
AC-3 Access Enforcement Protects T1003.004 LSA Secrets
AC-3 Access Enforcement Protects T1003.005 Cached Domain Credentials
AC-3 Access Enforcement Protects T1003.006 DCSync
AC-3 Access Enforcement Protects T1003.007 Proc Filesystem
AC-3 Access Enforcement Protects T1003.008 /etc/passwd and /etc/shadow
AC-3 Access Enforcement Protects T1021 Remote Services
AC-3 Access Enforcement Protects T1021.001 Remote Desktop Protocol
AC-3 Access Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-3 Access Enforcement Protects T1021.003 Distributed Component Object Model
AC-3 Access Enforcement Protects T1021.004 SSH
AC-3 Access Enforcement Protects T1021.005 VNC
AC-3 Access Enforcement Protects T1021.006 Windows Remote Management
AC-3 Access Enforcement Protects T1036 Masquerading
AC-3 Access Enforcement Protects T1036.003 Rename System Utilities
AC-3 Access Enforcement Protects T1036.005 Match Legitimate Name or Location
AC-3 Access Enforcement Protects T1037 Boot or Logon Initialization Scripts
AC-3 Access Enforcement Protects T1037.002 Logon Script (Mac)
AC-3 Access Enforcement Protects T1037.003 Network Logon Script
AC-3 Access Enforcement Protects T1037.004 RC Scripts
AC-3 Access Enforcement Protects T1037.005 Startup Items
AC-3 Access Enforcement Protects T1047 Windows Management Instrumentation
AC-3 Access Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-3 Access Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-3 Access Enforcement Protects T1052 Exfiltration Over Physical Medium
AC-3 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-3 Access Enforcement Protects T1053 Scheduled Task/Job
AC-3 Access Enforcement Protects T1053.001 At (Linux)
AC-3 Access Enforcement Protects T1053.002 At (Windows)
AC-3 Access Enforcement Protects T1053.003 Cron
AC-3 Access Enforcement Protects T1053.004 Launchd
AC-3 Access Enforcement Protects T1053.005 Scheduled Task
AC-3 Access Enforcement Protects T1053.006 Systemd Timers
AC-3 Access Enforcement Protects T1053.007 Container Orchestration Job
AC-3 Access Enforcement Protects T1055 Process Injection
AC-3 Access Enforcement Protects T1055.008 Ptrace System Calls
AC-3 Access Enforcement Protects T1055.009 Proc Memory
AC-3 Access Enforcement Protects T1056.003 Web Portal Capture
AC-3 Access Enforcement Protects T1059 Command and Scripting Interpreter
AC-3 Access Enforcement Protects T1059.001 PowerShell
AC-3 Access Enforcement Protects T1059.008 Network Device CLI
AC-3 Access Enforcement Protects T1070 Indicator Removal on Host
AC-3 Access Enforcement Protects T1070.001 Clear Windows Event Logs
AC-3 Access Enforcement Protects T1070.002 Clear Linux or Mac System Logs
AC-3 Access Enforcement Protects T1070.003 Clear Command History
AC-3 Access Enforcement Protects T1071.004 DNS
AC-3 Access Enforcement Protects T1072 Software Deployment Tools
AC-3 Access Enforcement Protects T1078 Valid Accounts
AC-3 Access Enforcement Protects T1078.002 Domain Accounts
AC-3 Access Enforcement Protects T1078.003 Local Accounts
AC-3 Access Enforcement Protects T1078.004 Cloud Accounts
AC-3 Access Enforcement Protects T1080 Taint Shared Content
AC-3 Access Enforcement Protects T1087.004 Cloud Account
AC-3 Access Enforcement Protects T1090 Proxy
AC-3 Access Enforcement Protects T1090.003 Multi-hop Proxy
AC-3 Access Enforcement Protects T1091 Replication Through Removable Media
AC-3 Access Enforcement Protects T1095 Non-Application Layer Protocol
AC-3 Access Enforcement Protects T1098 Account Manipulation
AC-3 Access Enforcement Protects T1098.001 Additional Cloud Credentials
AC-3 Access Enforcement Protects T1098.002 Exchange Email Delegate Permissions
AC-3 Access Enforcement Protects T1098.003 Add Office 365 Global Administrator Role
AC-3 Access Enforcement Protects T1098.004 SSH Authorized Keys
AC-3 Access Enforcement Protects T1110 Brute Force
AC-3 Access Enforcement Protects T1110.001 Password Guessing
AC-3 Access Enforcement Protects T1110.002 Password Cracking
AC-3 Access Enforcement Protects T1110.003 Password Spraying
AC-3 Access Enforcement Protects T1110.004 Credential Stuffing
AC-3 Access Enforcement Protects T1114 Email Collection
AC-3 Access Enforcement Protects T1114.002 Remote Email Collection
AC-3 Access Enforcement Protects T1133 External Remote Services
AC-3 Access Enforcement Protects T1134 Access Token Manipulation
AC-3 Access Enforcement Protects T1134.001 Token Impersonation/Theft
AC-3 Access Enforcement Protects T1134.002 Create Process with Token
AC-3 Access Enforcement Protects T1134.003 Make and Impersonate Token
AC-3 Access Enforcement Protects T1134.005 SID-History Injection
AC-3 Access Enforcement Protects T1136 Create Account
AC-3 Access Enforcement Protects T1136.001 Local Account
AC-3 Access Enforcement Protects T1136.002 Domain Account
AC-3 Access Enforcement Protects T1136.003 Cloud Account
AC-3 Access Enforcement Protects T1185 Man in the Browser
AC-3 Access Enforcement Protects T1187 Forced Authentication
AC-3 Access Enforcement Protects T1190 Exploit Public-Facing Application
AC-3 Access Enforcement Protects T1197 BITS Jobs
AC-3 Access Enforcement Protects T1199 Trusted Relationship
AC-3 Access Enforcement Protects T1200 Hardware Additions
AC-3 Access Enforcement Protects T1205 Traffic Signaling
AC-3 Access Enforcement Protects T1205.001 Port Knocking
AC-3 Access Enforcement Protects T1210 Exploitation of Remote Services
AC-3 Access Enforcement Protects T1213 Data from Information Repositories
AC-3 Access Enforcement Protects T1213.001 Confluence
AC-3 Access Enforcement Protects T1213.002 Sharepoint
AC-3 Access Enforcement Protects T1218 Signed Binary Proxy Execution
AC-3 Access Enforcement Protects T1218.002 Control Panel
AC-3 Access Enforcement Protects T1218.007 Msiexec
AC-3 Access Enforcement Protects T1218.012 Verclsid
AC-3 Access Enforcement Protects T1219 Remote Access Software
AC-3 Access Enforcement Protects T1222 File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.001 Windows File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1484 Domain Policy Modification
AC-3 Access Enforcement Protects T1485 Data Destruction
AC-3 Access Enforcement Protects T1486 Data Encrypted for Impact
AC-3 Access Enforcement Protects T1489 Service Stop
AC-3 Access Enforcement Protects T1490 Inhibit System Recovery
AC-3 Access Enforcement Protects T1491 Defacement
AC-3 Access Enforcement Protects T1491.001 Internal Defacement
AC-3 Access Enforcement Protects T1491.002 External Defacement
AC-3 Access Enforcement Protects T1495 Firmware Corruption
AC-3 Access Enforcement Protects T1498 Network Denial of Service
AC-3 Access Enforcement Protects T1498.001 Direct Network Flood
AC-3 Access Enforcement Protects T1498.002 Reflection Amplification
AC-3 Access Enforcement Protects T1499 Endpoint Denial of Service
AC-3 Access Enforcement Protects T1499.001 OS Exhaustion Flood
AC-3 Access Enforcement Protects T1499.002 Service Exhaustion Flood
AC-3 Access Enforcement Protects T1499.003 Application Exhaustion Flood
AC-3 Access Enforcement Protects T1499.004 Application or System Exploitation
AC-3 Access Enforcement Protects T1505 Server Software Component
AC-3 Access Enforcement Protects T1505.001 SQL Stored Procedures
AC-3 Access Enforcement Protects T1505.002 Transport Agent
AC-3 Access Enforcement Protects T1525 Implant Internal Image
AC-3 Access Enforcement Protects T1528 Steal Application Access Token
AC-3 Access Enforcement Protects T1530 Data from Cloud Storage Object
AC-3 Access Enforcement Protects T1537 Transfer Data to Cloud Account
AC-3 Access Enforcement Protects T1538 Cloud Service Dashboard
AC-3 Access Enforcement Protects T1539 Steal Web Session Cookie
AC-3 Access Enforcement Protects T1542 Pre-OS Boot
AC-3 Access Enforcement Protects T1542.001 System Firmware
AC-3 Access Enforcement Protects T1542.003 Bootkit
AC-3 Access Enforcement Protects T1542.004 ROMMONkit
AC-3 Access Enforcement Protects T1542.005 TFTP Boot
AC-3 Access Enforcement Protects T1543 Create or Modify System Process
AC-3 Access Enforcement Protects T1543.001 Launch Agent
AC-3 Access Enforcement Protects T1543.002 Systemd Service
AC-3 Access Enforcement Protects T1543.003 Windows Service
AC-3 Access Enforcement Protects T1543.004 Launch Daemon
AC-3 Access Enforcement Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-3 Access Enforcement Protects T1546.004 Unix Shell Configuration Modification
AC-3 Access Enforcement Protects T1546.013 PowerShell Profile
AC-3 Access Enforcement Protects T1547.003 Time Providers
AC-3 Access Enforcement Protects T1547.004 Winlogon Helper DLL
AC-3 Access Enforcement Protects T1547.006 Kernel Modules and Extensions
AC-3 Access Enforcement Protects T1547.007 Re-opened Applications
AC-3 Access Enforcement Protects T1547.009 Shortcut Modification
AC-3 Access Enforcement Protects T1547.011 Plist Modification
AC-3 Access Enforcement Protects T1547.012 Print Processors
AC-3 Access Enforcement Protects T1547.013 XDG Autostart Entries
AC-3 Access Enforcement Protects T1548 Abuse Elevation Control Mechanism
AC-3 Access Enforcement Protects T1548.002 Bypass User Account Control
AC-3 Access Enforcement Protects T1548.003 Sudo and Sudo Caching
AC-3 Access Enforcement Protects T1550 Use Alternate Authentication Material
AC-3 Access Enforcement Protects T1550.002 Pass the Hash
AC-3 Access Enforcement Protects T1550.003 Pass the Ticket
AC-3 Access Enforcement Protects T1552 Unsecured Credentials
AC-3 Access Enforcement Protects T1552.002 Credentials in Registry
AC-3 Access Enforcement Protects T1552.005 Cloud Instance Metadata API
AC-3 Access Enforcement Protects T1552.007 Container API
AC-3 Access Enforcement Protects T1553.003 SIP and Trust Provider Hijacking
AC-3 Access Enforcement Protects T1556 Modify Authentication Process
AC-3 Access Enforcement Protects T1556.001 Domain Controller Authentication
AC-3 Access Enforcement Protects T1556.003 Pluggable Authentication Modules
AC-3 Access Enforcement Protects T1556.004 Network Device Authentication
AC-3 Access Enforcement Protects T1557 Man-in-the-Middle
AC-3 Access Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-3 Access Enforcement Protects T1557.002 ARP Cache Poisoning
AC-3 Access Enforcement Protects T1558 Steal or Forge Kerberos Tickets
AC-3 Access Enforcement Protects T1558.001 Golden Ticket
AC-3 Access Enforcement Protects T1558.002 Silver Ticket
AC-3 Access Enforcement Protects T1558.003 Kerberoasting
AC-3 Access Enforcement Protects T1558.004 AS-REP Roasting
AC-3 Access Enforcement Protects T1559 Inter-Process Communication
AC-3 Access Enforcement Protects T1559.001 Component Object Model
AC-3 Access Enforcement Protects T1561 Disk Wipe
AC-3 Access Enforcement Protects T1561.001 Disk Content Wipe
AC-3 Access Enforcement Protects T1561.002 Disk Structure Wipe
AC-3 Access Enforcement Protects T1562 Impair Defenses
AC-3 Access Enforcement Protects T1562.001 Disable or Modify Tools
AC-3 Access Enforcement Protects T1562.002 Disable Windows Event Logging
AC-3 Access Enforcement Protects T1562.004 Disable or Modify System Firewall
AC-3 Access Enforcement Protects T1562.006 Indicator Blocking
AC-3 Access Enforcement Protects T1562.007 Disable or Modify Cloud Firewall
AC-3 Access Enforcement Protects T1562.008 Disable Cloud Logs
AC-3 Access Enforcement Protects T1563 Remote Service Session Hijacking
AC-3 Access Enforcement Protects T1563.001 SSH Hijacking
AC-3 Access Enforcement Protects T1563.002 RDP Hijacking
AC-3 Access Enforcement Protects T1564.004 NTFS File Attributes
AC-3 Access Enforcement Protects T1565 Data Manipulation
AC-3 Access Enforcement Protects T1565.001 Stored Data Manipulation
AC-3 Access Enforcement Protects T1565.003 Runtime Data Manipulation
AC-3 Access Enforcement Protects T1569 System Services
AC-3 Access Enforcement Protects T1569.001 Launchctl
AC-3 Access Enforcement Protects T1569.002 Service Execution
AC-3 Access Enforcement Protects T1570 Lateral Tool Transfer
AC-3 Access Enforcement Protects T1572 Protocol Tunneling
AC-3 Access Enforcement Protects T1574 Hijack Execution Flow
AC-3 Access Enforcement Protects T1574.004 Dylib Hijacking
AC-3 Access Enforcement Protects T1574.005 Executable Installer File Permissions Weakness
AC-3 Access Enforcement Protects T1574.007 Path Interception by PATH Environment Variable
AC-3 Access Enforcement Protects T1574.008 Path Interception by Search Order Hijacking
AC-3 Access Enforcement Protects T1574.009 Path Interception by Unquoted Path
AC-3 Access Enforcement Protects T1574.010 Services File Permissions Weakness
AC-3 Access Enforcement Protects T1574.012 COR_PROFILER
AC-3 Access Enforcement Protects T1578 Modify Cloud Compute Infrastructure
AC-3 Access Enforcement Protects T1578.001 Create Snapshot
AC-3 Access Enforcement Protects T1578.002 Create Cloud Instance
AC-3 Access Enforcement Protects T1578.003 Delete Cloud Instance
AC-3 Access Enforcement Protects T1580 Cloud Infrastructure Discovery
AC-3 Access Enforcement Protects T1599 Network Boundary Bridging
AC-3 Access Enforcement Protects T1599.001 Network Address Translation Traversal
AC-3 Access Enforcement Protects T1601 Modify System Image
AC-3 Access Enforcement Protects T1601.001 Patch System Image
AC-3 Access Enforcement Protects T1601.002 Downgrade System Image
AC-3 Access Enforcement Protects T1602 Data from Configuration Repository
AC-3 Access Enforcement Protects T1602.001 SNMP (MIB Dump)
AC-3 Access Enforcement Protects T1602.002 Network Device Configuration Dump
AC-3 Access Enforcement Protects T1609 Container Administration Command
AC-3 Access Enforcement Protects T1610 Deploy Container
AC-3 Access Enforcement Protects T1611 Escape to Host
AC-3 Access Enforcement Protects T1612 Build Image on Host
AC-3 Access Enforcement Protects T1613 Container and Resource Discovery
AC-4 Information Flow Enforcement Protects T1001 Data Obfuscation
AC-4 Information Flow Enforcement Protects T1001.001 Junk Data
AC-4 Information Flow Enforcement Protects T1001.002 Steganography
AC-4 Information Flow Enforcement Protects T1001.003 Protocol Impersonation
AC-4 Information Flow Enforcement Protects T1003 OS Credential Dumping
AC-4 Information Flow Enforcement Protects T1003.001 LSASS Memory
AC-4 Information Flow Enforcement Protects T1003.005 Cached Domain Credentials
AC-4 Information Flow Enforcement Protects T1003.006 DCSync
AC-4 Information Flow Enforcement Protects T1008 Fallback Channels
AC-4 Information Flow Enforcement Protects T1021.001 Remote Desktop Protocol
AC-4 Information Flow Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-4 Information Flow Enforcement Protects T1021.003 Distributed Component Object Model
AC-4 Information Flow Enforcement Protects T1021.005 VNC
AC-4 Information Flow Enforcement Protects T1021.006 Windows Remote Management
AC-4 Information Flow Enforcement Protects T1029 Scheduled Transfer
AC-4 Information Flow Enforcement Protects T1030 Data Transfer Size Limits
AC-4 Information Flow Enforcement Protects T1041 Exfiltration Over C2 Channel
AC-4 Information Flow Enforcement Protects T1046 Network Service Scanning
AC-4 Information Flow Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-4 Information Flow Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-4 Information Flow Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-4 Information Flow Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-4 Information Flow Enforcement Protects T1068 Exploitation for Privilege Escalation
AC-4 Information Flow Enforcement Protects T1071 Application Layer Protocol
AC-4 Information Flow Enforcement Protects T1071.001 Web Protocols
AC-4 Information Flow Enforcement Protects T1071.002 File Transfer Protocols
AC-4 Information Flow Enforcement Protects T1071.003 Mail Protocols
AC-4 Information Flow Enforcement Protects T1071.004 DNS
AC-4 Information Flow Enforcement Protects T1072 Software Deployment Tools
AC-4 Information Flow Enforcement Protects T1090 Proxy
AC-4 Information Flow Enforcement Protects T1090.001 Internal Proxy
AC-4 Information Flow Enforcement Protects T1090.002 External Proxy
AC-4 Information Flow Enforcement Protects T1090.003 Multi-hop Proxy
AC-4 Information Flow Enforcement Protects T1095 Non-Application Layer Protocol
AC-4 Information Flow Enforcement Protects T1098 Account Manipulation
AC-4 Information Flow Enforcement Protects T1098.001 Additional Cloud Credentials
AC-4 Information Flow Enforcement Protects T1102 Web Service
AC-4 Information Flow Enforcement Protects T1102.001 Dead Drop Resolver
AC-4 Information Flow Enforcement Protects T1102.002 Bidirectional Communication
AC-4 Information Flow Enforcement Protects T1102.003 One-Way Communication
AC-4 Information Flow Enforcement Protects T1104 Multi-Stage Channels
AC-4 Information Flow Enforcement Protects T1105 Ingress Tool Transfer
AC-4 Information Flow Enforcement Protects T1114 Email Collection
AC-4 Information Flow Enforcement Protects T1114.001 Local Email Collection
AC-4 Information Flow Enforcement Protects T1114.002 Remote Email Collection
AC-4 Information Flow Enforcement Protects T1114.003 Email Forwarding Rule
AC-4 Information Flow Enforcement Protects T1132 Data Encoding
AC-4 Information Flow Enforcement Protects T1132.001 Standard Encoding
AC-4 Information Flow Enforcement Protects T1132.002 Non-Standard Encoding
AC-4 Information Flow Enforcement Protects T1133 External Remote Services
AC-4 Information Flow Enforcement Protects T1134.005 SID-History Injection
AC-4 Information Flow Enforcement Protects T1136 Create Account
AC-4 Information Flow Enforcement Protects T1136.002 Domain Account
AC-4 Information Flow Enforcement Protects T1136.003 Cloud Account
AC-4 Information Flow Enforcement Protects T1187 Forced Authentication
AC-4 Information Flow Enforcement Protects T1189 Drive-by Compromise
AC-4 Information Flow Enforcement Protects T1190 Exploit Public-Facing Application
AC-4 Information Flow Enforcement Protects T1197 BITS Jobs
AC-4 Information Flow Enforcement Protects T1199 Trusted Relationship
AC-4 Information Flow Enforcement Protects T1203 Exploitation for Client Execution
AC-4 Information Flow Enforcement Protects T1204 User Execution
AC-4 Information Flow Enforcement Protects T1204.001 Malicious Link
AC-4 Information Flow Enforcement Protects T1204.002 Malicious File
AC-4 Information Flow Enforcement Protects T1204.003 Malicious Image
AC-4 Information Flow Enforcement Protects T1205 Traffic Signaling
AC-4 Information Flow Enforcement Protects T1205.001 Port Knocking
AC-4 Information Flow Enforcement Protects T1210 Exploitation of Remote Services
AC-4 Information Flow Enforcement Protects T1211 Exploitation for Defense Evasion
AC-4 Information Flow Enforcement Protects T1212 Exploitation for Credential Access
AC-4 Information Flow Enforcement Protects T1213 Data from Information Repositories
AC-4 Information Flow Enforcement Protects T1213.001 Confluence
AC-4 Information Flow Enforcement Protects T1213.002 Sharepoint
AC-4 Information Flow Enforcement Protects T1218.012 Verclsid
AC-4 Information Flow Enforcement Protects T1219 Remote Access Software
AC-4 Information Flow Enforcement Protects T1482 Domain Trust Discovery
AC-4 Information Flow Enforcement Protects T1484 Domain Policy Modification
AC-4 Information Flow Enforcement Protects T1489 Service Stop
AC-4 Information Flow Enforcement Protects T1498 Network Denial of Service
AC-4 Information Flow Enforcement Protects T1498.001 Direct Network Flood
AC-4 Information Flow Enforcement Protects T1498.002 Reflection Amplification
AC-4 Information Flow Enforcement Protects T1499 Endpoint Denial of Service
AC-4 Information Flow Enforcement Protects T1499.001 OS Exhaustion Flood
AC-4 Information Flow Enforcement Protects T1499.002 Service Exhaustion Flood
AC-4 Information Flow Enforcement Protects T1499.003 Application Exhaustion Flood
AC-4 Information Flow Enforcement Protects T1499.004 Application or System Exploitation
AC-4 Information Flow Enforcement Protects T1528 Steal Application Access Token
AC-4 Information Flow Enforcement Protects T1530 Data from Cloud Storage Object
AC-4 Information Flow Enforcement Protects T1537 Transfer Data to Cloud Account
AC-4 Information Flow Enforcement Protects T1547.003 Time Providers
AC-4 Information Flow Enforcement Protects T1552 Unsecured Credentials
AC-4 Information Flow Enforcement Protects T1552.001 Credentials In Files
AC-4 Information Flow Enforcement Protects T1552.005 Cloud Instance Metadata API
AC-4 Information Flow Enforcement Protects T1552.007 Container API
AC-4 Information Flow Enforcement Protects T1557 Man-in-the-Middle
AC-4 Information Flow Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-4 Information Flow Enforcement Protects T1557.002 ARP Cache Poisoning
AC-4 Information Flow Enforcement Protects T1559 Inter-Process Communication
AC-4 Information Flow Enforcement Protects T1559.001 Component Object Model
AC-4 Information Flow Enforcement Protects T1559.002 Dynamic Data Exchange
AC-4 Information Flow Enforcement Protects T1563 Remote Service Session Hijacking
AC-4 Information Flow Enforcement Protects T1563.002 RDP Hijacking
AC-4 Information Flow Enforcement Protects T1565 Data Manipulation
AC-4 Information Flow Enforcement Protects T1565.003 Runtime Data Manipulation
AC-4 Information Flow Enforcement Protects T1566 Phishing
AC-4 Information Flow Enforcement Protects T1566.001 Spearphishing Attachment
AC-4 Information Flow Enforcement Protects T1566.002 Spearphishing Link
AC-4 Information Flow Enforcement Protects T1566.003 Spearphishing via Service
AC-4 Information Flow Enforcement Protects T1567 Exfiltration Over Web Service
AC-4 Information Flow Enforcement Protects T1567.001 Exfiltration to Code Repository
AC-4 Information Flow Enforcement Protects T1567.002 Exfiltration to Cloud Storage
AC-4 Information Flow Enforcement Protects T1568 Dynamic Resolution
AC-4 Information Flow Enforcement Protects T1568.002 Domain Generation Algorithms
AC-4 Information Flow Enforcement Protects T1570 Lateral Tool Transfer
AC-4 Information Flow Enforcement Protects T1571 Non-Standard Port
AC-4 Information Flow Enforcement Protects T1572 Protocol Tunneling
AC-4 Information Flow Enforcement Protects T1573 Encrypted Channel
AC-4 Information Flow Enforcement Protects T1573.001 Symmetric Cryptography
AC-4 Information Flow Enforcement Protects T1573.002 Asymmetric Cryptography
AC-4 Information Flow Enforcement Protects T1574 Hijack Execution Flow
AC-4 Information Flow Enforcement Protects T1574.004 Dylib Hijacking
AC-4 Information Flow Enforcement Protects T1574.005 Executable Installer File Permissions Weakness
AC-4 Information Flow Enforcement Protects T1574.007 Path Interception by PATH Environment Variable
AC-4 Information Flow Enforcement Protects T1574.008 Path Interception by Search Order Hijacking
AC-4 Information Flow Enforcement Protects T1574.009 Path Interception by Unquoted Path
AC-4 Information Flow Enforcement Protects T1574.010 Services File Permissions Weakness
AC-4 Information Flow Enforcement Protects T1598 Phishing for Information
AC-4 Information Flow Enforcement Protects T1598.001 Spearphishing Service
AC-4 Information Flow Enforcement Protects T1598.002 Spearphishing Attachment
AC-4 Information Flow Enforcement Protects T1598.003 Spearphishing Link
AC-4 Information Flow Enforcement Protects T1599 Network Boundary Bridging
AC-4 Information Flow Enforcement Protects T1599.001 Network Address Translation Traversal
AC-4 Information Flow Enforcement Protects T1601 Modify System Image
AC-4 Information Flow Enforcement Protects T1601.001 Patch System Image
AC-4 Information Flow Enforcement Protects T1601.002 Downgrade System Image
AC-4 Information Flow Enforcement Protects T1602 Data from Configuration Repository
AC-4 Information Flow Enforcement Protects T1602.001 SNMP (MIB Dump)
AC-4 Information Flow Enforcement Protects T1602.002 Network Device Configuration Dump
AC-4 Information Flow Enforcement Protects T1611 Escape to Host
AC-5 Separation of Duties Protects T1003 OS Credential Dumping
AC-5 Separation of Duties Protects T1003.001 LSASS Memory
AC-5 Separation of Duties Protects T1003.002 Security Account Manager
AC-5 Separation of Duties Protects T1003.003 NTDS
AC-5 Separation of Duties Protects T1003.004 LSA Secrets
AC-5 Separation of Duties Protects T1003.005 Cached Domain Credentials
AC-5 Separation of Duties Protects T1003.006 DCSync
AC-5 Separation of Duties Protects T1003.007 Proc Filesystem
AC-5 Separation of Duties Protects T1003.008 /etc/passwd and /etc/shadow
AC-5 Separation of Duties Protects T1021 Remote Services
AC-5 Separation of Duties Protects T1021.001 Remote Desktop Protocol
AC-5 Separation of Duties Protects T1021.002 SMB/Windows Admin Shares
AC-5 Separation of Duties Protects T1021.003 Distributed Component Object Model
AC-5 Separation of Duties Protects T1021.004 SSH
AC-5 Separation of Duties Protects T1021.006 Windows Remote Management
AC-5 Separation of Duties Protects T1047 Windows Management Instrumentation
AC-5 Separation of Duties Protects T1053 Scheduled Task/Job
AC-5 Separation of Duties Protects T1053.001 At (Linux)
AC-5 Separation of Duties Protects T1053.002 At (Windows)
AC-5 Separation of Duties Protects T1053.003 Cron
AC-5 Separation of Duties Protects T1053.004 Launchd
AC-5 Separation of Duties Protects T1053.005 Scheduled Task
AC-5 Separation of Duties Protects T1053.006 Systemd Timers
AC-5 Separation of Duties Protects T1053.007 Container Orchestration Job
AC-5 Separation of Duties Protects T1055 Process Injection
AC-5 Separation of Duties Protects T1055.008 Ptrace System Calls
AC-5 Separation of Duties Protects T1056.003 Web Portal Capture
AC-5 Separation of Duties Protects T1059 Command and Scripting Interpreter
AC-5 Separation of Duties Protects T1059.001 PowerShell
AC-5 Separation of Duties Protects T1059.008 Network Device CLI
AC-5 Separation of Duties Protects T1070 Indicator Removal on Host
AC-5 Separation of Duties Protects T1070.001 Clear Windows Event Logs
AC-5 Separation of Duties Protects T1070.002 Clear Linux or Mac System Logs
AC-5 Separation of Duties Protects T1070.003 Clear Command History
AC-5 Separation of Duties Protects T1072 Software Deployment Tools
AC-5 Separation of Duties Protects T1078 Valid Accounts
AC-5 Separation of Duties Protects T1078.001 Default Accounts
AC-5 Separation of Duties Protects T1078.002 Domain Accounts
AC-5 Separation of Duties Protects T1078.003 Local Accounts
AC-5 Separation of Duties Protects T1078.004 Cloud Accounts
AC-5 Separation of Duties Protects T1087.004 Cloud Account
AC-5 Separation of Duties Protects T1098 Account Manipulation
AC-5 Separation of Duties Protects T1098.001 Additional Cloud Credentials
AC-5 Separation of Duties Protects T1098.002 Exchange Email Delegate Permissions
AC-5 Separation of Duties Protects T1098.003 Add Office 365 Global Administrator Role
AC-5 Separation of Duties Protects T1110 Brute Force
AC-5 Separation of Duties Protects T1110.001 Password Guessing
AC-5 Separation of Duties Protects T1110.002 Password Cracking
AC-5 Separation of Duties Protects T1110.003 Password Spraying
AC-5 Separation of Duties Protects T1110.004 Credential Stuffing
AC-5 Separation of Duties Protects T1134 Access Token Manipulation
AC-5 Separation of Duties Protects T1134.001 Token Impersonation/Theft
AC-5 Separation of Duties Protects T1134.002 Create Process with Token
AC-5 Separation of Duties Protects T1134.003 Make and Impersonate Token
AC-5 Separation of Duties Protects T1134.005 SID-History Injection
AC-5 Separation of Duties Protects T1136 Create Account
AC-5 Separation of Duties Protects T1136.001 Local Account
AC-5 Separation of Duties Protects T1136.002 Domain Account
AC-5 Separation of Duties Protects T1136.003 Cloud Account
AC-5 Separation of Duties Protects T1185 Man in the Browser
AC-5 Separation of Duties Protects T1190 Exploit Public-Facing Application
AC-5 Separation of Duties Protects T1197 BITS Jobs
AC-5 Separation of Duties Protects T1210 Exploitation of Remote Services
AC-5 Separation of Duties Protects T1213 Data from Information Repositories
AC-5 Separation of Duties Protects T1213.001 Confluence
AC-5 Separation of Duties Protects T1213.002 Sharepoint
AC-5 Separation of Duties Protects T1218 Signed Binary Proxy Execution
AC-5 Separation of Duties Protects T1218.007 Msiexec
AC-5 Separation of Duties Protects T1222 File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1222.001 Windows File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1484 Domain Policy Modification
AC-5 Separation of Duties Protects T1489 Service Stop
AC-5 Separation of Duties Protects T1495 Firmware Corruption
AC-5 Separation of Duties Protects T1505 Server Software Component
AC-5 Separation of Duties Protects T1505.001 SQL Stored Procedures
AC-5 Separation of Duties Protects T1505.002 Transport Agent
AC-5 Separation of Duties Protects T1525 Implant Internal Image
AC-5 Separation of Duties Protects T1528 Steal Application Access Token
AC-5 Separation of Duties Protects T1530 Data from Cloud Storage Object
AC-5 Separation of Duties Protects T1537 Transfer Data to Cloud Account
AC-5 Separation of Duties Protects T1538 Cloud Service Dashboard
AC-5 Separation of Duties Protects T1542 Pre-OS Boot
AC-5 Separation of Duties Protects T1542.001 System Firmware
AC-5 Separation of Duties Protects T1542.003 Bootkit
AC-5 Separation of Duties Protects T1542.005 TFTP Boot
AC-5 Separation of Duties Protects T1543 Create or Modify System Process
AC-5 Separation of Duties Protects T1543.001 Launch Agent
AC-5 Separation of Duties Protects T1543.002 Systemd Service
AC-5 Separation of Duties Protects T1543.003 Windows Service
AC-5 Separation of Duties Protects T1543.004 Launch Daemon
AC-5 Separation of Duties Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-5 Separation of Duties Protects T1547.004 Winlogon Helper DLL
AC-5 Separation of Duties Protects T1547.006 Kernel Modules and Extensions
AC-5 Separation of Duties Protects T1547.009 Shortcut Modification
AC-5 Separation of Duties Protects T1547.012 Print Processors
AC-5 Separation of Duties Protects T1547.013 XDG Autostart Entries
AC-5 Separation of Duties Protects T1548 Abuse Elevation Control Mechanism
AC-5 Separation of Duties Protects T1548.002 Bypass User Account Control
AC-5 Separation of Duties Protects T1548.003 Sudo and Sudo Caching
AC-5 Separation of Duties Protects T1550 Use Alternate Authentication Material
AC-5 Separation of Duties Protects T1550.002 Pass the Hash
AC-5 Separation of Duties Protects T1550.003 Pass the Ticket
AC-5 Separation of Duties Protects T1552 Unsecured Credentials
AC-5 Separation of Duties Protects T1552.001 Credentials In Files
AC-5 Separation of Duties Protects T1552.002 Credentials in Registry
AC-5 Separation of Duties Protects T1552.006 Group Policy Preferences
AC-5 Separation of Duties Protects T1552.007 Container API
AC-5 Separation of Duties Protects T1556 Modify Authentication Process
AC-5 Separation of Duties Protects T1556.001 Domain Controller Authentication
AC-5 Separation of Duties Protects T1556.003 Pluggable Authentication Modules
AC-5 Separation of Duties Protects T1556.004 Network Device Authentication
AC-5 Separation of Duties Protects T1558 Steal or Forge Kerberos Tickets
AC-5 Separation of Duties Protects T1558.001 Golden Ticket
AC-5 Separation of Duties Protects T1558.002 Silver Ticket
AC-5 Separation of Duties Protects T1558.003 Kerberoasting
AC-5 Separation of Duties Protects T1559 Inter-Process Communication
AC-5 Separation of Duties Protects T1559.001 Component Object Model
AC-5 Separation of Duties Protects T1562 Impair Defenses
AC-5 Separation of Duties Protects T1562.001 Disable or Modify Tools
AC-5 Separation of Duties Protects T1562.002 Disable Windows Event Logging
AC-5 Separation of Duties Protects T1562.004 Disable or Modify System Firewall
AC-5 Separation of Duties Protects T1562.006 Indicator Blocking
AC-5 Separation of Duties Protects T1562.007 Disable or Modify Cloud Firewall
AC-5 Separation of Duties Protects T1562.008 Disable Cloud Logs
AC-5 Separation of Duties Protects T1563 Remote Service Session Hijacking
AC-5 Separation of Duties Protects T1563.001 SSH Hijacking
AC-5 Separation of Duties Protects T1563.002 RDP Hijacking
AC-5 Separation of Duties Protects T1569 System Services
AC-5 Separation of Duties Protects T1569.001 Launchctl
AC-5 Separation of Duties Protects T1569.002 Service Execution
AC-5 Separation of Duties Protects T1574 Hijack Execution Flow
AC-5 Separation of Duties Protects T1574.004 Dylib Hijacking
AC-5 Separation of Duties Protects T1574.005 Executable Installer File Permissions Weakness
AC-5 Separation of Duties Protects T1574.007 Path Interception by PATH Environment Variable
AC-5 Separation of Duties Protects T1574.008 Path Interception by Search Order Hijacking
AC-5 Separation of Duties Protects T1574.009 Path Interception by Unquoted Path
AC-5 Separation of Duties Protects T1574.010 Services File Permissions Weakness
AC-5 Separation of Duties Protects T1574.012 COR_PROFILER
AC-5 Separation of Duties Protects T1578 Modify Cloud Compute Infrastructure
AC-5 Separation of Duties Protects T1578.001 Create Snapshot
AC-5 Separation of Duties Protects T1578.002 Create Cloud Instance
AC-5 Separation of Duties Protects T1578.003 Delete Cloud Instance
AC-5 Separation of Duties Protects T1580 Cloud Infrastructure Discovery
AC-5 Separation of Duties Protects T1599 Network Boundary Bridging
AC-5 Separation of Duties Protects T1599.001 Network Address Translation Traversal
AC-5 Separation of Duties Protects T1601 Modify System Image
AC-5 Separation of Duties Protects T1601.001 Patch System Image
AC-5 Separation of Duties Protects T1601.002 Downgrade System Image
AC-5 Separation of Duties Protects T1611 Escape to Host
AC-6 Least Privilege Protects T1003 OS Credential Dumping
AC-6 Least Privilege Protects T1003.001 LSASS Memory
AC-6 Least Privilege Protects T1003.002 Security Account Manager
AC-6 Least Privilege Protects T1003.003 NTDS
AC-6 Least Privilege Protects T1003.004 LSA Secrets
AC-6 Least Privilege Protects T1003.005 Cached Domain Credentials
AC-6 Least Privilege Protects T1003.006 DCSync
AC-6 Least Privilege Protects T1003.007 Proc Filesystem
AC-6 Least Privilege Protects T1003.008 /etc/passwd and /etc/shadow
AC-6 Least Privilege Protects T1021 Remote Services
AC-6 Least Privilege Protects T1021.001 Remote Desktop Protocol
AC-6 Least Privilege Protects T1021.002 SMB/Windows Admin Shares
AC-6 Least Privilege Protects T1021.003 Distributed Component Object Model
AC-6 Least Privilege Protects T1021.004 SSH
AC-6 Least Privilege Protects T1021.005 VNC
AC-6 Least Privilege Protects T1021.006 Windows Remote Management
AC-6 Least Privilege Protects T1036 Masquerading
AC-6 Least Privilege Protects T1036.003 Rename System Utilities
AC-6 Least Privilege Protects T1036.005 Match Legitimate Name or Location
AC-6 Least Privilege Protects T1047 Windows Management Instrumentation
AC-6 Least Privilege Protects T1052 Exfiltration Over Physical Medium
AC-6 Least Privilege Protects T1052.001 Exfiltration over USB
AC-6 Least Privilege Protects T1053 Scheduled Task/Job
AC-6 Least Privilege Protects T1053.001 At (Linux)
AC-6 Least Privilege Protects T1053.002 At (Windows)
AC-6 Least Privilege Protects T1053.003 Cron
AC-6 Least Privilege Protects T1053.004 Launchd
AC-6 Least Privilege Protects T1053.005 Scheduled Task
AC-6 Least Privilege Protects T1053.006 Systemd Timers
AC-6 Least Privilege Protects T1053.007 Container Orchestration Job
AC-6 Least Privilege Protects T1055 Process Injection
AC-6 Least Privilege Protects T1055.001 Dynamic-link Library Injection
AC-6 Least Privilege Protects T1055.002 Portable Executable Injection
AC-6 Least Privilege Protects T1055.003 Thread Execution Hijacking
AC-6 Least Privilege Protects T1055.004 Asynchronous Procedure Call
AC-6 Least Privilege Protects T1055.005 Thread Local Storage
AC-6 Least Privilege Protects T1055.008 Ptrace System Calls
AC-6 Least Privilege Protects T1055.009 Proc Memory
AC-6 Least Privilege Protects T1055.011 Extra Window Memory Injection
AC-6 Least Privilege Protects T1055.012 Process Hollowing
AC-6 Least Privilege Protects T1055.013 Process Doppelgänging
AC-6 Least Privilege Protects T1055.014 VDSO Hijacking
AC-6 Least Privilege Protects T1056.003 Web Portal Capture
AC-6 Least Privilege Protects T1059 Command and Scripting Interpreter
AC-6 Least Privilege Protects T1059.001 PowerShell
AC-6 Least Privilege Protects T1059.006 Python
AC-6 Least Privilege Protects T1059.008 Network Device CLI
AC-6 Least Privilege Protects T1068 Exploitation for Privilege Escalation
AC-6 Least Privilege Protects T1070 Indicator Removal on Host
AC-6 Least Privilege Protects T1070.001 Clear Windows Event Logs
AC-6 Least Privilege Protects T1070.002 Clear Linux or Mac System Logs
AC-6 Least Privilege Protects T1070.003 Clear Command History
AC-6 Least Privilege Protects T1072 Software Deployment Tools
AC-6 Least Privilege Protects T1078 Valid Accounts
AC-6 Least Privilege Protects T1078.001 Default Accounts
AC-6 Least Privilege Protects T1078.002 Domain Accounts
AC-6 Least Privilege Protects T1078.003 Local Accounts
AC-6 Least Privilege Protects T1078.004 Cloud Accounts
AC-6 Least Privilege Protects T1087.004 Cloud Account
AC-6 Least Privilege Protects T1091 Replication Through Removable Media
AC-6 Least Privilege Protects T1098 Account Manipulation
AC-6 Least Privilege Protects T1098.001 Additional Cloud Credentials
AC-6 Least Privilege Protects T1098.002 Exchange Email Delegate Permissions
AC-6 Least Privilege Protects T1098.003 Add Office 365 Global Administrator Role
AC-6 Least Privilege Protects T1110 Brute Force
AC-6 Least Privilege Protects T1110.001 Password Guessing
AC-6 Least Privilege Protects T1110.002 Password Cracking
AC-6 Least Privilege Protects T1110.003 Password Spraying
AC-6 Least Privilege Protects T1110.004 Credential Stuffing
AC-6 Least Privilege Protects T1112 Modify Registry
AC-6 Least Privilege Protects T1133 External Remote Services
AC-6 Least Privilege Protects T1134 Access Token Manipulation
AC-6 Least Privilege Protects T1134.001 Token Impersonation/Theft
AC-6 Least Privilege Protects T1134.002 Create Process with Token
AC-6 Least Privilege Protects T1134.003 Make and Impersonate Token
AC-6 Least Privilege Protects T1134.005 SID-History Injection
AC-6 Least Privilege Protects T1136 Create Account
AC-6 Least Privilege Protects T1136.001 Local Account
AC-6 Least Privilege Protects T1136.002 Domain Account
AC-6 Least Privilege Protects T1136.003 Cloud Account
AC-6 Least Privilege Protects T1137.002 Office Test
AC-6 Least Privilege Protects T1176 Browser Extensions
AC-6 Least Privilege Protects T1185 Man in the Browser
AC-6 Least Privilege Protects T1189 Drive-by Compromise
AC-6 Least Privilege Protects T1190 Exploit Public-Facing Application
AC-6 Least Privilege Protects T1197 BITS Jobs
AC-6 Least Privilege Protects T1199 Trusted Relationship
AC-6 Least Privilege Protects T1200 Hardware Additions
AC-6 Least Privilege Protects T1203 Exploitation for Client Execution
AC-6 Least Privilege Protects T1210 Exploitation of Remote Services
AC-6 Least Privilege Protects T1211 Exploitation for Defense Evasion
AC-6 Least Privilege Protects T1212 Exploitation for Credential Access
AC-6 Least Privilege Protects T1213 Data from Information Repositories
AC-6 Least Privilege Protects T1213.001 Confluence
AC-6 Least Privilege Protects T1213.002 Sharepoint
AC-6 Least Privilege Protects T1218 Signed Binary Proxy Execution
AC-6 Least Privilege Protects T1218.007 Msiexec
AC-6 Least Privilege Protects T1222 File and Directory Permissions Modification
AC-6 Least Privilege Protects T1222.001 Windows File and Directory Permissions Modification
AC-6 Least Privilege Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-6 Least Privilege Protects T1484 Domain Policy Modification
AC-6 Least Privilege Protects T1485 Data Destruction
AC-6 Least Privilege Protects T1486 Data Encrypted for Impact
AC-6 Least Privilege Protects T1489 Service Stop
AC-6 Least Privilege Protects T1490 Inhibit System Recovery
AC-6 Least Privilege Protects T1491 Defacement
AC-6 Least Privilege Protects T1491.001 Internal Defacement
AC-6 Least Privilege Protects T1491.002 External Defacement
AC-6 Least Privilege Protects T1495 Firmware Corruption
AC-6 Least Privilege Protects T1505 Server Software Component
AC-6 Least Privilege Protects T1505.001 SQL Stored Procedures
AC-6 Least Privilege Protects T1505.002 Transport Agent
AC-6 Least Privilege Protects T1525 Implant Internal Image
AC-6 Least Privilege Protects T1528 Steal Application Access Token
AC-6 Least Privilege Protects T1530 Data from Cloud Storage Object
AC-6 Least Privilege Protects T1537 Transfer Data to Cloud Account
AC-6 Least Privilege Protects T1538 Cloud Service Dashboard
AC-6 Least Privilege Protects T1539 Steal Web Session Cookie
AC-6 Least Privilege Protects T1542 Pre-OS Boot
AC-6 Least Privilege Protects T1542.001 System Firmware
AC-6 Least Privilege Protects T1542.003 Bootkit
AC-6 Least Privilege Protects T1542.004 ROMMONkit
AC-6 Least Privilege Protects T1542.005 TFTP Boot
AC-6 Least Privilege Protects T1543 Create or Modify System Process
AC-6 Least Privilege Protects T1543.001 Launch Agent
AC-6 Least Privilege Protects T1543.002 Systemd Service
AC-6 Least Privilege Protects T1543.003 Windows Service
AC-6 Least Privilege Protects T1543.004 Launch Daemon
AC-6 Least Privilege Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-6 Least Privilege Protects T1546.004 Unix Shell Configuration Modification
AC-6 Least Privilege Protects T1546.011 Application Shimming
AC-6 Least Privilege Protects T1546.013 PowerShell Profile
AC-6 Least Privilege Protects T1547.003 Time Providers
AC-6 Least Privilege Protects T1547.004 Winlogon Helper DLL
AC-6 Least Privilege Protects T1547.006 Kernel Modules and Extensions
AC-6 Least Privilege Protects T1547.009 Shortcut Modification
AC-6 Least Privilege Protects T1547.011 Plist Modification
AC-6 Least Privilege Protects T1547.012 Print Processors
AC-6 Least Privilege Protects T1547.013 XDG Autostart Entries
AC-6 Least Privilege Protects T1548 Abuse Elevation Control Mechanism
AC-6 Least Privilege Protects T1548.002 Bypass User Account Control
AC-6 Least Privilege Protects T1548.003 Sudo and Sudo Caching
AC-6 Least Privilege Protects T1550 Use Alternate Authentication Material
AC-6 Least Privilege Protects T1550.002 Pass the Hash
AC-6 Least Privilege Protects T1550.003 Pass the Ticket
AC-6 Least Privilege Protects T1552 Unsecured Credentials
AC-6 Least Privilege Protects T1552.001 Credentials In Files
AC-6 Least Privilege Protects T1552.002 Credentials in Registry
AC-6 Least Privilege Protects T1552.006 Group Policy Preferences
AC-6 Least Privilege Protects T1552.007 Container API
AC-6 Least Privilege Protects T1553 Subvert Trust Controls
AC-6 Least Privilege Protects T1553.003 SIP and Trust Provider Hijacking
AC-6 Least Privilege Protects T1553.006 Code Signing Policy Modification
AC-6 Least Privilege Protects T1556 Modify Authentication Process
AC-6 Least Privilege Protects T1556.001 Domain Controller Authentication
AC-6 Least Privilege Protects T1556.003 Pluggable Authentication Modules
AC-6 Least Privilege Protects T1556.004 Network Device Authentication
AC-6 Least Privilege Protects T1558 Steal or Forge Kerberos Tickets
AC-6 Least Privilege Protects T1558.001 Golden Ticket
AC-6 Least Privilege Protects T1558.002 Silver Ticket
AC-6 Least Privilege Protects T1558.003 Kerberoasting
AC-6 Least Privilege Protects T1559 Inter-Process Communication
AC-6 Least Privilege Protects T1559.001 Component Object Model
AC-6 Least Privilege Protects T1559.002 Dynamic Data Exchange
AC-6 Least Privilege Protects T1561 Disk Wipe
AC-6 Least Privilege Protects T1561.001 Disk Content Wipe
AC-6 Least Privilege Protects T1561.002 Disk Structure Wipe
AC-6 Least Privilege Protects T1562 Impair Defenses
AC-6 Least Privilege Protects T1562.001 Disable or Modify Tools
AC-6 Least Privilege Protects T1562.002 Disable Windows Event Logging
AC-6 Least Privilege Protects T1562.004 Disable or Modify System Firewall
AC-6 Least Privilege Protects T1562.006 Indicator Blocking
AC-6 Least Privilege Protects T1562.007 Disable or Modify Cloud Firewall
AC-6 Least Privilege Protects T1562.008 Disable Cloud Logs
AC-6 Least Privilege Protects T1563 Remote Service Session Hijacking
AC-6 Least Privilege Protects T1563.001 SSH Hijacking
AC-6 Least Privilege Protects T1563.002 RDP Hijacking
AC-6 Least Privilege Protects T1569 System Services
AC-6 Least Privilege Protects T1569.001 Launchctl
AC-6 Least Privilege Protects T1569.002 Service Execution
AC-6 Least Privilege Protects T1574 Hijack Execution Flow
AC-6 Least Privilege Protects T1574.004 Dylib Hijacking
AC-6 Least Privilege Protects T1574.005 Executable Installer File Permissions Weakness
AC-6 Least Privilege Protects T1574.007 Path Interception by PATH Environment Variable
AC-6 Least Privilege Protects T1574.008 Path Interception by Search Order Hijacking
AC-6 Least Privilege Protects T1574.009 Path Interception by Unquoted Path
AC-6 Least Privilege Protects T1574.010 Services File Permissions Weakness
AC-6 Least Privilege Protects T1574.011 Services Registry Permissions Weakness
AC-6 Least Privilege Protects T1574.012 COR_PROFILER
AC-6 Least Privilege Protects T1578 Modify Cloud Compute Infrastructure
AC-6 Least Privilege Protects T1578.001 Create Snapshot
AC-6 Least Privilege Protects T1578.002 Create Cloud Instance
AC-6 Least Privilege Protects T1578.003 Delete Cloud Instance
AC-6 Least Privilege Protects T1580 Cloud Infrastructure Discovery
AC-6 Least Privilege Protects T1599 Network Boundary Bridging
AC-6 Least Privilege Protects T1599.001 Network Address Translation Traversal
AC-6 Least Privilege Protects T1601 Modify System Image
AC-6 Least Privilege Protects T1601.001 Patch System Image
AC-6 Least Privilege Protects T1601.002 Downgrade System Image
AC-6 Least Privilege Protects T1609 Container Administration Command
AC-6 Least Privilege Protects T1610 Deploy Container
AC-6 Least Privilege Protects T1611 Escape to Host
AC-6 Least Privilege Protects T1612 Build Image on Host
AC-6 Least Privilege Protects T1613 Container and Resource Discovery
AC-7 Unsuccessful Logon Attempts Protects T1021 Remote Services
AC-7 Unsuccessful Logon Attempts Protects T1021.001 Remote Desktop Protocol
AC-7 Unsuccessful Logon Attempts Protects T1021.004 SSH
AC-7 Unsuccessful Logon Attempts Protects T1078.002 Domain Accounts
AC-7 Unsuccessful Logon Attempts Protects T1078.004 Cloud Accounts
AC-7 Unsuccessful Logon Attempts Protects T1110 Brute Force
AC-7 Unsuccessful Logon Attempts Protects T1110.001 Password Guessing
AC-7 Unsuccessful Logon Attempts Protects T1110.002 Password Cracking
AC-7 Unsuccessful Logon Attempts Protects T1110.003 Password Spraying
AC-7 Unsuccessful Logon Attempts Protects T1110.004 Credential Stuffing
AC-7 Unsuccessful Logon Attempts Protects T1133 External Remote Services
AC-7 Unsuccessful Logon Attempts Protects T1530 Data from Cloud Storage Object
AC-7 Unsuccessful Logon Attempts Protects T1556 Modify Authentication Process
AC-7 Unsuccessful Logon Attempts Protects T1556.001 Domain Controller Authentication
AC-7 Unsuccessful Logon Attempts Protects T1556.003 Pluggable Authentication Modules
AC-7 Unsuccessful Logon Attempts Protects T1556.004 Network Device Authentication
AC-8 System Use Notification Protects T1199 Trusted Relationship
CA-2 Control Assessments Protects T1190 Exploit Public-Facing Application
CA-2 Control Assessments Protects T1195 Supply Chain Compromise
CA-2 Control Assessments Protects T1195.001 Compromise Software Dependencies and Development Tools
CA-2 Control Assessments Protects T1195.002 Compromise Software Supply Chain
CA-2 Control Assessments Protects T1210 Exploitation of Remote Services
CA-7 Continuous Monitoring Protects T1001 Data Obfuscation
CA-7 Continuous Monitoring Protects T1001.001 Junk Data
CA-7 Continuous Monitoring Protects T1001.002 Steganography
CA-7 Continuous Monitoring Protects T1001.003 Protocol Impersonation
CA-7 Continuous Monitoring Protects T1003 OS Credential Dumping
CA-7 Continuous Monitoring Protects T1003.001 LSASS Memory
CA-7 Continuous Monitoring Protects T1003.002 Security Account Manager
CA-7 Continuous Monitoring Protects T1003.003 NTDS
CA-7 Continuous Monitoring Protects T1003.004 LSA Secrets
CA-7 Continuous Monitoring Protects T1003.005 Cached Domain Credentials
CA-7 Continuous Monitoring Protects T1003.006 DCSync
CA-7 Continuous Monitoring Protects T1003.007 Proc Filesystem
CA-7 Continuous Monitoring Protects T1003.008 /etc/passwd and /etc/shadow
CA-7 Continuous Monitoring Protects T1008 Fallback Channels
CA-7 Continuous Monitoring Protects T1021.002 SMB/Windows Admin Shares
CA-7 Continuous Monitoring Protects T1021.005 VNC
CA-7 Continuous Monitoring Protects T1029 Scheduled Transfer
CA-7 Continuous Monitoring Protects T1030 Data Transfer Size Limits
CA-7 Continuous Monitoring Protects T1036 Masquerading
CA-7 Continuous Monitoring Protects T1036.003 Rename System Utilities
CA-7 Continuous Monitoring Protects T1036.005 Match Legitimate Name or Location
CA-7 Continuous Monitoring Protects T1037 Boot or Logon Initialization Scripts
CA-7 Continuous Monitoring Protects T1037.002 Logon Script (Mac)
CA-7 Continuous Monitoring Protects T1037.003 Network Logon Script
CA-7 Continuous Monitoring Protects T1037.004 RC Scripts
CA-7 Continuous Monitoring Protects T1037.005 Startup Items
CA-7 Continuous Monitoring Protects T1041 Exfiltration Over C2 Channel
CA-7 Continuous Monitoring Protects T1046 Network Service Scanning
CA-7 Continuous Monitoring Protects T1048 Exfiltration Over Alternative Protocol
CA-7 Continuous Monitoring Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CA-7 Continuous Monitoring Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-7 Continuous Monitoring Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CA-7 Continuous Monitoring Protects T1053.006 Systemd Timers
CA-7 Continuous Monitoring Protects T1055.009 Proc Memory
CA-7 Continuous Monitoring Protects T1056.002 GUI Input Capture
CA-7 Continuous Monitoring Protects T1068 Exploitation for Privilege Escalation
CA-7 Continuous Monitoring Protects T1070 Indicator Removal on Host
CA-7 Continuous Monitoring Protects T1070.001 Clear Windows Event Logs
CA-7 Continuous Monitoring Protects T1070.002 Clear Linux or Mac System Logs
CA-7 Continuous Monitoring Protects T1070.003 Clear Command History
CA-7 Continuous Monitoring Protects T1071 Application Layer Protocol
CA-7 Continuous Monitoring Protects T1071.001 Web Protocols
CA-7 Continuous Monitoring Protects T1071.002 File Transfer Protocols
CA-7 Continuous Monitoring Protects T1071.003 Mail Protocols
CA-7 Continuous Monitoring Protects T1071.004 DNS
CA-7 Continuous Monitoring Protects T1072 Software Deployment Tools
CA-7 Continuous Monitoring Protects T1078 Valid Accounts
CA-7 Continuous Monitoring Protects T1078.001 Default Accounts
CA-7 Continuous Monitoring Protects T1078.003 Local Accounts
CA-7 Continuous Monitoring Protects T1078.004 Cloud Accounts
CA-7 Continuous Monitoring Protects T1080 Taint Shared Content
CA-7 Continuous Monitoring Protects T1090 Proxy
CA-7 Continuous Monitoring Protects T1090.001 Internal Proxy
CA-7 Continuous Monitoring Protects T1090.002 External Proxy
CA-7 Continuous Monitoring Protects T1090.003 Multi-hop Proxy
CA-7 Continuous Monitoring Protects T1095 Non-Application Layer Protocol
CA-7 Continuous Monitoring Protects T1102 Web Service
CA-7 Continuous Monitoring Protects T1102.001 Dead Drop Resolver
CA-7 Continuous Monitoring Protects T1102.002 Bidirectional Communication
CA-7 Continuous Monitoring Protects T1102.003 One-Way Communication
CA-7 Continuous Monitoring Protects T1104 Multi-Stage Channels
CA-7 Continuous Monitoring Protects T1105 Ingress Tool Transfer
CA-7 Continuous Monitoring Protects T1110 Brute Force
CA-7 Continuous Monitoring Protects T1110.001 Password Guessing
CA-7 Continuous Monitoring Protects T1110.002 Password Cracking
CA-7 Continuous Monitoring Protects T1110.003 Password Spraying
CA-7 Continuous Monitoring Protects T1110.004 Credential Stuffing
CA-7 Continuous Monitoring Protects T1111 Two-Factor Authentication Interception
CA-7 Continuous Monitoring Protects T1132 Data Encoding
CA-7 Continuous Monitoring Protects T1132.001 Standard Encoding
CA-7 Continuous Monitoring Protects T1132.002 Non-Standard Encoding
CA-7 Continuous Monitoring Protects T1176 Browser Extensions
CA-7 Continuous Monitoring Protects T1185 Man in the Browser
CA-7 Continuous Monitoring Protects T1187 Forced Authentication
CA-7 Continuous Monitoring Protects T1189 Drive-by Compromise
CA-7 Continuous Monitoring Protects T1190 Exploit Public-Facing Application
CA-7 Continuous Monitoring Protects T1195 Supply Chain Compromise
CA-7 Continuous Monitoring Protects T1195.001 Compromise Software Dependencies and Development Tools
CA-7 Continuous Monitoring Protects T1195.002 Compromise Software Supply Chain
CA-7 Continuous Monitoring Protects T1197 BITS Jobs
CA-7 Continuous Monitoring Protects T1201 Password Policy Discovery
CA-7 Continuous Monitoring Protects T1203 Exploitation for Client Execution
CA-7 Continuous Monitoring Protects T1204 User Execution
CA-7 Continuous Monitoring Protects T1204.001 Malicious Link
CA-7 Continuous Monitoring Protects T1204.002 Malicious File
CA-7 Continuous Monitoring Protects T1204.003 Malicious Image
CA-7 Continuous Monitoring Protects T1205 Traffic Signaling
CA-7 Continuous Monitoring Protects T1205.001 Port Knocking
CA-7 Continuous Monitoring Protects T1210 Exploitation of Remote Services
CA-7 Continuous Monitoring Protects T1211 Exploitation for Defense Evasion
CA-7 Continuous Monitoring Protects T1212 Exploitation for Credential Access
CA-7 Continuous Monitoring Protects T1213 Data from Information Repositories
CA-7 Continuous Monitoring Protects T1213.001 Confluence
CA-7 Continuous Monitoring Protects T1213.002 Sharepoint
CA-7 Continuous Monitoring Protects T1218 Signed Binary Proxy Execution
CA-7 Continuous Monitoring Protects T1218.002 Control Panel
CA-7 Continuous Monitoring Protects T1218.010 Regsvr32
CA-7 Continuous Monitoring Protects T1218.011 Rundll32
CA-7 Continuous Monitoring Protects T1218.012 Verclsid
CA-7 Continuous Monitoring Protects T1219 Remote Access Software
CA-7 Continuous Monitoring Protects T1221 Template Injection
CA-7 Continuous Monitoring Protects T1222 File and Directory Permissions Modification
CA-7 Continuous Monitoring Protects T1222.001 Windows File and Directory Permissions Modification
CA-7 Continuous Monitoring Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CA-7 Continuous Monitoring Protects T1489 Service Stop
CA-7 Continuous Monitoring Protects T1498 Network Denial of Service
CA-7 Continuous Monitoring Protects T1498.001 Direct Network Flood
CA-7 Continuous Monitoring Protects T1498.002 Reflection Amplification
CA-7 Continuous Monitoring Protects T1499 Endpoint Denial of Service
CA-7 Continuous Monitoring Protects T1499.001 OS Exhaustion Flood
CA-7 Continuous Monitoring Protects T1499.002 Service Exhaustion Flood
CA-7 Continuous Monitoring Protects T1499.003 Application Exhaustion Flood
CA-7 Continuous Monitoring Protects T1499.004 Application or System Exploitation
CA-7 Continuous Monitoring Protects T1528 Steal Application Access Token
CA-7 Continuous Monitoring Protects T1530 Data from Cloud Storage Object
CA-7 Continuous Monitoring Protects T1537 Transfer Data to Cloud Account
CA-7 Continuous Monitoring Protects T1539 Steal Web Session Cookie
CA-7 Continuous Monitoring Protects T1542.004 ROMMONkit
CA-7 Continuous Monitoring Protects T1542.005 TFTP Boot
CA-7 Continuous Monitoring Protects T1543 Create or Modify System Process
CA-7 Continuous Monitoring Protects T1543.002 Systemd Service
CA-7 Continuous Monitoring Protects T1546.004 Unix Shell Configuration Modification
CA-7 Continuous Monitoring Protects T1546.013 PowerShell Profile
CA-7 Continuous Monitoring Protects T1547.003 Time Providers
CA-7 Continuous Monitoring Protects T1547.011 Plist Modification
CA-7 Continuous Monitoring Protects T1547.013 XDG Autostart Entries
CA-7 Continuous Monitoring Protects T1548 Abuse Elevation Control Mechanism
CA-7 Continuous Monitoring Protects T1548.003 Sudo and Sudo Caching
CA-7 Continuous Monitoring Protects T1550.003 Pass the Ticket
CA-7 Continuous Monitoring Protects T1552 Unsecured Credentials
CA-7 Continuous Monitoring Protects T1552.001 Credentials In Files
CA-7 Continuous Monitoring Protects T1552.002 Credentials in Registry
CA-7 Continuous Monitoring Protects T1552.004 Private Keys
CA-7 Continuous Monitoring Protects T1552.005 Cloud Instance Metadata API
CA-7 Continuous Monitoring Protects T1553.003 SIP and Trust Provider Hijacking
CA-7 Continuous Monitoring Protects T1555 Credentials from Password Stores
CA-7 Continuous Monitoring Protects T1555.001 Keychain
CA-7 Continuous Monitoring Protects T1555.002 Securityd Memory
CA-7 Continuous Monitoring Protects T1556 Modify Authentication Process
CA-7 Continuous Monitoring Protects T1556.001 Domain Controller Authentication
CA-7 Continuous Monitoring Protects T1557 Man-in-the-Middle
CA-7 Continuous Monitoring Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CA-7 Continuous Monitoring Protects T1557.002 ARP Cache Poisoning
CA-7 Continuous Monitoring Protects T1558 Steal or Forge Kerberos Tickets
CA-7 Continuous Monitoring Protects T1558.002 Silver Ticket
CA-7 Continuous Monitoring Protects T1558.003 Kerberoasting
CA-7 Continuous Monitoring Protects T1558.004 AS-REP Roasting
CA-7 Continuous Monitoring Protects T1562 Impair Defenses
CA-7 Continuous Monitoring Protects T1562.001 Disable or Modify Tools
CA-7 Continuous Monitoring Protects T1562.002 Disable Windows Event Logging
CA-7 Continuous Monitoring Protects T1562.004 Disable or Modify System Firewall
CA-7 Continuous Monitoring Protects T1562.006 Indicator Blocking
CA-7 Continuous Monitoring Protects T1563.001 SSH Hijacking
CA-7 Continuous Monitoring Protects T1564.004 NTFS File Attributes
CA-7 Continuous Monitoring Protects T1565 Data Manipulation
CA-7 Continuous Monitoring Protects T1565.001 Stored Data Manipulation
CA-7 Continuous Monitoring Protects T1565.003 Runtime Data Manipulation
CA-7 Continuous Monitoring Protects T1566 Phishing
CA-7 Continuous Monitoring Protects T1566.001 Spearphishing Attachment
CA-7 Continuous Monitoring Protects T1566.002 Spearphishing Link
CA-7 Continuous Monitoring Protects T1566.003 Spearphishing via Service
CA-7 Continuous Monitoring Protects T1568 Dynamic Resolution
CA-7 Continuous Monitoring Protects T1568.002 Domain Generation Algorithms
CA-7 Continuous Monitoring Protects T1569 System Services
CA-7 Continuous Monitoring Protects T1569.002 Service Execution
CA-7 Continuous Monitoring Protects T1570 Lateral Tool Transfer
CA-7 Continuous Monitoring Protects T1571 Non-Standard Port
CA-7 Continuous Monitoring Protects T1572 Protocol Tunneling
CA-7 Continuous Monitoring Protects T1573 Encrypted Channel
CA-7 Continuous Monitoring Protects T1573.001 Symmetric Cryptography
CA-7 Continuous Monitoring Protects T1573.002 Asymmetric Cryptography
CA-7 Continuous Monitoring Protects T1574 Hijack Execution Flow
CA-7 Continuous Monitoring Protects T1574.004 Dylib Hijacking
CA-7 Continuous Monitoring Protects T1574.007 Path Interception by PATH Environment Variable
CA-7 Continuous Monitoring Protects T1574.008 Path Interception by Search Order Hijacking
CA-7 Continuous Monitoring Protects T1574.009 Path Interception by Unquoted Path
CA-7 Continuous Monitoring Protects T1598 Phishing for Information
CA-7 Continuous Monitoring Protects T1598.001 Spearphishing Service
CA-7 Continuous Monitoring Protects T1598.002 Spearphishing Attachment
CA-7 Continuous Monitoring Protects T1598.003 Spearphishing Link
CA-7 Continuous Monitoring Protects T1599 Network Boundary Bridging
CA-7 Continuous Monitoring Protects T1599.001 Network Address Translation Traversal
CA-7 Continuous Monitoring Protects T1602 Data from Configuration Repository
CA-7 Continuous Monitoring Protects T1602.001 SNMP (MIB Dump)
CA-7 Continuous Monitoring Protects T1602.002 Network Device Configuration Dump
CA-8 Penetration Testing Protects T1021.001 Remote Desktop Protocol
CA-8 Penetration Testing Protects T1021.005 VNC
CA-8 Penetration Testing Protects T1053 Scheduled Task/Job
CA-8 Penetration Testing Protects T1053.001 At (Linux)
CA-8 Penetration Testing Protects T1053.002 At (Windows)
CA-8 Penetration Testing Protects T1053.003 Cron
CA-8 Penetration Testing Protects T1053.004 Launchd
CA-8 Penetration Testing Protects T1053.005 Scheduled Task
CA-8 Penetration Testing Protects T1059 Command and Scripting Interpreter
CA-8 Penetration Testing Protects T1068 Exploitation for Privilege Escalation
CA-8 Penetration Testing Protects T1078 Valid Accounts
CA-8 Penetration Testing Protects T1176 Browser Extensions
CA-8 Penetration Testing Protects T1195.003 Compromise Hardware Supply Chain
CA-8 Penetration Testing Protects T1204.003 Malicious Image
CA-8 Penetration Testing Protects T1210 Exploitation of Remote Services
CA-8 Penetration Testing Protects T1211 Exploitation for Defense Evasion
CA-8 Penetration Testing Protects T1212 Exploitation for Credential Access
CA-8 Penetration Testing Protects T1213 Data from Information Repositories
CA-8 Penetration Testing Protects T1213.001 Confluence
CA-8 Penetration Testing Protects T1213.002 Sharepoint
CA-8 Penetration Testing Protects T1482 Domain Trust Discovery
CA-8 Penetration Testing Protects T1484 Domain Policy Modification
CA-8 Penetration Testing Protects T1495 Firmware Corruption
CA-8 Penetration Testing Protects T1505 Server Software Component
CA-8 Penetration Testing Protects T1505.001 SQL Stored Procedures
CA-8 Penetration Testing Protects T1505.002 Transport Agent
CA-8 Penetration Testing Protects T1525 Implant Internal Image
CA-8 Penetration Testing Protects T1528 Steal Application Access Token
CA-8 Penetration Testing Protects T1530 Data from Cloud Storage Object
CA-8 Penetration Testing Protects T1542 Pre-OS Boot
CA-8 Penetration Testing Protects T1542.001 System Firmware
CA-8 Penetration Testing Protects T1542.003 Bootkit
CA-8 Penetration Testing Protects T1542.004 ROMMONkit
CA-8 Penetration Testing Protects T1542.005 TFTP Boot
CA-8 Penetration Testing Protects T1543 Create or Modify System Process
CA-8 Penetration Testing Protects T1543.003 Windows Service
CA-8 Penetration Testing Protects T1548 Abuse Elevation Control Mechanism
CA-8 Penetration Testing Protects T1548.002 Bypass User Account Control
CA-8 Penetration Testing Protects T1550.001 Application Access Token
CA-8 Penetration Testing Protects T1552 Unsecured Credentials
CA-8 Penetration Testing Protects T1552.001 Credentials In Files
CA-8 Penetration Testing Protects T1552.002 Credentials in Registry
CA-8 Penetration Testing Protects T1552.004 Private Keys
CA-8 Penetration Testing Protects T1552.006 Group Policy Preferences
CA-8 Penetration Testing Protects T1553 Subvert Trust Controls
CA-8 Penetration Testing Protects T1553.006 Code Signing Policy Modification
CA-8 Penetration Testing Protects T1554 Compromise Client Software Binary
CA-8 Penetration Testing Protects T1558.004 AS-REP Roasting
CA-8 Penetration Testing Protects T1560 Archive Collected Data
CA-8 Penetration Testing Protects T1560.001 Archive via Utility
CA-8 Penetration Testing Protects T1562 Impair Defenses
CA-8 Penetration Testing Protects T1563 Remote Service Session Hijacking
CA-8 Penetration Testing Protects T1574 Hijack Execution Flow
CA-8 Penetration Testing Protects T1574.001 DLL Search Order Hijacking
CA-8 Penetration Testing Protects T1574.005 Executable Installer File Permissions Weakness
CA-8 Penetration Testing Protects T1574.007 Path Interception by PATH Environment Variable
CA-8 Penetration Testing Protects T1574.008 Path Interception by Search Order Hijacking
CA-8 Penetration Testing Protects T1574.009 Path Interception by Unquoted Path
CA-8 Penetration Testing Protects T1574.010 Services File Permissions Weakness
CA-8 Penetration Testing Protects T1578 Modify Cloud Compute Infrastructure
CA-8 Penetration Testing Protects T1578.001 Create Snapshot
CA-8 Penetration Testing Protects T1578.002 Create Cloud Instance
CA-8 Penetration Testing Protects T1578.003 Delete Cloud Instance
CA-8 Penetration Testing Protects T1601 Modify System Image
CA-8 Penetration Testing Protects T1601.001 Patch System Image
CA-8 Penetration Testing Protects T1601.002 Downgrade System Image
CA-8 Penetration Testing Protects T1612 Build Image on Host
CM-10 Software Usage Restrictions Protects T1546.008 Accessibility Features
CM-10 Software Usage Restrictions Protects T1546.013 PowerShell Profile
CM-10 Software Usage Restrictions Protects T1550.001 Application Access Token
CM-10 Software Usage Restrictions Protects T1553 Subvert Trust Controls
CM-10 Software Usage Restrictions Protects T1553.004 Install Root Certificate
CM-10 Software Usage Restrictions Protects T1559 Inter-Process Communication
CM-10 Software Usage Restrictions Protects T1559.002 Dynamic Data Exchange
CM-11 User-installed Software Protects T1021.005 VNC
CM-11 User-installed Software Protects T1059 Command and Scripting Interpreter
CM-11 User-installed Software Protects T1059.006 Python
CM-11 User-installed Software Protects T1176 Browser Extensions
CM-11 User-installed Software Protects T1195 Supply Chain Compromise
CM-11 User-installed Software Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-11 User-installed Software Protects T1195.002 Compromise Software Supply Chain
CM-11 User-installed Software Protects T1505 Server Software Component
CM-11 User-installed Software Protects T1505.001 SQL Stored Procedures
CM-11 User-installed Software Protects T1505.002 Transport Agent
CM-11 User-installed Software Protects T1543 Create or Modify System Process
CM-11 User-installed Software Protects T1543.001 Launch Agent
CM-11 User-installed Software Protects T1543.002 Systemd Service
CM-11 User-installed Software Protects T1543.003 Windows Service
CM-11 User-installed Software Protects T1543.004 Launch Daemon
CM-11 User-installed Software Protects T1547.013 XDG Autostart Entries
CM-11 User-installed Software Protects T1550.001 Application Access Token
CM-11 User-installed Software Protects T1569 System Services
CM-11 User-installed Software Protects T1569.001 Launchctl
CM-2 Baseline Configuration Protects T1001 Data Obfuscation
CM-2 Baseline Configuration Protects T1001.001 Junk Data
CM-2 Baseline Configuration Protects T1001.002 Steganography
CM-2 Baseline Configuration Protects T1001.003 Protocol Impersonation
CM-2 Baseline Configuration Protects T1003 OS Credential Dumping
CM-2 Baseline Configuration Protects T1003.001 LSASS Memory
CM-2 Baseline Configuration Protects T1003.002 Security Account Manager
CM-2 Baseline Configuration Protects T1003.003 NTDS
CM-2 Baseline Configuration Protects T1003.004 LSA Secrets
CM-2 Baseline Configuration Protects T1003.005 Cached Domain Credentials
CM-2 Baseline Configuration Protects T1003.006 DCSync
CM-2 Baseline Configuration Protects T1003.007 Proc Filesystem
CM-2 Baseline Configuration Protects T1003.008 /etc/passwd and /etc/shadow
CM-2 Baseline Configuration Protects T1008 Fallback Channels
CM-2 Baseline Configuration Protects T1011.001 Exfiltration Over Bluetooth
CM-2 Baseline Configuration Protects T1020.001 Traffic Duplication
CM-2 Baseline Configuration Protects T1021.001 Remote Desktop Protocol
CM-2 Baseline Configuration Protects T1021.002 SMB/Windows Admin Shares
CM-2 Baseline Configuration Protects T1021.003 Distributed Component Object Model
CM-2 Baseline Configuration Protects T1021.004 SSH
CM-2 Baseline Configuration Protects T1021.005 VNC
CM-2 Baseline Configuration Protects T1021.006 Windows Remote Management
CM-2 Baseline Configuration Protects T1029 Scheduled Transfer
CM-2 Baseline Configuration Protects T1030 Data Transfer Size Limits
CM-2 Baseline Configuration Protects T1036 Masquerading
CM-2 Baseline Configuration Protects T1036.001 Invalid Code Signature
CM-2 Baseline Configuration Protects T1036.003 Rename System Utilities
CM-2 Baseline Configuration Protects T1036.005 Match Legitimate Name or Location
CM-2 Baseline Configuration Protects T1037 Boot or Logon Initialization Scripts
CM-2 Baseline Configuration Protects T1037.002 Logon Script (Mac)
CM-2 Baseline Configuration Protects T1037.003 Network Logon Script
CM-2 Baseline Configuration Protects T1037.004 RC Scripts
CM-2 Baseline Configuration Protects T1037.005 Startup Items
CM-2 Baseline Configuration Protects T1046 Network Service Scanning
CM-2 Baseline Configuration Protects T1048 Exfiltration Over Alternative Protocol
CM-2 Baseline Configuration Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-2 Baseline Configuration Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-2 Baseline Configuration Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-2 Baseline Configuration Protects T1052 Exfiltration Over Physical Medium
CM-2 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-2 Baseline Configuration Protects T1053 Scheduled Task/Job
CM-2 Baseline Configuration Protects T1053.002 At (Windows)
CM-2 Baseline Configuration Protects T1053.005 Scheduled Task
CM-2 Baseline Configuration Protects T1059 Command and Scripting Interpreter
CM-2 Baseline Configuration Protects T1059.001 PowerShell
CM-2 Baseline Configuration Protects T1059.002 AppleScript
CM-2 Baseline Configuration Protects T1059.005 Visual Basic
CM-2 Baseline Configuration Protects T1059.007 JavaScript
CM-2 Baseline Configuration Protects T1068 Exploitation for Privilege Escalation
CM-2 Baseline Configuration Protects T1070 Indicator Removal on Host
CM-2 Baseline Configuration Protects T1070.001 Clear Windows Event Logs
CM-2 Baseline Configuration Protects T1070.002 Clear Linux or Mac System Logs
CM-2 Baseline Configuration Protects T1070.003 Clear Command History
CM-2 Baseline Configuration Protects T1071 Application Layer Protocol
CM-2 Baseline Configuration Protects T1071.001 Web Protocols
CM-2 Baseline Configuration Protects T1071.002 File Transfer Protocols
CM-2 Baseline Configuration Protects T1071.003 Mail Protocols
CM-2 Baseline Configuration Protects T1071.004 DNS
CM-2 Baseline Configuration Protects T1072 Software Deployment Tools
CM-2 Baseline Configuration Protects T1080 Taint Shared Content
CM-2 Baseline Configuration Protects T1090 Proxy
CM-2 Baseline Configuration Protects T1090.001 Internal Proxy
CM-2 Baseline Configuration Protects T1090.002 External Proxy
CM-2 Baseline Configuration Protects T1091 Replication Through Removable Media
CM-2 Baseline Configuration Protects T1092 Communication Through Removable Media
CM-2 Baseline Configuration Protects T1095 Non-Application Layer Protocol
CM-2 Baseline Configuration Protects T1098.004 SSH Authorized Keys
CM-2 Baseline Configuration Protects T1102 Web Service
CM-2 Baseline Configuration Protects T1102.001 Dead Drop Resolver
CM-2 Baseline Configuration Protects T1102.002 Bidirectional Communication
CM-2 Baseline Configuration Protects T1102.003 One-Way Communication
CM-2 Baseline Configuration Protects T1104 Multi-Stage Channels
CM-2 Baseline Configuration Protects T1105 Ingress Tool Transfer
CM-2 Baseline Configuration Protects T1110 Brute Force
CM-2 Baseline Configuration Protects T1110.001 Password Guessing
CM-2 Baseline Configuration Protects T1110.002 Password Cracking
CM-2 Baseline Configuration Protects T1110.003 Password Spraying
CM-2 Baseline Configuration Protects T1110.004 Credential Stuffing
CM-2 Baseline Configuration Protects T1111 Two-Factor Authentication Interception
CM-2 Baseline Configuration Protects T1114 Email Collection
CM-2 Baseline Configuration Protects T1114.002 Remote Email Collection
CM-2 Baseline Configuration Protects T1119 Automated Collection
CM-2 Baseline Configuration Protects T1127 Trusted Developer Utilities Proxy Execution
CM-2 Baseline Configuration Protects T1127.001 MSBuild
CM-2 Baseline Configuration Protects T1129 Shared Modules
CM-2 Baseline Configuration Protects T1132 Data Encoding
CM-2 Baseline Configuration Protects T1132.001 Standard Encoding
CM-2 Baseline Configuration Protects T1132.002 Non-Standard Encoding
CM-2 Baseline Configuration Protects T1133 External Remote Services
CM-2 Baseline Configuration Protects T1134.005 SID-History Injection
CM-2 Baseline Configuration Protects T1137 Office Application Startup
CM-2 Baseline Configuration Protects T1137.001 Office Template Macros
CM-2 Baseline Configuration Protects T1137.002 Office Test
CM-2 Baseline Configuration Protects T1137.003 Outlook Forms
CM-2 Baseline Configuration Protects T1137.004 Outlook Home Page
CM-2 Baseline Configuration Protects T1137.005 Outlook Rules
CM-2 Baseline Configuration Protects T1176 Browser Extensions
CM-2 Baseline Configuration Protects T1185 Man in the Browser
CM-2 Baseline Configuration Protects T1187 Forced Authentication
CM-2 Baseline Configuration Protects T1189 Drive-by Compromise
CM-2 Baseline Configuration Protects T1201 Password Policy Discovery
CM-2 Baseline Configuration Protects T1204 User Execution
CM-2 Baseline Configuration Protects T1204.001 Malicious Link
CM-2 Baseline Configuration Protects T1204.002 Malicious File
CM-2 Baseline Configuration Protects T1204.003 Malicious Image
CM-2 Baseline Configuration Protects T1205 Traffic Signaling
CM-2 Baseline Configuration Protects T1210 Exploitation of Remote Services
CM-2 Baseline Configuration Protects T1211 Exploitation for Defense Evasion
CM-2 Baseline Configuration Protects T1212 Exploitation for Credential Access
CM-2 Baseline Configuration Protects T1213 Data from Information Repositories
CM-2 Baseline Configuration Protects T1213.001 Confluence
CM-2 Baseline Configuration Protects T1213.002 Sharepoint
CM-2 Baseline Configuration Protects T1216 Signed Script Proxy Execution
CM-2 Baseline Configuration Protects T1216.001 PubPrn
CM-2 Baseline Configuration Protects T1218 Signed Binary Proxy Execution
CM-2 Baseline Configuration Protects T1218.001 Compiled HTML File
CM-2 Baseline Configuration Protects T1218.002 Control Panel
CM-2 Baseline Configuration Protects T1218.003 CMSTP
CM-2 Baseline Configuration Protects T1218.004 InstallUtil
CM-2 Baseline Configuration Protects T1218.005 Mshta
CM-2 Baseline Configuration Protects T1218.007 Msiexec
CM-2 Baseline Configuration Protects T1218.008 Odbcconf
CM-2 Baseline Configuration Protects T1218.009 Regsvcs/Regasm
CM-2 Baseline Configuration Protects T1218.012 Verclsid
CM-2 Baseline Configuration Protects T1219 Remote Access Software
CM-2 Baseline Configuration Protects T1220 XSL Script Processing
CM-2 Baseline Configuration Protects T1221 Template Injection
CM-2 Baseline Configuration Protects T1484 Domain Policy Modification
CM-2 Baseline Configuration Protects T1485 Data Destruction
CM-2 Baseline Configuration Protects T1486 Data Encrypted for Impact
CM-2 Baseline Configuration Protects T1490 Inhibit System Recovery
CM-2 Baseline Configuration Protects T1491 Defacement
CM-2 Baseline Configuration Protects T1491.001 Internal Defacement
CM-2 Baseline Configuration Protects T1491.002 External Defacement
CM-2 Baseline Configuration Protects T1505 Server Software Component
CM-2 Baseline Configuration Protects T1505.001 SQL Stored Procedures
CM-2 Baseline Configuration Protects T1505.002 Transport Agent
CM-2 Baseline Configuration Protects T1525 Implant Internal Image
CM-2 Baseline Configuration Protects T1528 Steal Application Access Token
CM-2 Baseline Configuration Protects T1530 Data from Cloud Storage Object
CM-2 Baseline Configuration Protects T1539 Steal Web Session Cookie
CM-2 Baseline Configuration Protects T1542.004 ROMMONkit
CM-2 Baseline Configuration Protects T1542.005 TFTP Boot
CM-2 Baseline Configuration Protects T1543 Create or Modify System Process
CM-2 Baseline Configuration Protects T1543.002 Systemd Service
CM-2 Baseline Configuration Protects T1543.003 Windows Service
CM-2 Baseline Configuration Protects T1546 Event Triggered Execution
CM-2 Baseline Configuration Protects T1546.002 Screensaver
CM-2 Baseline Configuration Protects T1546.004 Unix Shell Configuration Modification
CM-2 Baseline Configuration Protects T1546.006 LC_LOAD_DYLIB Addition
CM-2 Baseline Configuration Protects T1546.010 AppInit DLLs
CM-2 Baseline Configuration Protects T1546.013 PowerShell Profile
CM-2 Baseline Configuration Protects T1546.014 Emond
CM-2 Baseline Configuration Protects T1547.003 Time Providers
CM-2 Baseline Configuration Protects T1547.007 Re-opened Applications
CM-2 Baseline Configuration Protects T1547.008 LSASS Driver
CM-2 Baseline Configuration Protects T1547.011 Plist Modification
CM-2 Baseline Configuration Protects T1547.013 XDG Autostart Entries
CM-2 Baseline Configuration Protects T1548 Abuse Elevation Control Mechanism
CM-2 Baseline Configuration Protects T1548.002 Bypass User Account Control
CM-2 Baseline Configuration Protects T1548.003 Sudo and Sudo Caching
CM-2 Baseline Configuration Protects T1548.004 Elevated Execution with Prompt
CM-2 Baseline Configuration Protects T1550.001 Application Access Token
CM-2 Baseline Configuration Protects T1550.003 Pass the Ticket
CM-2 Baseline Configuration Protects T1552 Unsecured Credentials
CM-2 Baseline Configuration Protects T1552.001 Credentials In Files
CM-2 Baseline Configuration Protects T1552.004 Private Keys
CM-2 Baseline Configuration Protects T1552.006 Group Policy Preferences
CM-2 Baseline Configuration Protects T1553 Subvert Trust Controls
CM-2 Baseline Configuration Protects T1553.001 Gatekeeper Bypass
CM-2 Baseline Configuration Protects T1553.003 SIP and Trust Provider Hijacking
CM-2 Baseline Configuration Protects T1553.005 Mark-of-the-Web Bypass
CM-2 Baseline Configuration Protects T1554 Compromise Client Software Binary
CM-2 Baseline Configuration Protects T1555.004 Windows Credential Manager
CM-2 Baseline Configuration Protects T1555.005 Password Managers
CM-2 Baseline Configuration Protects T1556 Modify Authentication Process
CM-2 Baseline Configuration Protects T1556.004 Network Device Authentication
CM-2 Baseline Configuration Protects T1557 Man-in-the-Middle
CM-2 Baseline Configuration Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-2 Baseline Configuration Protects T1557.002 ARP Cache Poisoning
CM-2 Baseline Configuration Protects T1558 Steal or Forge Kerberos Tickets
CM-2 Baseline Configuration Protects T1558.001 Golden Ticket
CM-2 Baseline Configuration Protects T1558.002 Silver Ticket
CM-2 Baseline Configuration Protects T1558.003 Kerberoasting
CM-2 Baseline Configuration Protects T1558.004 AS-REP Roasting
CM-2 Baseline Configuration Protects T1559 Inter-Process Communication
CM-2 Baseline Configuration Protects T1559.001 Component Object Model
CM-2 Baseline Configuration Protects T1559.002 Dynamic Data Exchange
CM-2 Baseline Configuration Protects T1561 Disk Wipe
CM-2 Baseline Configuration Protects T1561.001 Disk Content Wipe
CM-2 Baseline Configuration Protects T1561.002 Disk Structure Wipe
CM-2 Baseline Configuration Protects T1562 Impair Defenses
CM-2 Baseline Configuration Protects T1562.001 Disable or Modify Tools
CM-2 Baseline Configuration Protects T1562.002 Disable Windows Event Logging
CM-2 Baseline Configuration Protects T1562.003 Impair Command History Logging
CM-2 Baseline Configuration Protects T1562.004 Disable or Modify System Firewall
CM-2 Baseline Configuration Protects T1562.006 Indicator Blocking
CM-2 Baseline Configuration Protects T1563 Remote Service Session Hijacking
CM-2 Baseline Configuration Protects T1563.001 SSH Hijacking
CM-2 Baseline Configuration Protects T1563.002 RDP Hijacking
CM-2 Baseline Configuration Protects T1564.006 Run Virtual Instance
CM-2 Baseline Configuration Protects T1564.007 VBA Stomping
CM-2 Baseline Configuration Protects T1565 Data Manipulation
CM-2 Baseline Configuration Protects T1565.001 Stored Data Manipulation
CM-2 Baseline Configuration Protects T1565.002 Transmitted Data Manipulation
CM-2 Baseline Configuration Protects T1566 Phishing
CM-2 Baseline Configuration Protects T1566.001 Spearphishing Attachment
CM-2 Baseline Configuration Protects T1566.002 Spearphishing Link
CM-2 Baseline Configuration Protects T1569 System Services
CM-2 Baseline Configuration Protects T1569.002 Service Execution
CM-2 Baseline Configuration Protects T1570 Lateral Tool Transfer
CM-2 Baseline Configuration Protects T1571 Non-Standard Port
CM-2 Baseline Configuration Protects T1572 Protocol Tunneling
CM-2 Baseline Configuration Protects T1573 Encrypted Channel
CM-2 Baseline Configuration Protects T1573.001 Symmetric Cryptography
CM-2 Baseline Configuration Protects T1573.002 Asymmetric Cryptography
CM-2 Baseline Configuration Protects T1574 Hijack Execution Flow
CM-2 Baseline Configuration Protects T1574.001 DLL Search Order Hijacking
CM-2 Baseline Configuration Protects T1574.004 Dylib Hijacking
CM-2 Baseline Configuration Protects T1574.005 Executable Installer File Permissions Weakness
CM-2 Baseline Configuration Protects T1574.007 Path Interception by PATH Environment Variable
CM-2 Baseline Configuration Protects T1574.008 Path Interception by Search Order Hijacking
CM-2 Baseline Configuration Protects T1574.009 Path Interception by Unquoted Path
CM-2 Baseline Configuration Protects T1574.010 Services File Permissions Weakness
CM-2 Baseline Configuration Protects T1598 Phishing for Information
CM-2 Baseline Configuration Protects T1598.002 Spearphishing Attachment
CM-2 Baseline Configuration Protects T1598.003 Spearphishing Link
CM-2 Baseline Configuration Protects T1599 Network Boundary Bridging
CM-2 Baseline Configuration Protects T1599.001 Network Address Translation Traversal
CM-2 Baseline Configuration Protects T1601 Modify System Image
CM-2 Baseline Configuration Protects T1601.001 Patch System Image
CM-2 Baseline Configuration Protects T1601.002 Downgrade System Image
CM-2 Baseline Configuration Protects T1602 Data from Configuration Repository
CM-2 Baseline Configuration Protects T1602.001 SNMP (MIB Dump)
CM-2 Baseline Configuration Protects T1602.002 Network Device Configuration Dump
CM-3 Configuration Change Control Protects T1021.005 VNC
CM-3 Configuration Change Control Protects T1059.006 Python
CM-3 Configuration Change Control Protects T1176 Browser Extensions
CM-3 Configuration Change Control Protects T1195.003 Compromise Hardware Supply Chain
CM-3 Configuration Change Control Protects T1213 Data from Information Repositories
CM-3 Configuration Change Control Protects T1213.001 Confluence
CM-3 Configuration Change Control Protects T1213.002 Sharepoint
CM-3 Configuration Change Control Protects T1495 Firmware Corruption
CM-3 Configuration Change Control Protects T1542 Pre-OS Boot
CM-3 Configuration Change Control Protects T1542.001 System Firmware
CM-3 Configuration Change Control Protects T1542.003 Bootkit
CM-3 Configuration Change Control Protects T1542.004 ROMMONkit
CM-3 Configuration Change Control Protects T1542.005 TFTP Boot
CM-3 Configuration Change Control Protects T1543 Create or Modify System Process
CM-3 Configuration Change Control Protects T1543.002 Systemd Service
CM-3 Configuration Change Control Protects T1547.007 Re-opened Applications
CM-3 Configuration Change Control Protects T1547.011 Plist Modification
CM-3 Configuration Change Control Protects T1547.013 XDG Autostart Entries
CM-3 Configuration Change Control Protects T1553 Subvert Trust Controls
CM-3 Configuration Change Control Protects T1553.006 Code Signing Policy Modification
CM-3 Configuration Change Control Protects T1601 Modify System Image
CM-3 Configuration Change Control Protects T1601.001 Patch System Image
CM-3 Configuration Change Control Protects T1601.002 Downgrade System Image
CM-5 Access Restrictions for Change Protects T1003 OS Credential Dumping
CM-5 Access Restrictions for Change Protects T1003.001 LSASS Memory
CM-5 Access Restrictions for Change Protects T1003.002 Security Account Manager
CM-5 Access Restrictions for Change Protects T1003.003 NTDS
CM-5 Access Restrictions for Change Protects T1003.004 LSA Secrets
CM-5 Access Restrictions for Change Protects T1003.005 Cached Domain Credentials
CM-5 Access Restrictions for Change Protects T1003.006 DCSync
CM-5 Access Restrictions for Change Protects T1003.007 Proc Filesystem
CM-5 Access Restrictions for Change Protects T1003.008 /etc/passwd and /etc/shadow
CM-5 Access Restrictions for Change Protects T1021 Remote Services
CM-5 Access Restrictions for Change Protects T1021.001 Remote Desktop Protocol
CM-5 Access Restrictions for Change Protects T1021.002 SMB/Windows Admin Shares
CM-5 Access Restrictions for Change Protects T1021.003 Distributed Component Object Model
CM-5 Access Restrictions for Change Protects T1021.004 SSH
CM-5 Access Restrictions for Change Protects T1021.005 VNC
CM-5 Access Restrictions for Change Protects T1021.006 Windows Remote Management
CM-5 Access Restrictions for Change Protects T1047 Windows Management Instrumentation
CM-5 Access Restrictions for Change Protects T1053 Scheduled Task/Job
CM-5 Access Restrictions for Change Protects T1053.001 At (Linux)
CM-5 Access Restrictions for Change Protects T1053.002 At (Windows)
CM-5 Access Restrictions for Change Protects T1053.003 Cron
CM-5 Access Restrictions for Change Protects T1053.004 Launchd
CM-5 Access Restrictions for Change Protects T1053.005 Scheduled Task
CM-5 Access Restrictions for Change Protects T1053.006 Systemd Timers
CM-5 Access Restrictions for Change Protects T1053.007 Container Orchestration Job
CM-5 Access Restrictions for Change Protects T1055 Process Injection
CM-5 Access Restrictions for Change Protects T1055.008 Ptrace System Calls
CM-5 Access Restrictions for Change Protects T1056.003 Web Portal Capture
CM-5 Access Restrictions for Change Protects T1059 Command and Scripting Interpreter
CM-5 Access Restrictions for Change Protects T1059.001 PowerShell
CM-5 Access Restrictions for Change Protects T1059.006 Python
CM-5 Access Restrictions for Change Protects T1059.008 Network Device CLI
CM-5 Access Restrictions for Change Protects T1072 Software Deployment Tools
CM-5 Access Restrictions for Change Protects T1078 Valid Accounts
CM-5 Access Restrictions for Change Protects T1078.002 Domain Accounts
CM-5 Access Restrictions for Change Protects T1078.003 Local Accounts
CM-5 Access Restrictions for Change Protects T1078.004 Cloud Accounts
CM-5 Access Restrictions for Change Protects T1098 Account Manipulation
CM-5 Access Restrictions for Change Protects T1098.001 Additional Cloud Credentials
CM-5 Access Restrictions for Change Protects T1098.002 Exchange Email Delegate Permissions
CM-5 Access Restrictions for Change Protects T1098.003 Add Office 365 Global Administrator Role
CM-5 Access Restrictions for Change Protects T1134 Access Token Manipulation
CM-5 Access Restrictions for Change Protects T1134.001 Token Impersonation/Theft
CM-5 Access Restrictions for Change Protects T1134.002 Create Process with Token
CM-5 Access Restrictions for Change Protects T1134.003 Make and Impersonate Token
CM-5 Access Restrictions for Change Protects T1136 Create Account
CM-5 Access Restrictions for Change Protects T1136.001 Local Account
CM-5 Access Restrictions for Change Protects T1136.002 Domain Account
CM-5 Access Restrictions for Change Protects T1136.003 Cloud Account
CM-5 Access Restrictions for Change Protects T1137.002 Office Test
CM-5 Access Restrictions for Change Protects T1176 Browser Extensions
CM-5 Access Restrictions for Change Protects T1185 Man in the Browser
CM-5 Access Restrictions for Change Protects T1190 Exploit Public-Facing Application
CM-5 Access Restrictions for Change Protects T1195.003 Compromise Hardware Supply Chain
CM-5 Access Restrictions for Change Protects T1197 BITS Jobs
CM-5 Access Restrictions for Change Protects T1210 Exploitation of Remote Services
CM-5 Access Restrictions for Change Protects T1213 Data from Information Repositories
CM-5 Access Restrictions for Change Protects T1213.001 Confluence
CM-5 Access Restrictions for Change Protects T1213.002 Sharepoint
CM-5 Access Restrictions for Change Protects T1218 Signed Binary Proxy Execution
CM-5 Access Restrictions for Change Protects T1218.007 Msiexec
CM-5 Access Restrictions for Change Protects T1222 File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1222.001 Windows File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1484 Domain Policy Modification
CM-5 Access Restrictions for Change Protects T1489 Service Stop
CM-5 Access Restrictions for Change Protects T1495 Firmware Corruption
CM-5 Access Restrictions for Change Protects T1505 Server Software Component
CM-5 Access Restrictions for Change Protects T1505.001 SQL Stored Procedures
CM-5 Access Restrictions for Change Protects T1505.002 Transport Agent
CM-5 Access Restrictions for Change Protects T1525 Implant Internal Image
CM-5 Access Restrictions for Change Protects T1528 Steal Application Access Token
CM-5 Access Restrictions for Change Protects T1530 Data from Cloud Storage Object
CM-5 Access Restrictions for Change Protects T1537 Transfer Data to Cloud Account
CM-5 Access Restrictions for Change Protects T1542 Pre-OS Boot
CM-5 Access Restrictions for Change Protects T1542.001 System Firmware
CM-5 Access Restrictions for Change Protects T1542.003 Bootkit
CM-5 Access Restrictions for Change Protects T1542.004 ROMMONkit
CM-5 Access Restrictions for Change Protects T1542.005 TFTP Boot
CM-5 Access Restrictions for Change Protects T1543 Create or Modify System Process
CM-5 Access Restrictions for Change Protects T1543.001 Launch Agent
CM-5 Access Restrictions for Change Protects T1543.002 Systemd Service
CM-5 Access Restrictions for Change Protects T1543.003 Windows Service
CM-5 Access Restrictions for Change Protects T1543.004 Launch Daemon
CM-5 Access Restrictions for Change Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-5 Access Restrictions for Change Protects T1547.003 Time Providers
CM-5 Access Restrictions for Change Protects T1547.004 Winlogon Helper DLL
CM-5 Access Restrictions for Change Protects T1547.006 Kernel Modules and Extensions
CM-5 Access Restrictions for Change Protects T1547.007 Re-opened Applications
CM-5 Access Restrictions for Change Protects T1547.009 Shortcut Modification
CM-5 Access Restrictions for Change Protects T1547.011 Plist Modification
CM-5 Access Restrictions for Change Protects T1547.012 Print Processors
CM-5 Access Restrictions for Change Protects T1547.013 XDG Autostart Entries
CM-5 Access Restrictions for Change Protects T1548 Abuse Elevation Control Mechanism
CM-5 Access Restrictions for Change Protects T1548.002 Bypass User Account Control
CM-5 Access Restrictions for Change Protects T1548.003 Sudo and Sudo Caching
CM-5 Access Restrictions for Change Protects T1550 Use Alternate Authentication Material
CM-5 Access Restrictions for Change Protects T1550.002 Pass the Hash
CM-5 Access Restrictions for Change Protects T1550.003 Pass the Ticket
CM-5 Access Restrictions for Change Protects T1552 Unsecured Credentials
CM-5 Access Restrictions for Change Protects T1552.002 Credentials in Registry
CM-5 Access Restrictions for Change Protects T1552.007 Container API
CM-5 Access Restrictions for Change Protects T1553 Subvert Trust Controls
CM-5 Access Restrictions for Change Protects T1553.006 Code Signing Policy Modification
CM-5 Access Restrictions for Change Protects T1556 Modify Authentication Process
CM-5 Access Restrictions for Change Protects T1556.001 Domain Controller Authentication
CM-5 Access Restrictions for Change Protects T1556.003 Pluggable Authentication Modules
CM-5 Access Restrictions for Change Protects T1556.004 Network Device Authentication
CM-5 Access Restrictions for Change Protects T1558 Steal or Forge Kerberos Tickets
CM-5 Access Restrictions for Change Protects T1558.001 Golden Ticket
CM-5 Access Restrictions for Change Protects T1558.002 Silver Ticket
CM-5 Access Restrictions for Change Protects T1558.003 Kerberoasting
CM-5 Access Restrictions for Change Protects T1559 Inter-Process Communication
CM-5 Access Restrictions for Change Protects T1559.001 Component Object Model
CM-5 Access Restrictions for Change Protects T1562 Impair Defenses
CM-5 Access Restrictions for Change Protects T1562.001 Disable or Modify Tools
CM-5 Access Restrictions for Change Protects T1562.002 Disable Windows Event Logging
CM-5 Access Restrictions for Change Protects T1562.004 Disable or Modify System Firewall
CM-5 Access Restrictions for Change Protects T1562.006 Indicator Blocking
CM-5 Access Restrictions for Change Protects T1562.007 Disable or Modify Cloud Firewall
CM-5 Access Restrictions for Change Protects T1562.008 Disable Cloud Logs
CM-5 Access Restrictions for Change Protects T1563 Remote Service Session Hijacking
CM-5 Access Restrictions for Change Protects T1563.001 SSH Hijacking
CM-5 Access Restrictions for Change Protects T1563.002 RDP Hijacking
CM-5 Access Restrictions for Change Protects T1569 System Services
CM-5 Access Restrictions for Change Protects T1569.001 Launchctl
CM-5 Access Restrictions for Change Protects T1569.002 Service Execution
CM-5 Access Restrictions for Change Protects T1574 Hijack Execution Flow
CM-5 Access Restrictions for Change Protects T1574.005 Executable Installer File Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.010 Services File Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.011 Services Registry Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.012 COR_PROFILER
CM-5 Access Restrictions for Change Protects T1578 Modify Cloud Compute Infrastructure
CM-5 Access Restrictions for Change Protects T1578.001 Create Snapshot
CM-5 Access Restrictions for Change Protects T1578.002 Create Cloud Instance
CM-5 Access Restrictions for Change Protects T1578.003 Delete Cloud Instance
CM-5 Access Restrictions for Change Protects T1599 Network Boundary Bridging
CM-5 Access Restrictions for Change Protects T1599.001 Network Address Translation Traversal
CM-5 Access Restrictions for Change Protects T1601 Modify System Image
CM-5 Access Restrictions for Change Protects T1601.001 Patch System Image
CM-5 Access Restrictions for Change Protects T1601.002 Downgrade System Image
CM-5 Access Restrictions for Change Protects T1611 Escape to Host
CM-6 Configuration Settings Protects T1001 Data Obfuscation
CM-6 Configuration Settings Protects T1001.001 Junk Data
CM-6 Configuration Settings Protects T1001.002 Steganography
CM-6 Configuration Settings Protects T1001.003 Protocol Impersonation
CM-6 Configuration Settings Protects T1003 OS Credential Dumping
CM-6 Configuration Settings Protects T1003.001 LSASS Memory
CM-6 Configuration Settings Protects T1003.002 Security Account Manager
CM-6 Configuration Settings Protects T1003.003 NTDS
CM-6 Configuration Settings Protects T1003.004 LSA Secrets
CM-6 Configuration Settings Protects T1003.005 Cached Domain Credentials
CM-6 Configuration Settings Protects T1003.006 DCSync
CM-6 Configuration Settings Protects T1003.007 Proc Filesystem
CM-6 Configuration Settings Protects T1003.008 /etc/passwd and /etc/shadow
CM-6 Configuration Settings Protects T1008 Fallback Channels
CM-6 Configuration Settings Protects T1011 Exfiltration Over Other Network Medium
CM-6 Configuration Settings Protects T1011.001 Exfiltration Over Bluetooth
CM-6 Configuration Settings Protects T1020.001 Traffic Duplication
CM-6 Configuration Settings Protects T1021 Remote Services
CM-6 Configuration Settings Protects T1021.001 Remote Desktop Protocol
CM-6 Configuration Settings Protects T1021.002 SMB/Windows Admin Shares
CM-6 Configuration Settings Protects T1021.003 Distributed Component Object Model
CM-6 Configuration Settings Protects T1021.004 SSH
CM-6 Configuration Settings Protects T1021.005 VNC
CM-6 Configuration Settings Protects T1021.006 Windows Remote Management
CM-6 Configuration Settings Protects T1029 Scheduled Transfer
CM-6 Configuration Settings Protects T1030 Data Transfer Size Limits
CM-6 Configuration Settings Protects T1036 Masquerading
CM-6 Configuration Settings Protects T1036.001 Invalid Code Signature
CM-6 Configuration Settings Protects T1036.003 Rename System Utilities
CM-6 Configuration Settings Protects T1036.005 Match Legitimate Name or Location
CM-6 Configuration Settings Protects T1037 Boot or Logon Initialization Scripts
CM-6 Configuration Settings Protects T1037.002 Logon Script (Mac)
CM-6 Configuration Settings Protects T1037.003 Network Logon Script
CM-6 Configuration Settings Protects T1037.004 RC Scripts
CM-6 Configuration Settings Protects T1037.005 Startup Items
CM-6 Configuration Settings Protects T1046 Network Service Scanning
CM-6 Configuration Settings Protects T1047 Windows Management Instrumentation
CM-6 Configuration Settings Protects T1048 Exfiltration Over Alternative Protocol
CM-6 Configuration Settings Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-6 Configuration Settings Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-6 Configuration Settings Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-6 Configuration Settings Protects T1052 Exfiltration Over Physical Medium
CM-6 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-6 Configuration Settings Protects T1053 Scheduled Task/Job
CM-6 Configuration Settings Protects T1053.002 At (Windows)
CM-6 Configuration Settings Protects T1053.005 Scheduled Task
CM-6 Configuration Settings Protects T1055 Process Injection
CM-6 Configuration Settings Protects T1055.008 Ptrace System Calls
CM-6 Configuration Settings Protects T1056.003 Web Portal Capture
CM-6 Configuration Settings Protects T1059 Command and Scripting Interpreter
CM-6 Configuration Settings Protects T1059.001 PowerShell
CM-6 Configuration Settings Protects T1059.002 AppleScript
CM-6 Configuration Settings Protects T1059.005 Visual Basic
CM-6 Configuration Settings Protects T1059.007 JavaScript
CM-6 Configuration Settings Protects T1059.008 Network Device CLI
CM-6 Configuration Settings Protects T1068 Exploitation for Privilege Escalation
CM-6 Configuration Settings Protects T1070 Indicator Removal on Host
CM-6 Configuration Settings Protects T1070.001 Clear Windows Event Logs
CM-6 Configuration Settings Protects T1070.002 Clear Linux or Mac System Logs
CM-6 Configuration Settings Protects T1070.003 Clear Command History
CM-6 Configuration Settings Protects T1071 Application Layer Protocol
CM-6 Configuration Settings Protects T1071.001 Web Protocols
CM-6 Configuration Settings Protects T1071.002 File Transfer Protocols
CM-6 Configuration Settings Protects T1071.003 Mail Protocols
CM-6 Configuration Settings Protects T1071.004 DNS
CM-6 Configuration Settings Protects T1072 Software Deployment Tools
CM-6 Configuration Settings Protects T1078 Valid Accounts
CM-6 Configuration Settings Protects T1078.002 Domain Accounts
CM-6 Configuration Settings Protects T1078.003 Local Accounts
CM-6 Configuration Settings Protects T1078.004 Cloud Accounts
CM-6 Configuration Settings Protects T1087 Account Discovery
CM-6 Configuration Settings Protects T1087.001 Local Account
CM-6 Configuration Settings Protects T1087.002 Domain Account
CM-6 Configuration Settings Protects T1090 Proxy
CM-6 Configuration Settings Protects T1090.001 Internal Proxy
CM-6 Configuration Settings Protects T1090.002 External Proxy
CM-6 Configuration Settings Protects T1090.003 Multi-hop Proxy
CM-6 Configuration Settings Protects T1091 Replication Through Removable Media
CM-6 Configuration Settings Protects T1092 Communication Through Removable Media
CM-6 Configuration Settings Protects T1095 Non-Application Layer Protocol
CM-6 Configuration Settings Protects T1098 Account Manipulation
CM-6 Configuration Settings Protects T1098.001 Additional Cloud Credentials
CM-6 Configuration Settings Protects T1098.002 Exchange Email Delegate Permissions
CM-6 Configuration Settings Protects T1098.003 Add Office 365 Global Administrator Role
CM-6 Configuration Settings Protects T1098.004 SSH Authorized Keys
CM-6 Configuration Settings Protects T1102 Web Service
CM-6 Configuration Settings Protects T1102.001 Dead Drop Resolver
CM-6 Configuration Settings Protects T1102.002 Bidirectional Communication
CM-6 Configuration Settings Protects T1102.003 One-Way Communication
CM-6 Configuration Settings Protects T1104 Multi-Stage Channels
CM-6 Configuration Settings Protects T1105 Ingress Tool Transfer
CM-6 Configuration Settings Protects T1110 Brute Force
CM-6 Configuration Settings Protects T1110.001 Password Guessing
CM-6 Configuration Settings Protects T1110.002 Password Cracking
CM-6 Configuration Settings Protects T1110.003 Password Spraying
CM-6 Configuration Settings Protects T1110.004 Credential Stuffing
CM-6 Configuration Settings Protects T1111 Two-Factor Authentication Interception
CM-6 Configuration Settings Protects T1114 Email Collection
CM-6 Configuration Settings Protects T1114.002 Remote Email Collection
CM-6 Configuration Settings Protects T1119 Automated Collection
CM-6 Configuration Settings Protects T1127 Trusted Developer Utilities Proxy Execution
CM-6 Configuration Settings Protects T1127.001 MSBuild
CM-6 Configuration Settings Protects T1132 Data Encoding
CM-6 Configuration Settings Protects T1132.001 Standard Encoding
CM-6 Configuration Settings Protects T1132.002 Non-Standard Encoding
CM-6 Configuration Settings Protects T1133 External Remote Services
CM-6 Configuration Settings Protects T1134 Access Token Manipulation
CM-6 Configuration Settings Protects T1134.001 Token Impersonation/Theft
CM-6 Configuration Settings Protects T1134.002 Create Process with Token
CM-6 Configuration Settings Protects T1134.003 Make and Impersonate Token
CM-6 Configuration Settings Protects T1134.005 SID-History Injection
CM-6 Configuration Settings Protects T1135 Network Share Discovery
CM-6 Configuration Settings Protects T1136 Create Account
CM-6 Configuration Settings Protects T1136.001 Local Account
CM-6 Configuration Settings Protects T1136.002 Domain Account
CM-6 Configuration Settings Protects T1136.003 Cloud Account
CM-6 Configuration Settings Protects T1137 Office Application Startup
CM-6 Configuration Settings Protects T1137.001 Office Template Macros
CM-6 Configuration Settings Protects T1176 Browser Extensions
CM-6 Configuration Settings Protects T1187 Forced Authentication
CM-6 Configuration Settings Protects T1189 Drive-by Compromise
CM-6 Configuration Settings Protects T1190 Exploit Public-Facing Application
CM-6 Configuration Settings Protects T1197 BITS Jobs
CM-6 Configuration Settings Protects T1199 Trusted Relationship
CM-6 Configuration Settings Protects T1201 Password Policy Discovery
CM-6 Configuration Settings Protects T1204 User Execution
CM-6 Configuration Settings Protects T1204.001 Malicious Link
CM-6 Configuration Settings Protects T1204.002 Malicious File
CM-6 Configuration Settings Protects T1204.003 Malicious Image
CM-6 Configuration Settings Protects T1205 Traffic Signaling
CM-6 Configuration Settings Protects T1205.001 Port Knocking
CM-6 Configuration Settings Protects T1210 Exploitation of Remote Services
CM-6 Configuration Settings Protects T1211 Exploitation for Defense Evasion
CM-6 Configuration Settings Protects T1212 Exploitation for Credential Access
CM-6 Configuration Settings Protects T1213 Data from Information Repositories
CM-6 Configuration Settings Protects T1213.001 Confluence
CM-6 Configuration Settings Protects T1213.002 Sharepoint
CM-6 Configuration Settings Protects T1216 Signed Script Proxy Execution
CM-6 Configuration Settings Protects T1216.001 PubPrn
CM-6 Configuration Settings Protects T1218 Signed Binary Proxy Execution
CM-6 Configuration Settings Protects T1218.001 Compiled HTML File
CM-6 Configuration Settings Protects T1218.002 Control Panel
CM-6 Configuration Settings Protects T1218.003 CMSTP
CM-6 Configuration Settings Protects T1218.004 InstallUtil
CM-6 Configuration Settings Protects T1218.005 Mshta
CM-6 Configuration Settings Protects T1218.007 Msiexec
CM-6 Configuration Settings Protects T1218.008 Odbcconf
CM-6 Configuration Settings Protects T1218.009 Regsvcs/Regasm
CM-6 Configuration Settings Protects T1218.012 Verclsid
CM-6 Configuration Settings Protects T1219 Remote Access Software
CM-6 Configuration Settings Protects T1220 XSL Script Processing
CM-6 Configuration Settings Protects T1221 Template Injection
CM-6 Configuration Settings Protects T1222 File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1222.001 Windows File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1482 Domain Trust Discovery
CM-6 Configuration Settings Protects T1484 Domain Policy Modification
CM-6 Configuration Settings Protects T1489 Service Stop
CM-6 Configuration Settings Protects T1490 Inhibit System Recovery
CM-6 Configuration Settings Protects T1495 Firmware Corruption
CM-6 Configuration Settings Protects T1498 Network Denial of Service
CM-6 Configuration Settings Protects T1498.001 Direct Network Flood
CM-6 Configuration Settings Protects T1498.002 Reflection Amplification
CM-6 Configuration Settings Protects T1499 Endpoint Denial of Service
CM-6 Configuration Settings Protects T1499.001 OS Exhaustion Flood
CM-6 Configuration Settings Protects T1499.002 Service Exhaustion Flood
CM-6 Configuration Settings Protects T1499.003 Application Exhaustion Flood
CM-6 Configuration Settings Protects T1499.004 Application or System Exploitation
CM-6 Configuration Settings Protects T1505 Server Software Component
CM-6 Configuration Settings Protects T1505.001 SQL Stored Procedures
CM-6 Configuration Settings Protects T1505.002 Transport Agent
CM-6 Configuration Settings Protects T1525 Implant Internal Image
CM-6 Configuration Settings Protects T1528 Steal Application Access Token
CM-6 Configuration Settings Protects T1530 Data from Cloud Storage Object
CM-6 Configuration Settings Protects T1537 Transfer Data to Cloud Account
CM-6 Configuration Settings Protects T1539 Steal Web Session Cookie
CM-6 Configuration Settings Protects T1542 Pre-OS Boot
CM-6 Configuration Settings Protects T1542.001 System Firmware
CM-6 Configuration Settings Protects T1542.003 Bootkit
CM-6 Configuration Settings Protects T1542.004 ROMMONkit
CM-6 Configuration Settings Protects T1542.005 TFTP Boot
CM-6 Configuration Settings Protects T1543 Create or Modify System Process
CM-6 Configuration Settings Protects T1543.002 Systemd Service
CM-6 Configuration Settings Protects T1543.003 Windows Service
CM-6 Configuration Settings Protects T1546 Event Triggered Execution
CM-6 Configuration Settings Protects T1546.002 Screensaver
CM-6 Configuration Settings Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-6 Configuration Settings Protects T1546.004 Unix Shell Configuration Modification
CM-6 Configuration Settings Protects T1546.006 LC_LOAD_DYLIB Addition
CM-6 Configuration Settings Protects T1546.008 Accessibility Features
CM-6 Configuration Settings Protects T1546.013 PowerShell Profile
CM-6 Configuration Settings Protects T1546.014 Emond
CM-6 Configuration Settings Protects T1547.002 Authentication Package
CM-6 Configuration Settings Protects T1547.003 Time Providers
CM-6 Configuration Settings Protects T1547.005 Security Support Provider
CM-6 Configuration Settings Protects T1547.006 Kernel Modules and Extensions
CM-6 Configuration Settings Protects T1547.007 Re-opened Applications
CM-6 Configuration Settings Protects T1547.008 LSASS Driver
CM-6 Configuration Settings Protects T1547.011 Plist Modification
CM-6 Configuration Settings Protects T1547.013 XDG Autostart Entries
CM-6 Configuration Settings Protects T1548 Abuse Elevation Control Mechanism
CM-6 Configuration Settings Protects T1548.001 Setuid and Setgid
CM-6 Configuration Settings Protects T1548.002 Bypass User Account Control
CM-6 Configuration Settings Protects T1548.003 Sudo and Sudo Caching
CM-6 Configuration Settings Protects T1548.004 Elevated Execution with Prompt
CM-6 Configuration Settings Protects T1550 Use Alternate Authentication Material
CM-6 Configuration Settings Protects T1550.001 Application Access Token
CM-6 Configuration Settings Protects T1550.002 Pass the Hash
CM-6 Configuration Settings Protects T1550.003 Pass the Ticket
CM-6 Configuration Settings Protects T1552 Unsecured Credentials
CM-6 Configuration Settings Protects T1552.001 Credentials In Files
CM-6 Configuration Settings Protects T1552.002 Credentials in Registry
CM-6 Configuration Settings Protects T1552.003 Bash History
CM-6 Configuration Settings Protects T1552.004 Private Keys
CM-6 Configuration Settings Protects T1552.005 Cloud Instance Metadata API
CM-6 Configuration Settings Protects T1552.006 Group Policy Preferences
CM-6 Configuration Settings Protects T1552.007 Container API
CM-6 Configuration Settings Protects T1553 Subvert Trust Controls
CM-6 Configuration Settings Protects T1553.001 Gatekeeper Bypass
CM-6 Configuration Settings Protects T1553.003 SIP and Trust Provider Hijacking
CM-6 Configuration Settings Protects T1553.004 Install Root Certificate
CM-6 Configuration Settings Protects T1553.005 Mark-of-the-Web Bypass
CM-6 Configuration Settings Protects T1554 Compromise Client Software Binary
CM-6 Configuration Settings Protects T1555.004 Windows Credential Manager
CM-6 Configuration Settings Protects T1555.005 Password Managers
CM-6 Configuration Settings Protects T1556 Modify Authentication Process
CM-6 Configuration Settings Protects T1556.001 Domain Controller Authentication
CM-6 Configuration Settings Protects T1556.002 Password Filter DLL
CM-6 Configuration Settings Protects T1556.003 Pluggable Authentication Modules
CM-6 Configuration Settings Protects T1556.004 Network Device Authentication
CM-6 Configuration Settings Protects T1557 Man-in-the-Middle
CM-6 Configuration Settings Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-6 Configuration Settings Protects T1557.002 ARP Cache Poisoning
CM-6 Configuration Settings Protects T1558 Steal or Forge Kerberos Tickets
CM-6 Configuration Settings Protects T1558.001 Golden Ticket
CM-6 Configuration Settings Protects T1558.002 Silver Ticket
CM-6 Configuration Settings Protects T1558.003 Kerberoasting
CM-6 Configuration Settings Protects T1558.004 AS-REP Roasting
CM-6 Configuration Settings Protects T1559 Inter-Process Communication
CM-6 Configuration Settings Protects T1559.001 Component Object Model
CM-6 Configuration Settings Protects T1559.002 Dynamic Data Exchange
CM-6 Configuration Settings Protects T1562 Impair Defenses
CM-6 Configuration Settings Protects T1562.001 Disable or Modify Tools
CM-6 Configuration Settings Protects T1562.002 Disable Windows Event Logging
CM-6 Configuration Settings Protects T1562.003 Impair Command History Logging
CM-6 Configuration Settings Protects T1562.004 Disable or Modify System Firewall
CM-6 Configuration Settings Protects T1562.006 Indicator Blocking
CM-6 Configuration Settings Protects T1563 Remote Service Session Hijacking
CM-6 Configuration Settings Protects T1563.001 SSH Hijacking
CM-6 Configuration Settings Protects T1563.002 RDP Hijacking
CM-6 Configuration Settings Protects T1564.002 Hidden Users
CM-6 Configuration Settings Protects T1564.006 Run Virtual Instance
CM-6 Configuration Settings Protects T1564.007 VBA Stomping
CM-6 Configuration Settings Protects T1565 Data Manipulation
CM-6 Configuration Settings Protects T1565.001 Stored Data Manipulation
CM-6 Configuration Settings Protects T1565.002 Transmitted Data Manipulation
CM-6 Configuration Settings Protects T1565.003 Runtime Data Manipulation
CM-6 Configuration Settings Protects T1566 Phishing
CM-6 Configuration Settings Protects T1566.001 Spearphishing Attachment
CM-6 Configuration Settings Protects T1566.002 Spearphishing Link
CM-6 Configuration Settings Protects T1569 System Services
CM-6 Configuration Settings Protects T1569.002 Service Execution
CM-6 Configuration Settings Protects T1570 Lateral Tool Transfer
CM-6 Configuration Settings Protects T1571 Non-Standard Port
CM-6 Configuration Settings Protects T1572 Protocol Tunneling
CM-6 Configuration Settings Protects T1573 Encrypted Channel
CM-6 Configuration Settings Protects T1573.001 Symmetric Cryptography
CM-6 Configuration Settings Protects T1573.002 Asymmetric Cryptography
CM-6 Configuration Settings Protects T1574 Hijack Execution Flow
CM-6 Configuration Settings Protects T1574.001 DLL Search Order Hijacking
CM-6 Configuration Settings Protects T1574.004 Dylib Hijacking
CM-6 Configuration Settings Protects T1574.005 Executable Installer File Permissions Weakness
CM-6 Configuration Settings Protects T1574.006 Dynamic Linker Hijacking
CM-6 Configuration Settings Protects T1574.007 Path Interception by PATH Environment Variable
CM-6 Configuration Settings Protects T1574.008 Path Interception by Search Order Hijacking
CM-6 Configuration Settings Protects T1574.009 Path Interception by Unquoted Path
CM-6 Configuration Settings Protects T1574.010 Services File Permissions Weakness
CM-6 Configuration Settings Protects T1598 Phishing for Information
CM-6 Configuration Settings Protects T1598.002 Spearphishing Attachment
CM-6 Configuration Settings Protects T1598.003 Spearphishing Link
CM-6 Configuration Settings Protects T1599 Network Boundary Bridging
CM-6 Configuration Settings Protects T1599.001 Network Address Translation Traversal
CM-6 Configuration Settings Protects T1601 Modify System Image
CM-6 Configuration Settings Protects T1601.001 Patch System Image
CM-6 Configuration Settings Protects T1601.002 Downgrade System Image
CM-6 Configuration Settings Protects T1602 Data from Configuration Repository
CM-6 Configuration Settings Protects T1602.001 SNMP (MIB Dump)
CM-6 Configuration Settings Protects T1602.002 Network Device Configuration Dump
CM-6 Configuration Settings Protects T1609 Container Administration Command
CM-6 Configuration Settings Protects T1610 Deploy Container
CM-6 Configuration Settings Protects T1611 Escape to Host
CM-6 Configuration Settings Protects T1612 Build Image on Host
CM-6 Configuration Settings Protects T1613 Container and Resource Discovery
CM-7 Least Functionality Protects T1003 OS Credential Dumping
CM-7 Least Functionality Protects T1003.001 LSASS Memory
CM-7 Least Functionality Protects T1003.002 Security Account Manager
CM-7 Least Functionality Protects T1003.005 Cached Domain Credentials
CM-7 Least Functionality Protects T1008 Fallback Channels
CM-7 Least Functionality Protects T1011 Exfiltration Over Other Network Medium
CM-7 Least Functionality Protects T1011.001 Exfiltration Over Bluetooth
CM-7 Least Functionality Protects T1021.001 Remote Desktop Protocol
CM-7 Least Functionality Protects T1021.002 SMB/Windows Admin Shares
CM-7 Least Functionality Protects T1021.003 Distributed Component Object Model
CM-7 Least Functionality Protects T1021.005 VNC
CM-7 Least Functionality Protects T1021.006 Windows Remote Management
CM-7 Least Functionality Protects T1036 Masquerading
CM-7 Least Functionality Protects T1036.005 Match Legitimate Name or Location
CM-7 Least Functionality Protects T1037 Boot or Logon Initialization Scripts
CM-7 Least Functionality Protects T1037.001 Logon Script (Windows)
CM-7 Least Functionality Protects T1046 Network Service Scanning
CM-7 Least Functionality Protects T1048 Exfiltration Over Alternative Protocol
CM-7 Least Functionality Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-7 Least Functionality Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-7 Least Functionality Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-7 Least Functionality Protects T1053 Scheduled Task/Job
CM-7 Least Functionality Protects T1053.002 At (Windows)
CM-7 Least Functionality Protects T1053.005 Scheduled Task
CM-7 Least Functionality Protects T1059 Command and Scripting Interpreter
CM-7 Least Functionality Protects T1059.002 AppleScript
CM-7 Least Functionality Protects T1059.003 Windows Command Shell
CM-7 Least Functionality Protects T1059.004 Unix Shell
CM-7 Least Functionality Protects T1059.005 Visual Basic
CM-7 Least Functionality Protects T1059.006 Python
CM-7 Least Functionality Protects T1059.007 JavaScript
CM-7 Least Functionality Protects T1068 Exploitation for Privilege Escalation
CM-7 Least Functionality Protects T1071 Application Layer Protocol
CM-7 Least Functionality Protects T1071.001 Web Protocols
CM-7 Least Functionality Protects T1071.002 File Transfer Protocols
CM-7 Least Functionality Protects T1071.003 Mail Protocols
CM-7 Least Functionality Protects T1071.004 DNS
CM-7 Least Functionality Protects T1072 Software Deployment Tools
CM-7 Least Functionality Protects T1080 Taint Shared Content
CM-7 Least Functionality Protects T1087 Account Discovery
CM-7 Least Functionality Protects T1087.001 Local Account
CM-7 Least Functionality Protects T1087.002 Domain Account
CM-7 Least Functionality Protects T1090 Proxy
CM-7 Least Functionality Protects T1090.001 Internal Proxy
CM-7 Least Functionality Protects T1090.002 External Proxy
CM-7 Least Functionality Protects T1090.003 Multi-hop Proxy
CM-7 Least Functionality Protects T1092 Communication Through Removable Media
CM-7 Least Functionality Protects T1095 Non-Application Layer Protocol
CM-7 Least Functionality Protects T1098 Account Manipulation
CM-7 Least Functionality Protects T1098.001 Additional Cloud Credentials
CM-7 Least Functionality Protects T1098.004 SSH Authorized Keys
CM-7 Least Functionality Protects T1102 Web Service
CM-7 Least Functionality Protects T1102.001 Dead Drop Resolver
CM-7 Least Functionality Protects T1102.002 Bidirectional Communication
CM-7 Least Functionality Protects T1102.003 One-Way Communication
CM-7 Least Functionality Protects T1104 Multi-Stage Channels
CM-7 Least Functionality Protects T1105 Ingress Tool Transfer
CM-7 Least Functionality Protects T1106 Native API
CM-7 Least Functionality Protects T1112 Modify Registry
CM-7 Least Functionality Protects T1127 Trusted Developer Utilities Proxy Execution
CM-7 Least Functionality Protects T1129 Shared Modules
CM-7 Least Functionality Protects T1133 External Remote Services
CM-7 Least Functionality Protects T1135 Network Share Discovery
CM-7 Least Functionality Protects T1136 Create Account
CM-7 Least Functionality Protects T1136.002 Domain Account
CM-7 Least Functionality Protects T1136.003 Cloud Account
CM-7 Least Functionality Protects T1176 Browser Extensions
CM-7 Least Functionality Protects T1187 Forced Authentication
CM-7 Least Functionality Protects T1190 Exploit Public-Facing Application
CM-7 Least Functionality Protects T1195 Supply Chain Compromise
CM-7 Least Functionality Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-7 Least Functionality Protects T1195.002 Compromise Software Supply Chain
CM-7 Least Functionality Protects T1197 BITS Jobs
CM-7 Least Functionality Protects T1199 Trusted Relationship
CM-7 Least Functionality Protects T1204 User Execution
CM-7 Least Functionality Protects T1204.001 Malicious Link
CM-7 Least Functionality Protects T1204.002 Malicious File
CM-7 Least Functionality Protects T1204.003 Malicious Image
CM-7 Least Functionality Protects T1205 Traffic Signaling
CM-7 Least Functionality Protects T1205.001 Port Knocking
CM-7 Least Functionality Protects T1210 Exploitation of Remote Services
CM-7 Least Functionality Protects T1213 Data from Information Repositories
CM-7 Least Functionality Protects T1213.001 Confluence
CM-7 Least Functionality Protects T1213.002 Sharepoint
CM-7 Least Functionality Protects T1216 Signed Script Proxy Execution
CM-7 Least Functionality Protects T1216.001 PubPrn
CM-7 Least Functionality Protects T1218 Signed Binary Proxy Execution
CM-7 Least Functionality Protects T1218.001 Compiled HTML File
CM-7 Least Functionality Protects T1218.002 Control Panel
CM-7 Least Functionality Protects T1218.003 CMSTP
CM-7 Least Functionality Protects T1218.004 InstallUtil
CM-7 Least Functionality Protects T1218.005 Mshta
CM-7 Least Functionality Protects T1218.007 Msiexec
CM-7 Least Functionality Protects T1218.008 Odbcconf
CM-7 Least Functionality Protects T1218.009 Regsvcs/Regasm
CM-7 Least Functionality Protects T1218.012 Verclsid
CM-7 Least Functionality Protects T1219 Remote Access Software
CM-7 Least Functionality Protects T1220 XSL Script Processing
CM-7 Least Functionality Protects T1221 Template Injection
CM-7 Least Functionality Protects T1482 Domain Trust Discovery
CM-7 Least Functionality Protects T1484 Domain Policy Modification
CM-7 Least Functionality Protects T1489 Service Stop
CM-7 Least Functionality Protects T1490 Inhibit System Recovery
CM-7 Least Functionality Protects T1498 Network Denial of Service
CM-7 Least Functionality Protects T1498.001 Direct Network Flood
CM-7 Least Functionality Protects T1498.002 Reflection Amplification
CM-7 Least Functionality Protects T1499 Endpoint Denial of Service
CM-7 Least Functionality Protects T1499.001 OS Exhaustion Flood
CM-7 Least Functionality Protects T1499.002 Service Exhaustion Flood
CM-7 Least Functionality Protects T1499.003 Application Exhaustion Flood
CM-7 Least Functionality Protects T1499.004 Application or System Exploitation
CM-7 Least Functionality Protects T1525 Implant Internal Image
CM-7 Least Functionality Protects T1530 Data from Cloud Storage Object
CM-7 Least Functionality Protects T1537 Transfer Data to Cloud Account
CM-7 Least Functionality Protects T1542.004 ROMMONkit
CM-7 Least Functionality Protects T1542.005 TFTP Boot
CM-7 Least Functionality Protects T1543 Create or Modify System Process
CM-7 Least Functionality Protects T1543.003 Windows Service
CM-7 Least Functionality Protects T1546.002 Screensaver
CM-7 Least Functionality Protects T1546.006 LC_LOAD_DYLIB Addition
CM-7 Least Functionality Protects T1546.008 Accessibility Features
CM-7 Least Functionality Protects T1546.009 AppCert DLLs
CM-7 Least Functionality Protects T1546.010 AppInit DLLs
CM-7 Least Functionality Protects T1547.004 Winlogon Helper DLL
CM-7 Least Functionality Protects T1547.006 Kernel Modules and Extensions
CM-7 Least Functionality Protects T1547.007 Re-opened Applications
CM-7 Least Functionality Protects T1547.011 Plist Modification
CM-7 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-7 Least Functionality Protects T1548.001 Setuid and Setgid
CM-7 Least Functionality Protects T1548.003 Sudo and Sudo Caching
CM-7 Least Functionality Protects T1548.004 Elevated Execution with Prompt
CM-7 Least Functionality Protects T1552 Unsecured Credentials
CM-7 Least Functionality Protects T1552.003 Bash History
CM-7 Least Functionality Protects T1552.005 Cloud Instance Metadata API
CM-7 Least Functionality Protects T1552.007 Container API
CM-7 Least Functionality Protects T1553 Subvert Trust Controls
CM-7 Least Functionality Protects T1553.001 Gatekeeper Bypass
CM-7 Least Functionality Protects T1553.003 SIP and Trust Provider Hijacking
CM-7 Least Functionality Protects T1553.004 Install Root Certificate
CM-7 Least Functionality Protects T1553.005 Mark-of-the-Web Bypass
CM-7 Least Functionality Protects T1553.006 Code Signing Policy Modification
CM-7 Least Functionality Protects T1555.004 Windows Credential Manager
CM-7 Least Functionality Protects T1556 Modify Authentication Process
CM-7 Least Functionality Protects T1556.002 Password Filter DLL
CM-7 Least Functionality Protects T1557 Man-in-the-Middle
CM-7 Least Functionality Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-7 Least Functionality Protects T1557.002 ARP Cache Poisoning
CM-7 Least Functionality Protects T1559 Inter-Process Communication
CM-7 Least Functionality Protects T1559.002 Dynamic Data Exchange
CM-7 Least Functionality Protects T1562 Impair Defenses
CM-7 Least Functionality Protects T1562.001 Disable or Modify Tools
CM-7 Least Functionality Protects T1562.002 Disable Windows Event Logging
CM-7 Least Functionality Protects T1562.003 Impair Command History Logging
CM-7 Least Functionality Protects T1562.004 Disable or Modify System Firewall
CM-7 Least Functionality Protects T1563 Remote Service Session Hijacking
CM-7 Least Functionality Protects T1563.001 SSH Hijacking
CM-7 Least Functionality Protects T1563.002 RDP Hijacking
CM-7 Least Functionality Protects T1564.002 Hidden Users
CM-7 Least Functionality Protects T1564.003 Hidden Window
CM-7 Least Functionality Protects T1564.006 Run Virtual Instance
CM-7 Least Functionality Protects T1565 Data Manipulation
CM-7 Least Functionality Protects T1565.003 Runtime Data Manipulation
CM-7 Least Functionality Protects T1569 System Services
CM-7 Least Functionality Protects T1569.002 Service Execution
CM-7 Least Functionality Protects T1570 Lateral Tool Transfer
CM-7 Least Functionality Protects T1571 Non-Standard Port
CM-7 Least Functionality Protects T1572 Protocol Tunneling
CM-7 Least Functionality Protects T1573 Encrypted Channel
CM-7 Least Functionality Protects T1573.001 Symmetric Cryptography
CM-7 Least Functionality Protects T1573.002 Asymmetric Cryptography
CM-7 Least Functionality Protects T1574 Hijack Execution Flow
CM-7 Least Functionality Protects T1574.001 DLL Search Order Hijacking
CM-7 Least Functionality Protects T1574.006 Dynamic Linker Hijacking
CM-7 Least Functionality Protects T1574.007 Path Interception by PATH Environment Variable
CM-7 Least Functionality Protects T1574.008 Path Interception by Search Order Hijacking
CM-7 Least Functionality Protects T1574.009 Path Interception by Unquoted Path
CM-7 Least Functionality Protects T1574.012 COR_PROFILER
CM-7 Least Functionality Protects T1599 Network Boundary Bridging
CM-7 Least Functionality Protects T1599.001 Network Address Translation Traversal
CM-7 Least Functionality Protects T1601 Modify System Image
CM-7 Least Functionality Protects T1601.001 Patch System Image
CM-7 Least Functionality Protects T1601.002 Downgrade System Image
CM-7 Least Functionality Protects T1602 Data from Configuration Repository
CM-7 Least Functionality Protects T1602.001 SNMP (MIB Dump)
CM-7 Least Functionality Protects T1602.002 Network Device Configuration Dump
CM-7 Least Functionality Protects T1609 Container Administration Command
CM-7 Least Functionality Protects T1610 Deploy Container
CM-7 Least Functionality Protects T1611 Escape to Host
CM-7 Least Functionality Protects T1612 Build Image on Host
CM-7 Least Functionality Protects T1613 Container and Resource Discovery
CM-8 System Component Inventory Protects T1011.001 Exfiltration Over Bluetooth
CM-8 System Component Inventory Protects T1020.001 Traffic Duplication
CM-8 System Component Inventory Protects T1021.001 Remote Desktop Protocol
CM-8 System Component Inventory Protects T1021.003 Distributed Component Object Model
CM-8 System Component Inventory Protects T1021.004 SSH
CM-8 System Component Inventory Protects T1021.005 VNC
CM-8 System Component Inventory Protects T1021.006 Windows Remote Management
CM-8 System Component Inventory Protects T1046 Network Service Scanning
CM-8 System Component Inventory Protects T1052 Exfiltration Over Physical Medium
CM-8 System Component Inventory Protects T1052.001 Exfiltration over USB
CM-8 System Component Inventory Protects T1053 Scheduled Task/Job
CM-8 System Component Inventory Protects T1053.002 At (Windows)
CM-8 System Component Inventory Protects T1053.005 Scheduled Task
CM-8 System Component Inventory Protects T1059 Command and Scripting Interpreter
CM-8 System Component Inventory Protects T1059.001 PowerShell
CM-8 System Component Inventory Protects T1059.005 Visual Basic
CM-8 System Component Inventory Protects T1059.007 JavaScript
CM-8 System Component Inventory Protects T1068 Exploitation for Privilege Escalation
CM-8 System Component Inventory Protects T1072 Software Deployment Tools
CM-8 System Component Inventory Protects T1091 Replication Through Removable Media
CM-8 System Component Inventory Protects T1092 Communication Through Removable Media
CM-8 System Component Inventory Protects T1098.004 SSH Authorized Keys
CM-8 System Component Inventory Protects T1119 Automated Collection
CM-8 System Component Inventory Protects T1127 Trusted Developer Utilities Proxy Execution
CM-8 System Component Inventory Protects T1127.001 MSBuild
CM-8 System Component Inventory Protects T1133 External Remote Services
CM-8 System Component Inventory Protects T1137 Office Application Startup
CM-8 System Component Inventory Protects T1137.001 Office Template Macros
CM-8 System Component Inventory Protects T1189 Drive-by Compromise
CM-8 System Component Inventory Protects T1190 Exploit Public-Facing Application
CM-8 System Component Inventory Protects T1195.003 Compromise Hardware Supply Chain
CM-8 System Component Inventory Protects T1203 Exploitation for Client Execution
CM-8 System Component Inventory Protects T1210 Exploitation of Remote Services
CM-8 System Component Inventory Protects T1211 Exploitation for Defense Evasion
CM-8 System Component Inventory Protects T1212 Exploitation for Credential Access
CM-8 System Component Inventory Protects T1213 Data from Information Repositories
CM-8 System Component Inventory Protects T1213.001 Confluence
CM-8 System Component Inventory Protects T1213.002 Sharepoint
CM-8 System Component Inventory Protects T1218 Signed Binary Proxy Execution
CM-8 System Component Inventory Protects T1218.003 CMSTP
CM-8 System Component Inventory Protects T1218.004 InstallUtil
CM-8 System Component Inventory Protects T1218.005 Mshta
CM-8 System Component Inventory Protects T1218.008 Odbcconf
CM-8 System Component Inventory Protects T1218.009 Regsvcs/Regasm
CM-8 System Component Inventory Protects T1218.012 Verclsid
CM-8 System Component Inventory Protects T1221 Template Injection
CM-8 System Component Inventory Protects T1495 Firmware Corruption
CM-8 System Component Inventory Protects T1505 Server Software Component
CM-8 System Component Inventory Protects T1505.001 SQL Stored Procedures
CM-8 System Component Inventory Protects T1505.002 Transport Agent
CM-8 System Component Inventory Protects T1530 Data from Cloud Storage Object
CM-8 System Component Inventory Protects T1542 Pre-OS Boot
CM-8 System Component Inventory Protects T1542.001 System Firmware
CM-8 System Component Inventory Protects T1542.003 Bootkit
CM-8 System Component Inventory Protects T1542.004 ROMMONkit
CM-8 System Component Inventory Protects T1542.005 TFTP Boot
CM-8 System Component Inventory Protects T1546.002 Screensaver
CM-8 System Component Inventory Protects T1546.006 LC_LOAD_DYLIB Addition
CM-8 System Component Inventory Protects T1546.014 Emond
CM-8 System Component Inventory Protects T1547.007 Re-opened Applications
CM-8 System Component Inventory Protects T1548 Abuse Elevation Control Mechanism
CM-8 System Component Inventory Protects T1548.004 Elevated Execution with Prompt
CM-8 System Component Inventory Protects T1553 Subvert Trust Controls
CM-8 System Component Inventory Protects T1553.006 Code Signing Policy Modification
CM-8 System Component Inventory Protects T1557 Man-in-the-Middle
CM-8 System Component Inventory Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-8 System Component Inventory Protects T1557.002 ARP Cache Poisoning
CM-8 System Component Inventory Protects T1559 Inter-Process Communication
CM-8 System Component Inventory Protects T1559.002 Dynamic Data Exchange
CM-8 System Component Inventory Protects T1563 Remote Service Session Hijacking
CM-8 System Component Inventory Protects T1563.001 SSH Hijacking
CM-8 System Component Inventory Protects T1563.002 RDP Hijacking
CM-8 System Component Inventory Protects T1564.006 Run Virtual Instance
CM-8 System Component Inventory Protects T1564.007 VBA Stomping
CM-8 System Component Inventory Protects T1565 Data Manipulation
CM-8 System Component Inventory Protects T1565.001 Stored Data Manipulation
CM-8 System Component Inventory Protects T1565.002 Transmitted Data Manipulation
CM-8 System Component Inventory Protects T1574 Hijack Execution Flow
CM-8 System Component Inventory Protects T1574.004 Dylib Hijacking
CM-8 System Component Inventory Protects T1574.007 Path Interception by PATH Environment Variable
CM-8 System Component Inventory Protects T1574.008 Path Interception by Search Order Hijacking
CM-8 System Component Inventory Protects T1574.009 Path Interception by Unquoted Path
CM-8 System Component Inventory Protects T1601 Modify System Image
CM-8 System Component Inventory Protects T1601.001 Patch System Image
CM-8 System Component Inventory Protects T1601.002 Downgrade System Image
CM-8 System Component Inventory Protects T1602 Data from Configuration Repository
CM-8 System Component Inventory Protects T1602.001 SNMP (MIB Dump)
CM-8 System Component Inventory Protects T1602.002 Network Device Configuration Dump
CP-10 System Recovery and Reconstitution Protects T1485 Data Destruction
CP-10 System Recovery and Reconstitution Protects T1486 Data Encrypted for Impact
CP-10 System Recovery and Reconstitution Protects T1490 Inhibit System Recovery
CP-10 System Recovery and Reconstitution Protects T1491 Defacement
CP-10 System Recovery and Reconstitution Protects T1491.001 Internal Defacement
CP-10 System Recovery and Reconstitution Protects T1491.002 External Defacement
CP-10 System Recovery and Reconstitution Protects T1561 Disk Wipe
CP-10 System Recovery and Reconstitution Protects T1561.001 Disk Content Wipe
CP-10 System Recovery and Reconstitution Protects T1561.002 Disk Structure Wipe
CP-10 System Recovery and Reconstitution Protects T1565 Data Manipulation
CP-10 System Recovery and Reconstitution Protects T1565.001 Stored Data Manipulation
CP-2 Contingency Plan Protects T1485 Data Destruction
CP-2 Contingency Plan Protects T1486 Data Encrypted for Impact
CP-2 Contingency Plan Protects T1490 Inhibit System Recovery
CP-2 Contingency Plan Protects T1491 Defacement
CP-2 Contingency Plan Protects T1491.001 Internal Defacement
CP-2 Contingency Plan Protects T1491.002 External Defacement
CP-2 Contingency Plan Protects T1561 Disk Wipe
CP-2 Contingency Plan Protects T1561.001 Disk Content Wipe
CP-2 Contingency Plan Protects T1561.002 Disk Structure Wipe
CP-6 Alternate Storage Site Protects T1070 Indicator Removal on Host
CP-6 Alternate Storage Site Protects T1070.001 Clear Windows Event Logs
CP-6 Alternate Storage Site Protects T1070.002 Clear Linux or Mac System Logs
CP-6 Alternate Storage Site Protects T1119 Automated Collection
CP-6 Alternate Storage Site Protects T1486 Data Encrypted for Impact
CP-6 Alternate Storage Site Protects T1565 Data Manipulation
CP-6 Alternate Storage Site Protects T1565.001 Stored Data Manipulation
CP-7 Alternate Processing Site Protects T1070 Indicator Removal on Host
CP-7 Alternate Processing Site Protects T1070.001 Clear Windows Event Logs
CP-7 Alternate Processing Site Protects T1070.002 Clear Linux or Mac System Logs
CP-7 Alternate Processing Site Protects T1119 Automated Collection
CP-7 Alternate Processing Site Protects T1485 Data Destruction
CP-7 Alternate Processing Site Protects T1486 Data Encrypted for Impact
CP-7 Alternate Processing Site Protects T1490 Inhibit System Recovery
CP-7 Alternate Processing Site Protects T1491 Defacement
CP-7 Alternate Processing Site Protects T1491.001 Internal Defacement
CP-7 Alternate Processing Site Protects T1491.002 External Defacement
CP-7 Alternate Processing Site Protects T1561 Disk Wipe
CP-7 Alternate Processing Site Protects T1561.001 Disk Content Wipe
CP-7 Alternate Processing Site Protects T1561.002 Disk Structure Wipe
CP-7 Alternate Processing Site Protects T1565 Data Manipulation
CP-7 Alternate Processing Site Protects T1565.001 Stored Data Manipulation
CP-9 System Backup Protects T1003 OS Credential Dumping
CP-9 System Backup Protects T1003.003 NTDS
CP-9 System Backup Protects T1070 Indicator Removal on Host
CP-9 System Backup Protects T1070.001 Clear Windows Event Logs
CP-9 System Backup Protects T1070.002 Clear Linux or Mac System Logs
CP-9 System Backup Protects T1119 Automated Collection
CP-9 System Backup Protects T1485 Data Destruction
CP-9 System Backup Protects T1486 Data Encrypted for Impact
CP-9 System Backup Protects T1490 Inhibit System Recovery
CP-9 System Backup Protects T1491 Defacement
CP-9 System Backup Protects T1491.001 Internal Defacement
CP-9 System Backup Protects T1491.002 External Defacement
CP-9 System Backup Protects T1561 Disk Wipe
CP-9 System Backup Protects T1561.001 Disk Content Wipe
CP-9 System Backup Protects T1561.002 Disk Structure Wipe
CP-9 System Backup Protects T1565 Data Manipulation
CP-9 System Backup Protects T1565.001 Stored Data Manipulation
CP-9 System Backup Protects T1565.003 Runtime Data Manipulation
IA-11 Re-authentication Protects T1110 Brute Force
IA-11 Re-authentication Protects T1110.001 Password Guessing
IA-11 Re-authentication Protects T1110.002 Password Cracking
IA-11 Re-authentication Protects T1110.003 Password Spraying
IA-11 Re-authentication Protects T1110.004 Credential Stuffing
IA-12 Identity Proofing Protects T1078 Valid Accounts
IA-12 Identity Proofing Protects T1078.002 Domain Accounts
IA-12 Identity Proofing Protects T1078.003 Local Accounts
IA-12 Identity Proofing Protects T1078.004 Cloud Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1003 OS Credential Dumping
IA-2 Identification and Authentication (organizational Users) Protects T1003.001 LSASS Memory
IA-2 Identification and Authentication (organizational Users) Protects T1003.002 Security Account Manager
IA-2 Identification and Authentication (organizational Users) Protects T1003.003 NTDS
IA-2 Identification and Authentication (organizational Users) Protects T1003.004 LSA Secrets
IA-2 Identification and Authentication (organizational Users) Protects T1003.005 Cached Domain Credentials
IA-2 Identification and Authentication (organizational Users) Protects T1003.006 DCSync
IA-2 Identification and Authentication (organizational Users) Protects T1003.007 Proc Filesystem
IA-2 Identification and Authentication (organizational Users) Protects T1003.008 /etc/passwd and /etc/shadow
IA-2 Identification and Authentication (organizational Users) Protects T1021 Remote Services
IA-2 Identification and Authentication (organizational Users) Protects T1021.001 Remote Desktop Protocol
IA-2 Identification and Authentication (organizational Users) Protects T1021.002 SMB/Windows Admin Shares
IA-2 Identification and Authentication (organizational Users) Protects T1021.003 Distributed Component Object Model
IA-2 Identification and Authentication (organizational Users) Protects T1021.004 SSH
IA-2 Identification and Authentication (organizational Users) Protects T1021.005 VNC
IA-2 Identification and Authentication (organizational Users) Protects T1021.006 Windows Remote Management
IA-2 Identification and Authentication (organizational Users) Protects T1040 Network Sniffing
IA-2 Identification and Authentication (organizational Users) Protects T1047 Windows Management Instrumentation
IA-2 Identification and Authentication (organizational Users) Protects T1053 Scheduled Task/Job
IA-2 Identification and Authentication (organizational Users) Protects T1053.001 At (Linux)
IA-2 Identification and Authentication (organizational Users) Protects T1053.002 At (Windows)
IA-2 Identification and Authentication (organizational Users) Protects T1053.003 Cron
IA-2 Identification and Authentication (organizational Users) Protects T1053.004 Launchd
IA-2 Identification and Authentication (organizational Users) Protects T1053.005 Scheduled Task
IA-2 Identification and Authentication (organizational Users) Protects T1053.006 Systemd Timers
IA-2 Identification and Authentication (organizational Users) Protects T1053.007 Container Orchestration Job
IA-2 Identification and Authentication (organizational Users) Protects T1055 Process Injection
IA-2 Identification and Authentication (organizational Users) Protects T1055.008 Ptrace System Calls
IA-2 Identification and Authentication (organizational Users) Protects T1056.003 Web Portal Capture
IA-2 Identification and Authentication (organizational Users) Protects T1059 Command and Scripting Interpreter
IA-2 Identification and Authentication (organizational Users) Protects T1059.001 PowerShell
IA-2 Identification and Authentication (organizational Users) Protects T1059.008 Network Device CLI
IA-2 Identification and Authentication (organizational Users) Protects T1072 Software Deployment Tools
IA-2 Identification and Authentication (organizational Users) Protects T1078 Valid Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1078.002 Domain Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1078.003 Local Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1078.004 Cloud Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1087.004 Cloud Account
IA-2 Identification and Authentication (organizational Users) Protects T1098 Account Manipulation
IA-2 Identification and Authentication (organizational Users) Protects T1098.001 Additional Cloud Credentials
IA-2 Identification and Authentication (organizational Users) Protects T1098.002 Exchange Email Delegate Permissions
IA-2 Identification and Authentication (organizational Users) Protects T1098.003 Add Office 365 Global Administrator Role
IA-2 Identification and Authentication (organizational Users) Protects T1110 Brute Force
IA-2 Identification and Authentication (organizational Users) Protects T1110.001 Password Guessing
IA-2 Identification and Authentication (organizational Users) Protects T1110.002 Password Cracking
IA-2 Identification and Authentication (organizational Users) Protects T1110.003 Password Spraying
IA-2 Identification and Authentication (organizational Users) Protects T1110.004 Credential Stuffing
IA-2 Identification and Authentication (organizational Users) Protects T1111 Two-Factor Authentication Interception
IA-2 Identification and Authentication (organizational Users) Protects T1114 Email Collection
IA-2 Identification and Authentication (organizational Users) Protects T1114.002 Remote Email Collection
IA-2 Identification and Authentication (organizational Users) Protects T1133 External Remote Services
IA-2 Identification and Authentication (organizational Users) Protects T1134 Access Token Manipulation
IA-2 Identification and Authentication (organizational Users) Protects T1134.001 Token Impersonation/Theft
IA-2 Identification and Authentication (organizational Users) Protects T1134.002 Create Process with Token
IA-2 Identification and Authentication (organizational Users) Protects T1134.003 Make and Impersonate Token
IA-2 Identification and Authentication (organizational Users) Protects T1136 Create Account
IA-2 Identification and Authentication (organizational Users) Protects T1136.001 Local Account
IA-2 Identification and Authentication (organizational Users) Protects T1136.002 Domain Account
IA-2 Identification and Authentication (organizational Users) Protects T1136.003 Cloud Account
IA-2 Identification and Authentication (organizational Users) Protects T1185 Man in the Browser
IA-2 Identification and Authentication (organizational Users) Protects T1190 Exploit Public-Facing Application
IA-2 Identification and Authentication (organizational Users) Protects T1197 BITS Jobs
IA-2 Identification and Authentication (organizational Users) Protects T1210 Exploitation of Remote Services
IA-2 Identification and Authentication (organizational Users) Protects T1213 Data from Information Repositories
IA-2 Identification and Authentication (organizational Users) Protects T1213.001 Confluence
IA-2 Identification and Authentication (organizational Users) Protects T1213.002 Sharepoint
IA-2 Identification and Authentication (organizational Users) Protects T1218 Signed Binary Proxy Execution
IA-2 Identification and Authentication (organizational Users) Protects T1218.007 Msiexec
IA-2 Identification and Authentication (organizational Users) Protects T1222 File and Directory Permissions Modification
IA-2 Identification and Authentication (organizational Users) Protects T1222.001 Windows File and Directory Permissions Modification
IA-2 Identification and Authentication (organizational Users) Protects T1222.002 Linux and Mac File and Directory Permissions Modification
IA-2 Identification and Authentication (organizational Users) Protects T1484 Domain Policy Modification
IA-2 Identification and Authentication (organizational Users) Protects T1489 Service Stop
IA-2 Identification and Authentication (organizational Users) Protects T1495 Firmware Corruption
IA-2 Identification and Authentication (organizational Users) Protects T1505 Server Software Component
IA-2 Identification and Authentication (organizational Users) Protects T1505.001 SQL Stored Procedures
IA-2 Identification and Authentication (organizational Users) Protects T1505.002 Transport Agent
IA-2 Identification and Authentication (organizational Users) Protects T1525 Implant Internal Image
IA-2 Identification and Authentication (organizational Users) Protects T1528 Steal Application Access Token
IA-2 Identification and Authentication (organizational Users) Protects T1530 Data from Cloud Storage Object
IA-2 Identification and Authentication (organizational Users) Protects T1537 Transfer Data to Cloud Account
IA-2 Identification and Authentication (organizational Users) Protects T1538 Cloud Service Dashboard
IA-2 Identification and Authentication (organizational Users) Protects T1539 Steal Web Session Cookie
IA-2 Identification and Authentication (organizational Users) Protects T1542 Pre-OS Boot
IA-2 Identification and Authentication (organizational Users) Protects T1542.001 System Firmware
IA-2 Identification and Authentication (organizational Users) Protects T1542.003 Bootkit
IA-2 Identification and Authentication (organizational Users) Protects T1542.005 TFTP Boot
IA-2 Identification and Authentication (organizational Users) Protects T1543 Create or Modify System Process
IA-2 Identification and Authentication (organizational Users) Protects T1543.001 Launch Agent
IA-2 Identification and Authentication (organizational Users) Protects T1543.002 Systemd Service
IA-2 Identification and Authentication (organizational Users) Protects T1543.003 Windows Service
IA-2 Identification and Authentication (organizational Users) Protects T1543.004 Launch Daemon
IA-2 Identification and Authentication (organizational Users) Protects T1546.003 Windows Management Instrumentation Event Subscription
IA-2 Identification and Authentication (organizational Users) Protects T1547.004 Winlogon Helper DLL
IA-2 Identification and Authentication (organizational Users) Protects T1547.006 Kernel Modules and Extensions
IA-2 Identification and Authentication (organizational Users) Protects T1547.009 Shortcut Modification
IA-2 Identification and Authentication (organizational Users) Protects T1547.012 Print Processors
IA-2 Identification and Authentication (organizational Users) Protects T1547.013 XDG Autostart Entries
IA-2 Identification and Authentication (organizational Users) Protects T1548 Abuse Elevation Control Mechanism
IA-2 Identification and Authentication (organizational Users) Protects T1548.002 Bypass User Account Control
IA-2 Identification and Authentication (organizational Users) Protects T1548.003 Sudo and Sudo Caching
IA-2 Identification and Authentication (organizational Users) Protects T1550 Use Alternate Authentication Material
IA-2 Identification and Authentication (organizational Users) Protects T1550.001 Application Access Token
IA-2 Identification and Authentication (organizational Users) Protects T1550.002 Pass the Hash
IA-2 Identification and Authentication (organizational Users) Protects T1550.003 Pass the Ticket
IA-2 Identification and Authentication (organizational Users) Protects T1552 Unsecured Credentials
IA-2 Identification and Authentication (organizational Users) Protects T1552.001 Credentials In Files
IA-2 Identification and Authentication (organizational Users) Protects T1552.002 Credentials in Registry
IA-2 Identification and Authentication (organizational Users) Protects T1552.004 Private Keys
IA-2 Identification and Authentication (organizational Users) Protects T1552.006 Group Policy Preferences
IA-2 Identification and Authentication (organizational Users) Protects T1552.007 Container API
IA-2 Identification and Authentication (organizational Users) Protects T1555.005 Password Managers
IA-2 Identification and Authentication (organizational Users) Protects T1556 Modify Authentication Process
IA-2 Identification and Authentication (organizational Users) Protects T1556.001 Domain Controller Authentication
IA-2 Identification and Authentication (organizational Users) Protects T1556.003 Pluggable Authentication Modules
IA-2 Identification and Authentication (organizational Users) Protects T1556.004 Network Device Authentication
IA-2 Identification and Authentication (organizational Users) Protects T1558 Steal or Forge Kerberos Tickets
IA-2 Identification and Authentication (organizational Users) Protects T1558.001 Golden Ticket
IA-2 Identification and Authentication (organizational Users) Protects T1558.002 Silver Ticket
IA-2 Identification and Authentication (organizational Users) Protects T1558.003 Kerberoasting
IA-2 Identification and Authentication (organizational Users) Protects T1558.004 AS-REP Roasting
IA-2 Identification and Authentication (organizational Users) Protects T1559 Inter-Process Communication
IA-2 Identification and Authentication (organizational Users) Protects T1559.001 Component Object Model
IA-2 Identification and Authentication (organizational Users) Protects T1562 Impair Defenses
IA-2 Identification and Authentication (organizational Users) Protects T1562.001 Disable or Modify Tools
IA-2 Identification and Authentication (organizational Users) Protects T1562.002 Disable Windows Event Logging
IA-2 Identification and Authentication (organizational Users) Protects T1562.004 Disable or Modify System Firewall
IA-2 Identification and Authentication (organizational Users) Protects T1562.006 Indicator Blocking
IA-2 Identification and Authentication (organizational Users) Protects T1562.007 Disable or Modify Cloud Firewall
IA-2 Identification and Authentication (organizational Users) Protects T1562.008 Disable Cloud Logs
IA-2 Identification and Authentication (organizational Users) Protects T1563 Remote Service Session Hijacking
IA-2 Identification and Authentication (organizational Users) Protects T1563.001 SSH Hijacking
IA-2 Identification and Authentication (organizational Users) Protects T1563.002 RDP Hijacking
IA-2 Identification and Authentication (organizational Users) Protects T1569 System Services
IA-2 Identification and Authentication (organizational Users) Protects T1569.001 Launchctl
IA-2 Identification and Authentication (organizational Users) Protects T1569.002 Service Execution
IA-2 Identification and Authentication (organizational Users) Protects T1574 Hijack Execution Flow
IA-2 Identification and Authentication (organizational Users) Protects T1574.005 Executable Installer File Permissions Weakness
IA-2 Identification and Authentication (organizational Users) Protects T1574.010 Services File Permissions Weakness
IA-2 Identification and Authentication (organizational Users) Protects T1574.012 COR_PROFILER
IA-2 Identification and Authentication (organizational Users) Protects T1578 Modify Cloud Compute Infrastructure
IA-2 Identification and Authentication (organizational Users) Protects T1578.001 Create Snapshot
IA-2 Identification and Authentication (organizational Users) Protects T1578.002 Create Cloud Instance
IA-2 Identification and Authentication (organizational Users) Protects T1578.003 Delete Cloud Instance
IA-2 Identification and Authentication (organizational Users) Protects T1580 Cloud Infrastructure Discovery
IA-2 Identification and Authentication (organizational Users) Protects T1599 Network Boundary Bridging
IA-2 Identification and Authentication (organizational Users) Protects T1599.001 Network Address Translation Traversal
IA-2 Identification and Authentication (organizational Users) Protects T1601 Modify System Image
IA-2 Identification and Authentication (organizational Users) Protects T1601.001 Patch System Image
IA-2 Identification and Authentication (organizational Users) Protects T1601.002 Downgrade System Image
IA-2 Identification and Authentication (organizational Users) Protects T1610 Deploy Container
IA-2 Identification and Authentication (organizational Users) Protects T1611 Escape to Host
IA-2 Identification and Authentication (organizational Users) Protects T1613 Container and Resource Discovery
IA-3 Device Identification and Authentication Protects T1530 Data from Cloud Storage Object
IA-3 Device Identification and Authentication Protects T1537 Transfer Data to Cloud Account
IA-3 Device Identification and Authentication Protects T1552 Unsecured Credentials
IA-3 Device Identification and Authentication Protects T1552.005 Cloud Instance Metadata API
IA-3 Device Identification and Authentication Protects T1602 Data from Configuration Repository
IA-3 Device Identification and Authentication Protects T1602.001 SNMP (MIB Dump)
IA-3 Device Identification and Authentication Protects T1602.002 Network Device Configuration Dump
IA-4 Identifier Management Protects T1003 OS Credential Dumping
IA-4 Identifier Management Protects T1003.005 Cached Domain Credentials
IA-4 Identifier Management Protects T1003.006 DCSync
IA-4 Identifier Management Protects T1021.001 Remote Desktop Protocol
IA-4 Identifier Management Protects T1021.005 VNC
IA-4 Identifier Management Protects T1053 Scheduled Task/Job
IA-4 Identifier Management Protects T1053.002 At (Windows)
IA-4 Identifier Management Protects T1053.005 Scheduled Task
IA-4 Identifier Management Protects T1110 Brute Force
IA-4 Identifier Management Protects T1110.001 Password Guessing
IA-4 Identifier Management Protects T1110.002 Password Cracking
IA-4 Identifier Management Protects T1110.003 Password Spraying
IA-4 Identifier Management Protects T1110.004 Credential Stuffing
IA-4 Identifier Management Protects T1213 Data from Information Repositories
IA-4 Identifier Management Protects T1213.001 Confluence
IA-4 Identifier Management Protects T1213.002 Sharepoint
IA-4 Identifier Management Protects T1528 Steal Application Access Token
IA-4 Identifier Management Protects T1530 Data from Cloud Storage Object
IA-4 Identifier Management Protects T1537 Transfer Data to Cloud Account
IA-4 Identifier Management Protects T1543 Create or Modify System Process
IA-4 Identifier Management Protects T1543.003 Windows Service
IA-4 Identifier Management Protects T1550.001 Application Access Token
IA-4 Identifier Management Protects T1552 Unsecured Credentials
IA-4 Identifier Management Protects T1552.005 Cloud Instance Metadata API
IA-4 Identifier Management Protects T1562 Impair Defenses
IA-4 Identifier Management Protects T1563 Remote Service Session Hijacking
IA-4 Identifier Management Protects T1578 Modify Cloud Compute Infrastructure
IA-4 Identifier Management Protects T1578.001 Create Snapshot
IA-4 Identifier Management Protects T1578.002 Create Cloud Instance
IA-4 Identifier Management Protects T1578.003 Delete Cloud Instance
IA-4 Identifier Management Protects T1602 Data from Configuration Repository
IA-4 Identifier Management Protects T1602.001 SNMP (MIB Dump)
IA-4 Identifier Management Protects T1602.002 Network Device Configuration Dump
IA-5 Authenticator Management Protects T1003 OS Credential Dumping
IA-5 Authenticator Management Protects T1003.001 LSASS Memory
IA-5 Authenticator Management Protects T1003.002 Security Account Manager
IA-5 Authenticator Management Protects T1003.003 NTDS
IA-5 Authenticator Management Protects T1003.004 LSA Secrets
IA-5 Authenticator Management Protects T1003.005 Cached Domain Credentials
IA-5 Authenticator Management Protects T1003.006 DCSync
IA-5 Authenticator Management Protects T1003.007 Proc Filesystem
IA-5 Authenticator Management Protects T1003.008 /etc/passwd and /etc/shadow
IA-5 Authenticator Management Protects T1021 Remote Services
IA-5 Authenticator Management Protects T1021.001 Remote Desktop Protocol
IA-5 Authenticator Management Protects T1021.004 SSH
IA-5 Authenticator Management Protects T1040 Network Sniffing
IA-5 Authenticator Management Protects T1072 Software Deployment Tools
IA-5 Authenticator Management Protects T1078 Valid Accounts
IA-5 Authenticator Management Protects T1078.002 Domain Accounts
IA-5 Authenticator Management Protects T1078.004 Cloud Accounts
IA-5 Authenticator Management Protects T1098.001 Additional Cloud Credentials
IA-5 Authenticator Management Protects T1098.002 Exchange Email Delegate Permissions
IA-5 Authenticator Management Protects T1098.003 Add Office 365 Global Administrator Role
IA-5 Authenticator Management Protects T1110 Brute Force
IA-5 Authenticator Management Protects T1110.001 Password Guessing
IA-5 Authenticator Management Protects T1110.002 Password Cracking
IA-5 Authenticator Management Protects T1110.003 Password Spraying
IA-5 Authenticator Management Protects T1110.004 Credential Stuffing
IA-5 Authenticator Management Protects T1111 Two-Factor Authentication Interception
IA-5 Authenticator Management Protects T1114 Email Collection
IA-5 Authenticator Management Protects T1114.002 Remote Email Collection
IA-5 Authenticator Management Protects T1133 External Remote Services
IA-5 Authenticator Management Protects T1136 Create Account
IA-5 Authenticator Management Protects T1136.001 Local Account
IA-5 Authenticator Management Protects T1136.002 Domain Account
IA-5 Authenticator Management Protects T1136.003 Cloud Account
IA-5 Authenticator Management Protects T1528 Steal Application Access Token
IA-5 Authenticator Management Protects T1530 Data from Cloud Storage Object
IA-5 Authenticator Management Protects T1539 Steal Web Session Cookie
IA-5 Authenticator Management Protects T1550.003 Pass the Ticket
IA-5 Authenticator Management Protects T1552 Unsecured Credentials
IA-5 Authenticator Management Protects T1552.001 Credentials In Files
IA-5 Authenticator Management Protects T1552.002 Credentials in Registry
IA-5 Authenticator Management Protects T1552.004 Private Keys
IA-5 Authenticator Management Protects T1552.006 Group Policy Preferences
IA-5 Authenticator Management Protects T1555 Credentials from Password Stores
IA-5 Authenticator Management Protects T1555.001 Keychain
IA-5 Authenticator Management Protects T1555.002 Securityd Memory
IA-5 Authenticator Management Protects T1555.004 Windows Credential Manager
IA-5 Authenticator Management Protects T1555.005 Password Managers
IA-5 Authenticator Management Protects T1556 Modify Authentication Process
IA-5 Authenticator Management Protects T1556.001 Domain Controller Authentication
IA-5 Authenticator Management Protects T1556.003 Pluggable Authentication Modules
IA-5 Authenticator Management Protects T1556.004 Network Device Authentication
IA-5 Authenticator Management Protects T1558 Steal or Forge Kerberos Tickets
IA-5 Authenticator Management Protects T1558.001 Golden Ticket
IA-5 Authenticator Management Protects T1558.002 Silver Ticket
IA-5 Authenticator Management Protects T1558.003 Kerberoasting
IA-5 Authenticator Management Protects T1558.004 AS-REP Roasting
IA-5 Authenticator Management Protects T1563.001 SSH Hijacking
IA-5 Authenticator Management Protects T1599 Network Boundary Bridging
IA-5 Authenticator Management Protects T1599.001 Network Address Translation Traversal
IA-5 Authenticator Management Protects T1601 Modify System Image
IA-5 Authenticator Management Protects T1601.001 Patch System Image
IA-5 Authenticator Management Protects T1601.002 Downgrade System Image
IA-6 Authentication Feedback Protects T1021.001 Remote Desktop Protocol
IA-6 Authentication Feedback Protects T1021.005 VNC
IA-6 Authentication Feedback Protects T1530 Data from Cloud Storage Object
IA-6 Authentication Feedback Protects T1563 Remote Service Session Hijacking
IA-6 Authentication Feedback Protects T1578 Modify Cloud Compute Infrastructure
IA-6 Authentication Feedback Protects T1578.001 Create Snapshot
IA-6 Authentication Feedback Protects T1578.002 Create Cloud Instance
IA-6 Authentication Feedback Protects T1578.003 Delete Cloud Instance
IA-7 Cryptographic Module Authentication Protects T1195.003 Compromise Hardware Supply Chain
IA-7 Cryptographic Module Authentication Protects T1495 Firmware Corruption
IA-7 Cryptographic Module Authentication Protects T1542 Pre-OS Boot
IA-7 Cryptographic Module Authentication Protects T1542.001 System Firmware
IA-7 Cryptographic Module Authentication Protects T1542.003 Bootkit
IA-7 Cryptographic Module Authentication Protects T1542.004 ROMMONkit
IA-7 Cryptographic Module Authentication Protects T1542.005 TFTP Boot
IA-7 Cryptographic Module Authentication Protects T1553 Subvert Trust Controls
IA-7 Cryptographic Module Authentication Protects T1553.006 Code Signing Policy Modification
IA-7 Cryptographic Module Authentication Protects T1601 Modify System Image
IA-7 Cryptographic Module Authentication Protects T1601.001 Patch System Image
IA-7 Cryptographic Module Authentication Protects T1601.002 Downgrade System Image
IA-8 Identification and Authentication (non-organizational Users) Protects T1053 Scheduled Task/Job
IA-8 Identification and Authentication (non-organizational Users) Protects T1053.007 Container Orchestration Job
IA-8 Identification and Authentication (non-organizational Users) Protects T1059 Command and Scripting Interpreter
IA-8 Identification and Authentication (non-organizational Users) Protects T1059.001 PowerShell
IA-8 Identification and Authentication (non-organizational Users) Protects T1059.008 Network Device CLI
IA-8 Identification and Authentication (non-organizational Users) Protects T1087.004 Cloud Account
IA-8 Identification and Authentication (non-organizational Users) Protects T1190 Exploit Public-Facing Application
IA-8 Identification and Authentication (non-organizational Users) Protects T1210 Exploitation of Remote Services
IA-8 Identification and Authentication (non-organizational Users) Protects T1213 Data from Information Repositories
IA-8 Identification and Authentication (non-organizational Users) Protects T1213.001 Confluence
IA-8 Identification and Authentication (non-organizational Users) Protects T1213.002 Sharepoint
IA-8 Identification and Authentication (non-organizational Users) Protects T1528 Steal Application Access Token
IA-8 Identification and Authentication (non-organizational Users) Protects T1530 Data from Cloud Storage Object
IA-8 Identification and Authentication (non-organizational Users) Protects T1537 Transfer Data to Cloud Account
IA-8 Identification and Authentication (non-organizational Users) Protects T1538 Cloud Service Dashboard
IA-8 Identification and Authentication (non-organizational Users) Protects T1542 Pre-OS Boot
IA-8 Identification and Authentication (non-organizational Users) Protects T1542.001 System Firmware
IA-8 Identification and Authentication (non-organizational Users) Protects T1542.003 Bootkit
IA-8 Identification and Authentication (non-organizational Users) Protects T1542.005 TFTP Boot
IA-9 Service Identification and Authentication Protects T1036 Masquerading
IA-9 Service Identification and Authentication Protects T1036.001 Invalid Code Signature
IA-9 Service Identification and Authentication Protects T1036.005 Match Legitimate Name or Location
IA-9 Service Identification and Authentication Protects T1059 Command and Scripting Interpreter
IA-9 Service Identification and Authentication Protects T1059.001 PowerShell
IA-9 Service Identification and Authentication Protects T1059.002 AppleScript
IA-9 Service Identification and Authentication Protects T1505 Server Software Component
IA-9 Service Identification and Authentication Protects T1505.001 SQL Stored Procedures
IA-9 Service Identification and Authentication Protects T1505.002 Transport Agent
IA-9 Service Identification and Authentication Protects T1525 Implant Internal Image
IA-9 Service Identification and Authentication Protects T1546 Event Triggered Execution
IA-9 Service Identification and Authentication Protects T1546.006 LC_LOAD_DYLIB Addition
IA-9 Service Identification and Authentication Protects T1546.013 PowerShell Profile
IA-9 Service Identification and Authentication Protects T1553 Subvert Trust Controls
IA-9 Service Identification and Authentication Protects T1553.004 Install Root Certificate
IA-9 Service Identification and Authentication Protects T1554 Compromise Client Software Binary
IA-9 Service Identification and Authentication Protects T1566 Phishing
IA-9 Service Identification and Authentication Protects T1566.001 Spearphishing Attachment
IA-9 Service Identification and Authentication Protects T1566.002 Spearphishing Link
IA-9 Service Identification and Authentication Protects T1598 Phishing for Information
IA-9 Service Identification and Authentication Protects T1598.002 Spearphishing Attachment
IA-9 Service Identification and Authentication Protects T1598.003 Spearphishing Link
MP-7 Media Use Protects T1052 Exfiltration Over Physical Medium
MP-7 Media Use Protects T1052.001 Exfiltration over USB
MP-7 Media Use Protects T1091 Replication Through Removable Media
MP-7 Media Use Protects T1092 Communication Through Removable Media
MP-7 Media Use Protects T1200 Hardware Additions
PL-8 Security and Privacy Architectures Protects T1078 Valid Accounts
RA-10 Threat Hunting Protects T1068 Exploitation for Privilege Escalation
RA-10 Threat Hunting Protects T1190 Exploit Public-Facing Application
RA-10 Threat Hunting Protects T1195 Supply Chain Compromise
RA-10 Threat Hunting Protects T1195.001 Compromise Software Dependencies and Development Tools
RA-10 Threat Hunting Protects T1195.002 Compromise Software Supply Chain
RA-10 Threat Hunting Protects T1210 Exploitation of Remote Services
RA-10 Threat Hunting Protects T1211 Exploitation for Defense Evasion
RA-10 Threat Hunting Protects T1212 Exploitation for Credential Access
RA-5 Vulnerability Monitoring and Scanning Protects T1011.001 Exfiltration Over Bluetooth
RA-5 Vulnerability Monitoring and Scanning Protects T1021.001 Remote Desktop Protocol
RA-5 Vulnerability Monitoring and Scanning Protects T1021.003 Distributed Component Object Model
RA-5 Vulnerability Monitoring and Scanning Protects T1021.004 SSH
RA-5 Vulnerability Monitoring and Scanning Protects T1021.005 VNC
RA-5 Vulnerability Monitoring and Scanning Protects T1021.006 Windows Remote Management
RA-5 Vulnerability Monitoring and Scanning Protects T1046 Network Service Scanning
RA-5 Vulnerability Monitoring and Scanning Protects T1052 Exfiltration Over Physical Medium
RA-5 Vulnerability Monitoring and Scanning Protects T1052.001 Exfiltration over USB
RA-5 Vulnerability Monitoring and Scanning Protects T1053 Scheduled Task/Job
RA-5 Vulnerability Monitoring and Scanning Protects T1053.001 At (Linux)
RA-5 Vulnerability Monitoring and Scanning Protects T1053.002 At (Windows)
RA-5 Vulnerability Monitoring and Scanning Protects T1053.003 Cron
RA-5 Vulnerability Monitoring and Scanning Protects T1053.004 Launchd
RA-5 Vulnerability Monitoring and Scanning Protects T1053.005 Scheduled Task
RA-5 Vulnerability Monitoring and Scanning Protects T1059 Command and Scripting Interpreter
RA-5 Vulnerability Monitoring and Scanning Protects T1059.001 PowerShell
RA-5 Vulnerability Monitoring and Scanning Protects T1059.005 Visual Basic
RA-5 Vulnerability Monitoring and Scanning Protects T1059.007 JavaScript
RA-5 Vulnerability Monitoring and Scanning Protects T1068 Exploitation for Privilege Escalation
RA-5 Vulnerability Monitoring and Scanning Protects T1078 Valid Accounts
RA-5 Vulnerability Monitoring and Scanning Protects T1091 Replication Through Removable Media
RA-5 Vulnerability Monitoring and Scanning Protects T1092 Communication Through Removable Media
RA-5 Vulnerability Monitoring and Scanning Protects T1098.004 SSH Authorized Keys
RA-5 Vulnerability Monitoring and Scanning Protects T1127 Trusted Developer Utilities Proxy Execution
RA-5 Vulnerability Monitoring and Scanning Protects T1127.001 MSBuild
RA-5 Vulnerability Monitoring and Scanning Protects T1133 External Remote Services
RA-5 Vulnerability Monitoring and Scanning Protects T1137 Office Application Startup
RA-5 Vulnerability Monitoring and Scanning Protects T1137.001 Office Template Macros
RA-5 Vulnerability Monitoring and Scanning Protects T1176 Browser Extensions
RA-5 Vulnerability Monitoring and Scanning Protects T1190 Exploit Public-Facing Application
RA-5 Vulnerability Monitoring and Scanning Protects T1195 Supply Chain Compromise
RA-5 Vulnerability Monitoring and Scanning Protects T1195.001 Compromise Software Dependencies and Development Tools
RA-5 Vulnerability Monitoring and Scanning Protects T1195.002 Compromise Software Supply Chain
RA-5 Vulnerability Monitoring and Scanning Protects T1204.003 Malicious Image
RA-5 Vulnerability Monitoring and Scanning Protects T1210 Exploitation of Remote Services
RA-5 Vulnerability Monitoring and Scanning Protects T1211 Exploitation for Defense Evasion
RA-5 Vulnerability Monitoring and Scanning Protects T1212 Exploitation for Credential Access
RA-5 Vulnerability Monitoring and Scanning Protects T1213 Data from Information Repositories
RA-5 Vulnerability Monitoring and Scanning Protects T1213.001 Confluence
RA-5 Vulnerability Monitoring and Scanning Protects T1213.002 Sharepoint
RA-5 Vulnerability Monitoring and Scanning Protects T1218 Signed Binary Proxy Execution
RA-5 Vulnerability Monitoring and Scanning Protects T1218.003 CMSTP
RA-5 Vulnerability Monitoring and Scanning Protects T1218.004 InstallUtil
RA-5 Vulnerability Monitoring and Scanning Protects T1218.005 Mshta
RA-5 Vulnerability Monitoring and Scanning Protects T1218.008 Odbcconf
RA-5 Vulnerability Monitoring and Scanning Protects T1218.009 Regsvcs/Regasm
RA-5 Vulnerability Monitoring and Scanning Protects T1218.012 Verclsid
RA-5 Vulnerability Monitoring and Scanning Protects T1221 Template Injection
RA-5 Vulnerability Monitoring and Scanning Protects T1482 Domain Trust Discovery
RA-5 Vulnerability Monitoring and Scanning Protects T1484 Domain Policy Modification
RA-5 Vulnerability Monitoring and Scanning Protects T1505 Server Software Component
RA-5 Vulnerability Monitoring and Scanning Protects T1505.001 SQL Stored Procedures
RA-5 Vulnerability Monitoring and Scanning Protects T1505.002 Transport Agent
RA-5 Vulnerability Monitoring and Scanning Protects T1525 Implant Internal Image
RA-5 Vulnerability Monitoring and Scanning Protects T1528 Steal Application Access Token
RA-5 Vulnerability Monitoring and Scanning Protects T1530 Data from Cloud Storage Object
RA-5 Vulnerability Monitoring and Scanning Protects T1542.004 ROMMONkit
RA-5 Vulnerability Monitoring and Scanning Protects T1542.005 TFTP Boot
RA-5 Vulnerability Monitoring and Scanning Protects T1543 Create or Modify System Process
RA-5 Vulnerability Monitoring and Scanning Protects T1543.003 Windows Service
RA-5 Vulnerability Monitoring and Scanning Protects T1546.002 Screensaver
RA-5 Vulnerability Monitoring and Scanning Protects T1546.014 Emond
RA-5 Vulnerability Monitoring and Scanning Protects T1547.007 Re-opened Applications
RA-5 Vulnerability Monitoring and Scanning Protects T1547.008 LSASS Driver
RA-5 Vulnerability Monitoring and Scanning Protects T1548 Abuse Elevation Control Mechanism
RA-5 Vulnerability Monitoring and Scanning Protects T1548.002 Bypass User Account Control
RA-5 Vulnerability Monitoring and Scanning Protects T1548.003 Sudo and Sudo Caching
RA-5 Vulnerability Monitoring and Scanning Protects T1552 Unsecured Credentials
RA-5 Vulnerability Monitoring and Scanning Protects T1552.001 Credentials In Files
RA-5 Vulnerability Monitoring and Scanning Protects T1552.002 Credentials in Registry
RA-5 Vulnerability Monitoring and Scanning Protects T1552.004 Private Keys
RA-5 Vulnerability Monitoring and Scanning Protects T1552.006 Group Policy Preferences
RA-5 Vulnerability Monitoring and Scanning Protects T1557 Man-in-the-Middle
RA-5 Vulnerability Monitoring and Scanning Protects T1558.004 AS-REP Roasting
RA-5 Vulnerability Monitoring and Scanning Protects T1559 Inter-Process Communication
RA-5 Vulnerability Monitoring and Scanning Protects T1559.002 Dynamic Data Exchange
RA-5 Vulnerability Monitoring and Scanning Protects T1560 Archive Collected Data
RA-5 Vulnerability Monitoring and Scanning Protects T1560.001 Archive via Utility
RA-5 Vulnerability Monitoring and Scanning Protects T1562 Impair Defenses
RA-5 Vulnerability Monitoring and Scanning Protects T1563 Remote Service Session Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1563.001 SSH Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1563.002 RDP Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574 Hijack Execution Flow
RA-5 Vulnerability Monitoring and Scanning Protects T1574.001 DLL Search Order Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574.004 Dylib Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574.005 Executable Installer File Permissions Weakness
RA-5 Vulnerability Monitoring and Scanning Protects T1574.007 Path Interception by PATH Environment Variable
RA-5 Vulnerability Monitoring and Scanning Protects T1574.008 Path Interception by Search Order Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574.009 Path Interception by Unquoted Path
RA-5 Vulnerability Monitoring and Scanning Protects T1574.010 Services File Permissions Weakness
RA-5 Vulnerability Monitoring and Scanning Protects T1578 Modify Cloud Compute Infrastructure
RA-5 Vulnerability Monitoring and Scanning Protects T1578.001 Create Snapshot
RA-5 Vulnerability Monitoring and Scanning Protects T1578.002 Create Cloud Instance
RA-5 Vulnerability Monitoring and Scanning Protects T1578.003 Delete Cloud Instance
RA-5 Vulnerability Monitoring and Scanning Protects T1612 Build Image on Host
RA-9 Criticality Analysis Protects T1195.003 Compromise Hardware Supply Chain
RA-9 Criticality Analysis Protects T1495 Firmware Corruption
RA-9 Criticality Analysis Protects T1542 Pre-OS Boot
RA-9 Criticality Analysis Protects T1542.001 System Firmware
RA-9 Criticality Analysis Protects T1542.003 Bootkit
RA-9 Criticality Analysis Protects T1542.004 ROMMONkit
RA-9 Criticality Analysis Protects T1542.005 TFTP Boot
RA-9 Criticality Analysis Protects T1553 Subvert Trust Controls
RA-9 Criticality Analysis Protects T1553.006 Code Signing Policy Modification
RA-9 Criticality Analysis Protects T1601 Modify System Image
RA-9 Criticality Analysis Protects T1601.001 Patch System Image
RA-9 Criticality Analysis Protects T1601.002 Downgrade System Image
SA-10 Developer Configuration Management Protects T1078 Valid Accounts
SA-10 Developer Configuration Management Protects T1078.001 Default Accounts
SA-10 Developer Configuration Management Protects T1078.003 Local Accounts
SA-10 Developer Configuration Management Protects T1078.004 Cloud Accounts
SA-10 Developer Configuration Management Protects T1195.003 Compromise Hardware Supply Chain
SA-10 Developer Configuration Management Protects T1495 Firmware Corruption
SA-10 Developer Configuration Management Protects T1505 Server Software Component
SA-10 Developer Configuration Management Protects T1505.001 SQL Stored Procedures
SA-10 Developer Configuration Management Protects T1505.002 Transport Agent
SA-10 Developer Configuration Management Protects T1542 Pre-OS Boot
SA-10 Developer Configuration Management Protects T1542.001 System Firmware
SA-10 Developer Configuration Management Protects T1542.003 Bootkit
SA-10 Developer Configuration Management Protects T1542.004 ROMMONkit
SA-10 Developer Configuration Management Protects T1542.005 TFTP Boot
SA-10 Developer Configuration Management Protects T1553 Subvert Trust Controls
SA-10 Developer Configuration Management Protects T1553.006 Code Signing Policy Modification
SA-10 Developer Configuration Management Protects T1574.002 DLL Side-Loading
SA-10 Developer Configuration Management Protects T1601 Modify System Image
SA-10 Developer Configuration Management Protects T1601.001 Patch System Image
SA-10 Developer Configuration Management Protects T1601.002 Downgrade System Image
SA-11 Developer Testing and Evaluation Protects T1078 Valid Accounts
SA-11 Developer Testing and Evaluation Protects T1078.001 Default Accounts
SA-11 Developer Testing and Evaluation Protects T1078.003 Local Accounts
SA-11 Developer Testing and Evaluation Protects T1078.004 Cloud Accounts
SA-11 Developer Testing and Evaluation Protects T1134.005 SID-History Injection
SA-11 Developer Testing and Evaluation Protects T1195.003 Compromise Hardware Supply Chain
SA-11 Developer Testing and Evaluation Protects T1495 Firmware Corruption
SA-11 Developer Testing and Evaluation Protects T1505 Server Software Component
SA-11 Developer Testing and Evaluation Protects T1505.001 SQL Stored Procedures
SA-11 Developer Testing and Evaluation Protects T1505.002 Transport Agent
SA-11 Developer Testing and Evaluation Protects T1528 Steal Application Access Token
SA-11 Developer Testing and Evaluation Protects T1542 Pre-OS Boot
SA-11 Developer Testing and Evaluation Protects T1542.001 System Firmware
SA-11 Developer Testing and Evaluation Protects T1542.003 Bootkit
SA-11 Developer Testing and Evaluation Protects T1542.004 ROMMONkit
SA-11 Developer Testing and Evaluation Protects T1542.005 TFTP Boot
SA-11 Developer Testing and Evaluation Protects T1552 Unsecured Credentials
SA-11 Developer Testing and Evaluation Protects T1552.001 Credentials In Files
SA-11 Developer Testing and Evaluation Protects T1552.002 Credentials in Registry
SA-11 Developer Testing and Evaluation Protects T1552.004 Private Keys
SA-11 Developer Testing and Evaluation Protects T1552.006 Group Policy Preferences
SA-11 Developer Testing and Evaluation Protects T1553 Subvert Trust Controls
SA-11 Developer Testing and Evaluation Protects T1553.006 Code Signing Policy Modification
SA-11 Developer Testing and Evaluation Protects T1558.004 AS-REP Roasting
SA-11 Developer Testing and Evaluation Protects T1574.002 DLL Side-Loading
SA-11 Developer Testing and Evaluation Protects T1601 Modify System Image
SA-11 Developer Testing and Evaluation Protects T1601.001 Patch System Image
SA-11 Developer Testing and Evaluation Protects T1601.002 Downgrade System Image
SA-11 Developer Testing and Evaluation Protects T1612 Build Image on Host
SA-12 Supply Chain Protection Protects T1078 Valid Accounts
SA-15 Development Process, Standards, and Tools Protects T1078 Valid Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.001 Default Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.003 Local Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.004 Cloud Accounts
SA-15 Development Process, Standards, and Tools Protects T1528 Steal Application Access Token
SA-15 Development Process, Standards, and Tools Protects T1552 Unsecured Credentials
SA-15 Development Process, Standards, and Tools Protects T1552.001 Credentials In Files
SA-15 Development Process, Standards, and Tools Protects T1552.002 Credentials in Registry
SA-15 Development Process, Standards, and Tools Protects T1552.004 Private Keys
SA-15 Development Process, Standards, and Tools Protects T1552.006 Group Policy Preferences
SA-15 Development Process, Standards, and Tools Protects T1558.004 AS-REP Roasting
SA-15 Development Process, Standards, and Tools Protects T1574.002 DLL Side-Loading
SA-16 Developer-provided Training Protects T1078 Valid Accounts
SA-16 Developer-provided Training Protects T1078.001 Default Accounts
SA-16 Developer-provided Training Protects T1078.003 Local Accounts
SA-16 Developer-provided Training Protects T1078.004 Cloud Accounts
SA-16 Developer-provided Training Protects T1574.002 DLL Side-Loading
SA-17 Developer Security and Privacy Architecture and Design Protects T1078 Valid Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.001 Default Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.003 Local Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.004 Cloud Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1134.005 SID-History Injection
SA-17 Developer Security and Privacy Architecture and Design Protects T1482 Domain Trust Discovery
SA-17 Developer Security and Privacy Architecture and Design Protects T1574.002 DLL Side-Loading
SA-22 Unsupported System Components Protects T1189 Drive-by Compromise
SA-22 Unsupported System Components Protects T1195 Supply Chain Compromise
SA-22 Unsupported System Components Protects T1195.001 Compromise Software Dependencies and Development Tools
SA-22 Unsupported System Components Protects T1195.002 Compromise Software Supply Chain
SA-22 Unsupported System Components Protects T1543 Create or Modify System Process
SA-22 Unsupported System Components Protects T1543.002 Systemd Service
SA-3 System Development Life Cycle Protects T1078 Valid Accounts
SA-3 System Development Life Cycle Protects T1078.001 Default Accounts
SA-3 System Development Life Cycle Protects T1078.003 Local Accounts
SA-3 System Development Life Cycle Protects T1078.004 Cloud Accounts
SA-3 System Development Life Cycle Protects T1574.002 DLL Side-Loading
SA-4 Acquisition Process Protects T1078 Valid Accounts
SA-4 Acquisition Process Protects T1078.001 Default Accounts
SA-4 Acquisition Process Protects T1078.003 Local Accounts
SA-4 Acquisition Process Protects T1078.004 Cloud Accounts
SA-4 Acquisition Process Protects T1134.005 SID-History Injection
SA-4 Acquisition Process Protects T1574.002 DLL Side-Loading
SA-8 Security and Privacy Engineering Principles Protects T1078 Valid Accounts
SA-8 Security and Privacy Engineering Principles Protects T1078.001 Default Accounts
SA-8 Security and Privacy Engineering Principles Protects T1078.003 Local Accounts
SA-8 Security and Privacy Engineering Principles Protects T1078.004 Cloud Accounts
SA-8 Security and Privacy Engineering Principles Protects T1134.005 SID-History Injection
SA-8 Security and Privacy Engineering Principles Protects T1190 Exploit Public-Facing Application
SA-8 Security and Privacy Engineering Principles Protects T1482 Domain Trust Discovery
SA-8 Security and Privacy Engineering Principles Protects T1574.002 DLL Side-Loading
SC-10 Network Disconnect Protects T1071 Application Layer Protocol
SC-10 Network Disconnect Protects T1071.001 Web Protocols
SC-10 Network Disconnect Protects T1071.002 File Transfer Protocols
SC-10 Network Disconnect Protects T1071.003 Mail Protocols
SC-10 Network Disconnect Protects T1071.004 DNS
SC-12 Cryptographic Key Establishment and Management Protects T1072 Software Deployment Tools
SC-12 Cryptographic Key Establishment and Management Protects T1098.004 SSH Authorized Keys
SC-12 Cryptographic Key Establishment and Management Protects T1552 Unsecured Credentials
SC-12 Cryptographic Key Establishment and Management Protects T1552.001 Credentials In Files
SC-12 Cryptographic Key Establishment and Management Protects T1552.002 Credentials in Registry
SC-12 Cryptographic Key Establishment and Management Protects T1552.004 Private Keys
SC-12 Cryptographic Key Establishment and Management Protects T1563.001 SSH Hijacking
SC-12 Cryptographic Key Establishment and Management Protects T1573 Encrypted Channel
SC-12 Cryptographic Key Establishment and Management Protects T1573.001 Symmetric Cryptography
SC-12 Cryptographic Key Establishment and Management Protects T1573.002 Asymmetric Cryptography
SC-16 Transmission of Security and Privacy Attributes Protects T1573 Encrypted Channel
SC-16 Transmission of Security and Privacy Attributes Protects T1573.001 Symmetric Cryptography
SC-16 Transmission of Security and Privacy Attributes Protects T1573.002 Asymmetric Cryptography
SC-17 Public Key Infrastructure Certificates Protects T1072 Software Deployment Tools
SC-18 Mobile Code Protects T1021.003 Distributed Component Object Model
SC-18 Mobile Code Protects T1055 Process Injection
SC-18 Mobile Code Protects T1055.001 Dynamic-link Library Injection
SC-18 Mobile Code Protects T1055.002 Portable Executable Injection
SC-18 Mobile Code Protects T1055.003 Thread Execution Hijacking
SC-18 Mobile Code Protects T1055.004 Asynchronous Procedure Call
SC-18 Mobile Code Protects T1055.005 Thread Local Storage
SC-18 Mobile Code Protects T1055.008 Ptrace System Calls
SC-18 Mobile Code Protects T1055.009 Proc Memory
SC-18 Mobile Code Protects T1055.011 Extra Window Memory Injection
SC-18 Mobile Code Protects T1055.012 Process Hollowing
SC-18 Mobile Code Protects T1055.013 Process Doppelgänging
SC-18 Mobile Code Protects T1055.014 VDSO Hijacking
SC-18 Mobile Code Protects T1059 Command and Scripting Interpreter
SC-18 Mobile Code Protects T1059.005 Visual Basic
SC-18 Mobile Code Protects T1059.007 JavaScript
SC-18 Mobile Code Protects T1068 Exploitation for Privilege Escalation
SC-18 Mobile Code Protects T1189 Drive-by Compromise
SC-18 Mobile Code Protects T1190 Exploit Public-Facing Application
SC-18 Mobile Code Protects T1203 Exploitation for Client Execution
SC-18 Mobile Code Protects T1210 Exploitation of Remote Services
SC-18 Mobile Code Protects T1211 Exploitation for Defense Evasion
SC-18 Mobile Code Protects T1212 Exploitation for Credential Access
SC-18 Mobile Code Protects T1218.001 Compiled HTML File
SC-18 Mobile Code Protects T1548 Abuse Elevation Control Mechanism
SC-18 Mobile Code Protects T1548.004 Elevated Execution with Prompt
SC-18 Mobile Code Protects T1559 Inter-Process Communication
SC-18 Mobile Code Protects T1559.001 Component Object Model
SC-18 Mobile Code Protects T1559.002 Dynamic Data Exchange
SC-18 Mobile Code Protects T1611 Escape to Host
SC-2 Separation of System and User Functionality Protects T1068 Exploitation for Privilege Escalation
SC-2 Separation of System and User Functionality Protects T1189 Drive-by Compromise
SC-2 Separation of System and User Functionality Protects T1190 Exploit Public-Facing Application
SC-2 Separation of System and User Functionality Protects T1203 Exploitation for Client Execution
SC-2 Separation of System and User Functionality Protects T1210 Exploitation of Remote Services
SC-2 Separation of System and User Functionality Protects T1211 Exploitation for Defense Evasion
SC-2 Separation of System and User Functionality Protects T1212 Exploitation for Credential Access
SC-2 Separation of System and User Functionality Protects T1611 Escape to Host
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071 Application Layer Protocol
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.001 Web Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.002 File Transfer Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.003 Mail Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.004 DNS
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1553.004 Install Root Certificate
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566 Phishing
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566.001 Spearphishing Attachment
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566.002 Spearphishing Link
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1568 Dynamic Resolution
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1568.002 Domain Generation Algorithms
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598 Phishing for Information
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598.002 Spearphishing Attachment
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598.003 Spearphishing Link
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071 Application Layer Protocol
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.001 Web Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.002 File Transfer Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.003 Mail Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.004 DNS
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1568 Dynamic Resolution
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1568.002 Domain Generation Algorithms
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071 Application Layer Protocol
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.001 Web Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.002 File Transfer Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.003 Mail Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.004 DNS
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1568 Dynamic Resolution
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1568.002 Domain Generation Algorithms
SC-23 Session Authenticity Protects T1071 Application Layer Protocol
SC-23 Session Authenticity Protects T1071.001 Web Protocols
SC-23 Session Authenticity Protects T1071.002 File Transfer Protocols
SC-23 Session Authenticity Protects T1071.003 Mail Protocols
SC-23 Session Authenticity Protects T1071.004 DNS
SC-23 Session Authenticity Protects T1535 Unused/Unsupported Cloud Regions
SC-23 Session Authenticity Protects T1550.004 Web Session Cookie
SC-23 Session Authenticity Protects T1557 Man-in-the-Middle
SC-23 Session Authenticity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-23 Session Authenticity Protects T1557.002 ARP Cache Poisoning
SC-23 Session Authenticity Protects T1563.001 SSH Hijacking
SC-23 Session Authenticity Protects T1573 Encrypted Channel
SC-23 Session Authenticity Protects T1573.001 Symmetric Cryptography
SC-23 Session Authenticity Protects T1573.002 Asymmetric Cryptography
SC-26 Decoys Protects T1068 Exploitation for Privilege Escalation
SC-26 Decoys Protects T1210 Exploitation of Remote Services
SC-26 Decoys Protects T1211 Exploitation for Defense Evasion
SC-26 Decoys Protects T1212 Exploitation for Credential Access
SC-28 Protection of Information at Rest Protects T1003 OS Credential Dumping
SC-28 Protection of Information at Rest Protects T1003.001 LSASS Memory
SC-28 Protection of Information at Rest Protects T1003.002 Security Account Manager
SC-28 Protection of Information at Rest Protects T1003.003 NTDS
SC-28 Protection of Information at Rest Protects T1003.004 LSA Secrets
SC-28 Protection of Information at Rest Protects T1003.005 Cached Domain Credentials
SC-28 Protection of Information at Rest Protects T1003.006 DCSync
SC-28 Protection of Information at Rest Protects T1003.007 Proc Filesystem
SC-28 Protection of Information at Rest Protects T1003.008 /etc/passwd and /etc/shadow
SC-28 Protection of Information at Rest Protects T1078 Valid Accounts
SC-28 Protection of Information at Rest Protects T1078.001 Default Accounts
SC-28 Protection of Information at Rest Protects T1078.003 Local Accounts
SC-28 Protection of Information at Rest Protects T1078.004 Cloud Accounts
SC-28 Protection of Information at Rest Protects T1213 Data from Information Repositories
SC-28 Protection of Information at Rest Protects T1213.001 Confluence
SC-28 Protection of Information at Rest Protects T1213.002 Sharepoint
SC-28 Protection of Information at Rest Protects T1530 Data from Cloud Storage Object
SC-28 Protection of Information at Rest Protects T1550.001 Application Access Token
SC-28 Protection of Information at Rest Protects T1552 Unsecured Credentials
SC-28 Protection of Information at Rest Protects T1552.001 Credentials In Files
SC-28 Protection of Information at Rest Protects T1552.002 Credentials in Registry
SC-28 Protection of Information at Rest Protects T1552.003 Bash History
SC-28 Protection of Information at Rest Protects T1552.004 Private Keys
SC-28 Protection of Information at Rest Protects T1565 Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.001 Stored Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.003 Runtime Data Manipulation
SC-28 Protection of Information at Rest Protects T1599 Network Boundary Bridging
SC-28 Protection of Information at Rest Protects T1599.001 Network Address Translation Traversal
SC-28 Protection of Information at Rest Protects T1602 Data from Configuration Repository
SC-28 Protection of Information at Rest Protects T1602.001 SNMP (MIB Dump)
SC-28 Protection of Information at Rest Protects T1602.002 Network Device Configuration Dump
SC-29 Heterogeneity Protects T1068 Exploitation for Privilege Escalation
SC-29 Heterogeneity Protects T1189 Drive-by Compromise
SC-29 Heterogeneity Protects T1190 Exploit Public-Facing Application
SC-29 Heterogeneity Protects T1203 Exploitation for Client Execution
SC-29 Heterogeneity Protects T1210 Exploitation of Remote Services
SC-29 Heterogeneity Protects T1211 Exploitation for Defense Evasion
SC-29 Heterogeneity Protects T1212 Exploitation for Credential Access
SC-3 Security Function Isolation Protects T1021.003 Distributed Component Object Model
SC-3 Security Function Isolation Protects T1068 Exploitation for Privilege Escalation
SC-3 Security Function Isolation Protects T1134.005 SID-History Injection
SC-3 Security Function Isolation Protects T1189 Drive-by Compromise
SC-3 Security Function Isolation Protects T1190 Exploit Public-Facing Application
SC-3 Security Function Isolation Protects T1203 Exploitation for Client Execution
SC-3 Security Function Isolation Protects T1210 Exploitation of Remote Services
SC-3 Security Function Isolation Protects T1211 Exploitation for Defense Evasion
SC-3 Security Function Isolation Protects T1212 Exploitation for Credential Access
SC-3 Security Function Isolation Protects T1559 Inter-Process Communication
SC-3 Security Function Isolation Protects T1559.001 Component Object Model
SC-3 Security Function Isolation Protects T1559.002 Dynamic Data Exchange
SC-3 Security Function Isolation Protects T1602 Data from Configuration Repository
SC-3 Security Function Isolation Protects T1602.001 SNMP (MIB Dump)
SC-3 Security Function Isolation Protects T1602.002 Network Device Configuration Dump
SC-3 Security Function Isolation Protects T1611 Escape to Host
SC-30 Concealment and Misdirection Protects T1068 Exploitation for Privilege Escalation
SC-30 Concealment and Misdirection Protects T1189 Drive-by Compromise
SC-30 Concealment and Misdirection Protects T1190 Exploit Public-Facing Application
SC-30 Concealment and Misdirection Protects T1203 Exploitation for Client Execution
SC-30 Concealment and Misdirection Protects T1210 Exploitation of Remote Services
SC-30 Concealment and Misdirection Protects T1211 Exploitation for Defense Evasion
SC-30 Concealment and Misdirection Protects T1212 Exploitation for Credential Access
SC-31 Covert Channel Analysis Protects T1071 Application Layer Protocol
SC-31 Covert Channel Analysis Protects T1071.001 Web Protocols
SC-31 Covert Channel Analysis Protects T1071.002 File Transfer Protocols
SC-31 Covert Channel Analysis Protects T1071.003 Mail Protocols
SC-31 Covert Channel Analysis Protects T1071.004 DNS
SC-34 Non-modifiable Executable Programs Protects T1195.003 Compromise Hardware Supply Chain
SC-34 Non-modifiable Executable Programs Protects T1542 Pre-OS Boot
SC-34 Non-modifiable Executable Programs Protects T1542.001 System Firmware
SC-34 Non-modifiable Executable Programs Protects T1542.003 Bootkit
SC-34 Non-modifiable Executable Programs Protects T1542.004 ROMMONkit
SC-34 Non-modifiable Executable Programs Protects T1542.005 TFTP Boot
SC-34 Non-modifiable Executable Programs Protects T1548 Abuse Elevation Control Mechanism
SC-34 Non-modifiable Executable Programs Protects T1548.004 Elevated Execution with Prompt
SC-34 Non-modifiable Executable Programs Protects T1553 Subvert Trust Controls
SC-34 Non-modifiable Executable Programs Protects T1553.006 Code Signing Policy Modification
SC-34 Non-modifiable Executable Programs Protects T1601 Modify System Image
SC-34 Non-modifiable Executable Programs Protects T1601.001 Patch System Image
SC-34 Non-modifiable Executable Programs Protects T1601.002 Downgrade System Image
SC-34 Non-modifiable Executable Programs Protects T1611 Escape to Host
SC-35 External Malicious Code Identification Protects T1068 Exploitation for Privilege Escalation
SC-35 External Malicious Code Identification Protects T1210 Exploitation of Remote Services
SC-35 External Malicious Code Identification Protects T1211 Exploitation for Defense Evasion
SC-35 External Malicious Code Identification Protects T1212 Exploitation for Credential Access
SC-36 Distributed Processing and Storage Protects T1070 Indicator Removal on Host
SC-36 Distributed Processing and Storage Protects T1070.001 Clear Windows Event Logs
SC-36 Distributed Processing and Storage Protects T1070.002 Clear Linux or Mac System Logs
SC-36 Distributed Processing and Storage Protects T1119 Automated Collection
SC-36 Distributed Processing and Storage Protects T1565 Data Manipulation
SC-36 Distributed Processing and Storage Protects T1565.001 Stored Data Manipulation
SC-37 Out-of-band Channels Protects T1071 Application Layer Protocol
SC-37 Out-of-band Channels Protects T1071.001 Web Protocols
SC-37 Out-of-band Channels Protects T1071.002 File Transfer Protocols
SC-37 Out-of-band Channels Protects T1071.003 Mail Protocols
SC-37 Out-of-band Channels Protects T1071.004 DNS
SC-39 Process Isolation Protects T1003 OS Credential Dumping
SC-39 Process Isolation Protects T1003.001 LSASS Memory
SC-39 Process Isolation Protects T1003.002 Security Account Manager
SC-39 Process Isolation Protects T1003.003 NTDS
SC-39 Process Isolation Protects T1003.004 LSA Secrets
SC-39 Process Isolation Protects T1003.005 Cached Domain Credentials
SC-39 Process Isolation Protects T1003.006 DCSync
SC-39 Process Isolation Protects T1003.007 Proc Filesystem
SC-39 Process Isolation Protects T1003.008 /etc/passwd and /etc/shadow
SC-39 Process Isolation Protects T1068 Exploitation for Privilege Escalation
SC-39 Process Isolation Protects T1189 Drive-by Compromise
SC-39 Process Isolation Protects T1190 Exploit Public-Facing Application
SC-39 Process Isolation Protects T1203 Exploitation for Client Execution
SC-39 Process Isolation Protects T1210 Exploitation of Remote Services
SC-39 Process Isolation Protects T1211 Exploitation for Defense Evasion
SC-39 Process Isolation Protects T1212 Exploitation for Credential Access
SC-39 Process Isolation Protects T1547.002 Authentication Package
SC-39 Process Isolation Protects T1547.005 Security Support Provider
SC-39 Process Isolation Protects T1547.008 LSASS Driver
SC-39 Process Isolation Protects T1556 Modify Authentication Process
SC-39 Process Isolation Protects T1556.001 Domain Controller Authentication
SC-39 Process Isolation Protects T1611 Escape to Host
SC-4 Information in Shared System Resources Protects T1020.001 Traffic Duplication
SC-4 Information in Shared System Resources Protects T1040 Network Sniffing
SC-4 Information in Shared System Resources Protects T1070 Indicator Removal on Host
SC-4 Information in Shared System Resources Protects T1070.001 Clear Windows Event Logs
SC-4 Information in Shared System Resources Protects T1070.002 Clear Linux or Mac System Logs
SC-4 Information in Shared System Resources Protects T1080 Taint Shared Content
SC-4 Information in Shared System Resources Protects T1119 Automated Collection
SC-4 Information in Shared System Resources Protects T1530 Data from Cloud Storage Object
SC-4 Information in Shared System Resources Protects T1552 Unsecured Credentials
SC-4 Information in Shared System Resources Protects T1552.001 Credentials In Files
SC-4 Information in Shared System Resources Protects T1552.002 Credentials in Registry
SC-4 Information in Shared System Resources Protects T1552.004 Private Keys
SC-4 Information in Shared System Resources Protects T1557 Man-in-the-Middle
SC-4 Information in Shared System Resources Protects T1557.002 ARP Cache Poisoning
SC-4 Information in Shared System Resources Protects T1558 Steal or Forge Kerberos Tickets
SC-4 Information in Shared System Resources Protects T1558.002 Silver Ticket
SC-4 Information in Shared System Resources Protects T1558.003 Kerberoasting
SC-4 Information in Shared System Resources Protects T1558.004 AS-REP Roasting
SC-4 Information in Shared System Resources Protects T1565 Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.001 Stored Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.002 Transmitted Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.003 Runtime Data Manipulation
SC-4 Information in Shared System Resources Protects T1602 Data from Configuration Repository
SC-4 Information in Shared System Resources Protects T1602.001 SNMP (MIB Dump)
SC-4 Information in Shared System Resources Protects T1602.002 Network Device Configuration Dump
SC-41 Port and I/O Device Access Protects T1052 Exfiltration Over Physical Medium
SC-41 Port and I/O Device Access Protects T1052.001 Exfiltration over USB
SC-41 Port and I/O Device Access Protects T1091 Replication Through Removable Media
SC-41 Port and I/O Device Access Protects T1200 Hardware Additions
SC-43 Usage Restrictions Protects T1613 Container and Resource Discovery
SC-44 Detonation Chambers Protects T1204 User Execution
SC-44 Detonation Chambers Protects T1204.001 Malicious Link
SC-44 Detonation Chambers Protects T1204.002 Malicious File
SC-44 Detonation Chambers Protects T1204.003 Malicious Image
SC-44 Detonation Chambers Protects T1221 Template Injection
SC-44 Detonation Chambers Protects T1566 Phishing
SC-44 Detonation Chambers Protects T1566.001 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1566.002 Spearphishing Link
SC-44 Detonation Chambers Protects T1566.003 Spearphishing via Service
SC-44 Detonation Chambers Protects T1598 Phishing for Information
SC-44 Detonation Chambers Protects T1598.001 Spearphishing Service
SC-44 Detonation Chambers Protects T1598.002 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1598.003 Spearphishing Link
SC-46 Cross Domain Policy Enforcement Protects T1021.001 Remote Desktop Protocol
SC-46 Cross Domain Policy Enforcement Protects T1021.003 Distributed Component Object Model
SC-46 Cross Domain Policy Enforcement Protects T1021.006 Windows Remote Management
SC-46 Cross Domain Policy Enforcement Protects T1046 Network Service Scanning
SC-46 Cross Domain Policy Enforcement Protects T1048 Exfiltration Over Alternative Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1072 Software Deployment Tools
SC-46 Cross Domain Policy Enforcement Protects T1098 Account Manipulation
SC-46 Cross Domain Policy Enforcement Protects T1098.001 Additional Cloud Credentials
SC-46 Cross Domain Policy Enforcement Protects T1133 External Remote Services
SC-46 Cross Domain Policy Enforcement Protects T1136 Create Account
SC-46 Cross Domain Policy Enforcement Protects T1136.002 Domain Account
SC-46 Cross Domain Policy Enforcement Protects T1136.003 Cloud Account
SC-46 Cross Domain Policy Enforcement Protects T1190 Exploit Public-Facing Application
SC-46 Cross Domain Policy Enforcement Protects T1199 Trusted Relationship
SC-46 Cross Domain Policy Enforcement Protects T1210 Exploitation of Remote Services
SC-46 Cross Domain Policy Enforcement Protects T1482 Domain Trust Discovery
SC-46 Cross Domain Policy Enforcement Protects T1489 Service Stop
SC-46 Cross Domain Policy Enforcement Protects T1552.007 Container API
SC-46 Cross Domain Policy Enforcement Protects T1557 Man-in-the-Middle
SC-46 Cross Domain Policy Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-46 Cross Domain Policy Enforcement Protects T1563 Remote Service Session Hijacking
SC-46 Cross Domain Policy Enforcement Protects T1563.002 RDP Hijacking
SC-46 Cross Domain Policy Enforcement Protects T1565 Data Manipulation
SC-46 Cross Domain Policy Enforcement Protects T1565.003 Runtime Data Manipulation
SC-7 Boundary Protection Protects T1001 Data Obfuscation
SC-7 Boundary Protection Protects T1001.001 Junk Data
SC-7 Boundary Protection Protects T1001.002 Steganography
SC-7 Boundary Protection Protects T1001.003 Protocol Impersonation
SC-7 Boundary Protection Protects T1008 Fallback Channels
SC-7 Boundary Protection Protects T1021.001 Remote Desktop Protocol
SC-7 Boundary Protection Protects T1021.002 SMB/Windows Admin Shares
SC-7 Boundary Protection Protects T1021.003 Distributed Component Object Model
SC-7 Boundary Protection Protects T1021.005 VNC
SC-7 Boundary Protection Protects T1021.006 Windows Remote Management
SC-7 Boundary Protection Protects T1029 Scheduled Transfer
SC-7 Boundary Protection Protects T1030 Data Transfer Size Limits
SC-7 Boundary Protection Protects T1041 Exfiltration Over C2 Channel
SC-7 Boundary Protection Protects T1046 Network Service Scanning
SC-7 Boundary Protection Protects T1048 Exfiltration Over Alternative Protocol
SC-7 Boundary Protection Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-7 Boundary Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-7 Boundary Protection Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-7 Boundary Protection Protects T1055 Process Injection
SC-7 Boundary Protection Protects T1055.001 Dynamic-link Library Injection
SC-7 Boundary Protection Protects T1055.002 Portable Executable Injection
SC-7 Boundary Protection Protects T1055.003 Thread Execution Hijacking
SC-7 Boundary Protection Protects T1055.004 Asynchronous Procedure Call
SC-7 Boundary Protection Protects T1055.005 Thread Local Storage
SC-7 Boundary Protection Protects T1055.008 Ptrace System Calls
SC-7 Boundary Protection Protects T1055.009 Proc Memory
SC-7 Boundary Protection Protects T1055.011 Extra Window Memory Injection
SC-7 Boundary Protection Protects T1055.012 Process Hollowing
SC-7 Boundary Protection Protects T1055.013 Process Doppelgänging
SC-7 Boundary Protection Protects T1055.014 VDSO Hijacking
SC-7 Boundary Protection Protects T1068 Exploitation for Privilege Escalation
SC-7 Boundary Protection Protects T1071 Application Layer Protocol
SC-7 Boundary Protection Protects T1071.001 Web Protocols
SC-7 Boundary Protection Protects T1071.002 File Transfer Protocols
SC-7 Boundary Protection Protects T1071.003 Mail Protocols
SC-7 Boundary Protection Protects T1071.004 DNS
SC-7 Boundary Protection Protects T1072 Software Deployment Tools
SC-7 Boundary Protection Protects T1080 Taint Shared Content
SC-7 Boundary Protection Protects T1090 Proxy
SC-7 Boundary Protection Protects T1090.001 Internal Proxy
SC-7 Boundary Protection Protects T1090.002 External Proxy
SC-7 Boundary Protection Protects T1090.003 Multi-hop Proxy
SC-7 Boundary Protection Protects T1095 Non-Application Layer Protocol
SC-7 Boundary Protection Protects T1098 Account Manipulation
SC-7 Boundary Protection Protects T1098.001 Additional Cloud Credentials
SC-7 Boundary Protection Protects T1102 Web Service
SC-7 Boundary Protection Protects T1102.001 Dead Drop Resolver
SC-7 Boundary Protection Protects T1102.002 Bidirectional Communication
SC-7 Boundary Protection Protects T1102.003 One-Way Communication
SC-7 Boundary Protection Protects T1104 Multi-Stage Channels
SC-7 Boundary Protection Protects T1105 Ingress Tool Transfer
SC-7 Boundary Protection Protects T1114 Email Collection
SC-7 Boundary Protection Protects T1114.003 Email Forwarding Rule
SC-7 Boundary Protection Protects T1132 Data Encoding
SC-7 Boundary Protection Protects T1132.001 Standard Encoding
SC-7 Boundary Protection Protects T1132.002 Non-Standard Encoding
SC-7 Boundary Protection Protects T1133 External Remote Services
SC-7 Boundary Protection Protects T1136 Create Account
SC-7 Boundary Protection Protects T1136.002 Domain Account
SC-7 Boundary Protection Protects T1136.003 Cloud Account
SC-7 Boundary Protection Protects T1176 Browser Extensions
SC-7 Boundary Protection Protects T1187 Forced Authentication
SC-7 Boundary Protection Protects T1189 Drive-by Compromise
SC-7 Boundary Protection Protects T1190 Exploit Public-Facing Application
SC-7 Boundary Protection Protects T1197 BITS Jobs
SC-7 Boundary Protection Protects T1199 Trusted Relationship
SC-7 Boundary Protection Protects T1203 Exploitation for Client Execution
SC-7 Boundary Protection Protects T1204 User Execution
SC-7 Boundary Protection Protects T1204.001 Malicious Link
SC-7 Boundary Protection Protects T1204.002 Malicious File
SC-7 Boundary Protection Protects T1204.003 Malicious Image
SC-7 Boundary Protection Protects T1205 Traffic Signaling
SC-7 Boundary Protection Protects T1205.001 Port Knocking
SC-7 Boundary Protection Protects T1210 Exploitation of Remote Services
SC-7 Boundary Protection Protects T1211 Exploitation for Defense Evasion
SC-7 Boundary Protection Protects T1212 Exploitation for Credential Access
SC-7 Boundary Protection Protects T1218.012 Verclsid
SC-7 Boundary Protection Protects T1219 Remote Access Software
SC-7 Boundary Protection Protects T1221 Template Injection
SC-7 Boundary Protection Protects T1482 Domain Trust Discovery
SC-7 Boundary Protection Protects T1489 Service Stop
SC-7 Boundary Protection Protects T1498 Network Denial of Service
SC-7 Boundary Protection Protects T1498.001 Direct Network Flood
SC-7 Boundary Protection Protects T1498.002 Reflection Amplification
SC-7 Boundary Protection Protects T1499 Endpoint Denial of Service
SC-7 Boundary Protection Protects T1499.001 OS Exhaustion Flood
SC-7 Boundary Protection Protects T1499.002 Service Exhaustion Flood
SC-7 Boundary Protection Protects T1499.003 Application Exhaustion Flood
SC-7 Boundary Protection Protects T1499.004 Application or System Exploitation
SC-7 Boundary Protection Protects T1530 Data from Cloud Storage Object
SC-7 Boundary Protection Protects T1537 Transfer Data to Cloud Account
SC-7 Boundary Protection Protects T1542 Pre-OS Boot
SC-7 Boundary Protection Protects T1542.004 ROMMONkit
SC-7 Boundary Protection Protects T1542.005 TFTP Boot
SC-7 Boundary Protection Protects T1552 Unsecured Credentials
SC-7 Boundary Protection Protects T1552.001 Credentials In Files
SC-7 Boundary Protection Protects T1552.004 Private Keys
SC-7 Boundary Protection Protects T1552.005 Cloud Instance Metadata API
SC-7 Boundary Protection Protects T1552.007 Container API
SC-7 Boundary Protection Protects T1557 Man-in-the-Middle
SC-7 Boundary Protection Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-7 Boundary Protection Protects T1557.002 ARP Cache Poisoning
SC-7 Boundary Protection Protects T1559 Inter-Process Communication
SC-7 Boundary Protection Protects T1559.001 Component Object Model
SC-7 Boundary Protection Protects T1559.002 Dynamic Data Exchange
SC-7 Boundary Protection Protects T1560 Archive Collected Data
SC-7 Boundary Protection Protects T1560.001 Archive via Utility
SC-7 Boundary Protection Protects T1563 Remote Service Session Hijacking
SC-7 Boundary Protection Protects T1563.002 RDP Hijacking
SC-7 Boundary Protection Protects T1565 Data Manipulation
SC-7 Boundary Protection Protects T1565.001 Stored Data Manipulation
SC-7 Boundary Protection Protects T1565.003 Runtime Data Manipulation
SC-7 Boundary Protection Protects T1566 Phishing
SC-7 Boundary Protection Protects T1566.001 Spearphishing Attachment
SC-7 Boundary Protection Protects T1566.002 Spearphishing Link
SC-7 Boundary Protection Protects T1566.003 Spearphishing via Service
SC-7 Boundary Protection Protects T1567 Exfiltration Over Web Service
SC-7 Boundary Protection Protects T1567.001 Exfiltration to Code Repository
SC-7 Boundary Protection Protects T1567.002 Exfiltration to Cloud Storage
SC-7 Boundary Protection Protects T1568 Dynamic Resolution
SC-7 Boundary Protection Protects T1568.002 Domain Generation Algorithms
SC-7 Boundary Protection Protects T1570 Lateral Tool Transfer
SC-7 Boundary Protection Protects T1571 Non-Standard Port
SC-7 Boundary Protection Protects T1572 Protocol Tunneling
SC-7 Boundary Protection Protects T1573 Encrypted Channel
SC-7 Boundary Protection Protects T1573.001 Symmetric Cryptography
SC-7 Boundary Protection Protects T1573.002 Asymmetric Cryptography
SC-7 Boundary Protection Protects T1598 Phishing for Information
SC-7 Boundary Protection Protects T1598.001 Spearphishing Service
SC-7 Boundary Protection Protects T1598.002 Spearphishing Attachment
SC-7 Boundary Protection Protects T1598.003 Spearphishing Link
SC-7 Boundary Protection Protects T1599 Network Boundary Bridging
SC-7 Boundary Protection Protects T1599.001 Network Address Translation Traversal
SC-7 Boundary Protection Protects T1602 Data from Configuration Repository
SC-7 Boundary Protection Protects T1602.001 SNMP (MIB Dump)
SC-7 Boundary Protection Protects T1602.002 Network Device Configuration Dump
SC-7 Boundary Protection Protects T1609 Container Administration Command
SC-7 Boundary Protection Protects T1610 Deploy Container
SC-7 Boundary Protection Protects T1611 Escape to Host
SC-7 Boundary Protection Protects T1612 Build Image on Host
SC-7 Boundary Protection Protects T1613 Container and Resource Discovery
SC-8 Transmission Confidentiality and Integrity Protects T1040 Network Sniffing
SC-8 Transmission Confidentiality and Integrity Protects T1090 Proxy
SC-8 Transmission Confidentiality and Integrity Protects T1090.004 Domain Fronting
SC-8 Transmission Confidentiality and Integrity Protects T1550.001 Application Access Token
SC-8 Transmission Confidentiality and Integrity Protects T1550.004 Web Session Cookie
SC-8 Transmission Confidentiality and Integrity Protects T1552.007 Container API
SC-8 Transmission Confidentiality and Integrity Protects T1557 Man-in-the-Middle
SC-8 Transmission Confidentiality and Integrity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-8 Transmission Confidentiality and Integrity Protects T1557.002 ARP Cache Poisoning
SC-8 Transmission Confidentiality and Integrity Protects T1562.006 Indicator Blocking
SC-8 Transmission Confidentiality and Integrity Protects T1602 Data from Configuration Repository
SC-8 Transmission Confidentiality and Integrity Protects T1602.001 SNMP (MIB Dump)
SC-8 Transmission Confidentiality and Integrity Protects T1602.002 Network Device Configuration Dump
SI-10 Information Input Validation Protects T1021.002 SMB/Windows Admin Shares
SI-10 Information Input Validation Protects T1021.005 VNC
SI-10 Information Input Validation Protects T1036 Masquerading
SI-10 Information Input Validation Protects T1036.005 Match Legitimate Name or Location
SI-10 Information Input Validation Protects T1048 Exfiltration Over Alternative Protocol
SI-10 Information Input Validation Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-10 Information Input Validation Protects T1059 Command and Scripting Interpreter
SI-10 Information Input Validation Protects T1059.002 AppleScript
SI-10 Information Input Validation Protects T1059.003 Windows Command Shell
SI-10 Information Input Validation Protects T1059.004 Unix Shell
SI-10 Information Input Validation Protects T1059.005 Visual Basic
SI-10 Information Input Validation Protects T1059.006 Python
SI-10 Information Input Validation Protects T1059.007 JavaScript
SI-10 Information Input Validation Protects T1059.008 Network Device CLI
SI-10 Information Input Validation Protects T1071.004 DNS
SI-10 Information Input Validation Protects T1080 Taint Shared Content
SI-10 Information Input Validation Protects T1090 Proxy
SI-10 Information Input Validation Protects T1090.003 Multi-hop Proxy
SI-10 Information Input Validation Protects T1095 Non-Application Layer Protocol
SI-10 Information Input Validation Protects T1127 Trusted Developer Utilities Proxy Execution
SI-10 Information Input Validation Protects T1129 Shared Modules
SI-10 Information Input Validation Protects T1176 Browser Extensions
SI-10 Information Input Validation Protects T1187 Forced Authentication
SI-10 Information Input Validation Protects T1190 Exploit Public-Facing Application
SI-10 Information Input Validation Protects T1197 BITS Jobs
SI-10 Information Input Validation Protects T1204 User Execution
SI-10 Information Input Validation Protects T1204.002 Malicious File
SI-10 Information Input Validation Protects T1216 Signed Script Proxy Execution
SI-10 Information Input Validation Protects T1216.001 PubPrn
SI-10 Information Input Validation Protects T1218 Signed Binary Proxy Execution
SI-10 Information Input Validation Protects T1218.001 Compiled HTML File
SI-10 Information Input Validation Protects T1218.002 Control Panel
SI-10 Information Input Validation Protects T1218.003 CMSTP
SI-10 Information Input Validation Protects T1218.004 InstallUtil
SI-10 Information Input Validation Protects T1218.005 Mshta
SI-10 Information Input Validation Protects T1218.008 Odbcconf
SI-10 Information Input Validation Protects T1218.009 Regsvcs/Regasm
SI-10 Information Input Validation Protects T1218.010 Regsvr32
SI-10 Information Input Validation Protects T1218.011 Rundll32
SI-10 Information Input Validation Protects T1218.012 Verclsid
SI-10 Information Input Validation Protects T1219 Remote Access Software
SI-10 Information Input Validation Protects T1220 XSL Script Processing
SI-10 Information Input Validation Protects T1221 Template Injection
SI-10 Information Input Validation Protects T1498 Network Denial of Service
SI-10 Information Input Validation Protects T1498.001 Direct Network Flood
SI-10 Information Input Validation Protects T1498.002 Reflection Amplification
SI-10 Information Input Validation Protects T1499 Endpoint Denial of Service
SI-10 Information Input Validation Protects T1499.001 OS Exhaustion Flood
SI-10 Information Input Validation Protects T1499.002 Service Exhaustion Flood
SI-10 Information Input Validation Protects T1499.003 Application Exhaustion Flood
SI-10 Information Input Validation Protects T1499.004 Application or System Exploitation
SI-10 Information Input Validation Protects T1530 Data from Cloud Storage Object
SI-10 Information Input Validation Protects T1537 Transfer Data to Cloud Account
SI-10 Information Input Validation Protects T1546.002 Screensaver
SI-10 Information Input Validation Protects T1546.006 LC_LOAD_DYLIB Addition
SI-10 Information Input Validation Protects T1546.008 Accessibility Features
SI-10 Information Input Validation Protects T1546.009 AppCert DLLs
SI-10 Information Input Validation Protects T1546.010 AppInit DLLs
SI-10 Information Input Validation Protects T1547.004 Winlogon Helper DLL
SI-10 Information Input Validation Protects T1547.006 Kernel Modules and Extensions
SI-10 Information Input Validation Protects T1552 Unsecured Credentials
SI-10 Information Input Validation Protects T1552.005 Cloud Instance Metadata API
SI-10 Information Input Validation Protects T1553 Subvert Trust Controls
SI-10 Information Input Validation Protects T1553.001 Gatekeeper Bypass
SI-10 Information Input Validation Protects T1553.003 SIP and Trust Provider Hijacking
SI-10 Information Input Validation Protects T1553.005 Mark-of-the-Web Bypass
SI-10 Information Input Validation Protects T1557 Man-in-the-Middle
SI-10 Information Input Validation Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-10 Information Input Validation Protects T1557.002 ARP Cache Poisoning
SI-10 Information Input Validation Protects T1564.003 Hidden Window
SI-10 Information Input Validation Protects T1564.006 Run Virtual Instance
SI-10 Information Input Validation Protects T1570 Lateral Tool Transfer
SI-10 Information Input Validation Protects T1572 Protocol Tunneling
SI-10 Information Input Validation Protects T1574 Hijack Execution Flow
SI-10 Information Input Validation Protects T1574.001 DLL Search Order Hijacking
SI-10 Information Input Validation Protects T1574.006 Dynamic Linker Hijacking
SI-10 Information Input Validation Protects T1574.007 Path Interception by PATH Environment Variable
SI-10 Information Input Validation Protects T1574.008 Path Interception by Search Order Hijacking
SI-10 Information Input Validation Protects T1574.009 Path Interception by Unquoted Path
SI-10 Information Input Validation Protects T1574.012 COR_PROFILER
SI-10 Information Input Validation Protects T1599 Network Boundary Bridging
SI-10 Information Input Validation Protects T1599.001 Network Address Translation Traversal
SI-10 Information Input Validation Protects T1602 Data from Configuration Repository
SI-10 Information Input Validation Protects T1602.001 SNMP (MIB Dump)
SI-10 Information Input Validation Protects T1602.002 Network Device Configuration Dump
SI-10 Information Input Validation Protects T1609 Container Administration Command
SI-12 Information Management and Retention Protects T1003 OS Credential Dumping
SI-12 Information Management and Retention Protects T1003.003 NTDS
SI-12 Information Management and Retention Protects T1020.001 Traffic Duplication
SI-12 Information Management and Retention Protects T1040 Network Sniffing
SI-12 Information Management and Retention Protects T1070 Indicator Removal on Host
SI-12 Information Management and Retention Protects T1070.001 Clear Windows Event Logs
SI-12 Information Management and Retention Protects T1070.002 Clear Linux or Mac System Logs
SI-12 Information Management and Retention Protects T1114 Email Collection
SI-12 Information Management and Retention Protects T1114.001 Local Email Collection
SI-12 Information Management and Retention Protects T1114.002 Remote Email Collection
SI-12 Information Management and Retention Protects T1114.003 Email Forwarding Rule
SI-12 Information Management and Retention Protects T1119 Automated Collection
SI-12 Information Management and Retention Protects T1530 Data from Cloud Storage Object
SI-12 Information Management and Retention Protects T1548 Abuse Elevation Control Mechanism
SI-12 Information Management and Retention Protects T1548.004 Elevated Execution with Prompt
SI-12 Information Management and Retention Protects T1550.001 Application Access Token
SI-12 Information Management and Retention Protects T1552 Unsecured Credentials
SI-12 Information Management and Retention Protects T1552.004 Private Keys
SI-12 Information Management and Retention Protects T1557 Man-in-the-Middle
SI-12 Information Management and Retention Protects T1557.002 ARP Cache Poisoning
SI-12 Information Management and Retention Protects T1558 Steal or Forge Kerberos Tickets
SI-12 Information Management and Retention Protects T1558.002 Silver Ticket
SI-12 Information Management and Retention Protects T1558.003 Kerberoasting
SI-12 Information Management and Retention Protects T1558.004 AS-REP Roasting
SI-12 Information Management and Retention Protects T1565 Data Manipulation
SI-12 Information Management and Retention Protects T1565.001 Stored Data Manipulation
SI-12 Information Management and Retention Protects T1565.002 Transmitted Data Manipulation
SI-12 Information Management and Retention Protects T1602 Data from Configuration Repository
SI-12 Information Management and Retention Protects T1602.001 SNMP (MIB Dump)
SI-12 Information Management and Retention Protects T1602.002 Network Device Configuration Dump
SI-15 Information Output Filtering Protects T1021.002 SMB/Windows Admin Shares
SI-15 Information Output Filtering Protects T1021.005 VNC
SI-15 Information Output Filtering Protects T1048 Exfiltration Over Alternative Protocol
SI-15 Information Output Filtering Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-15 Information Output Filtering Protects T1071.004 DNS
SI-15 Information Output Filtering Protects T1090 Proxy
SI-15 Information Output Filtering Protects T1090.003 Multi-hop Proxy
SI-15 Information Output Filtering Protects T1095 Non-Application Layer Protocol
SI-15 Information Output Filtering Protects T1187 Forced Authentication
SI-15 Information Output Filtering Protects T1197 BITS Jobs
SI-15 Information Output Filtering Protects T1205 Traffic Signaling
SI-15 Information Output Filtering Protects T1205.001 Port Knocking
SI-15 Information Output Filtering Protects T1218.012 Verclsid
SI-15 Information Output Filtering Protects T1219 Remote Access Software
SI-15 Information Output Filtering Protects T1498 Network Denial of Service
SI-15 Information Output Filtering Protects T1498.001 Direct Network Flood
SI-15 Information Output Filtering Protects T1498.002 Reflection Amplification
SI-15 Information Output Filtering Protects T1499 Endpoint Denial of Service
SI-15 Information Output Filtering Protects T1499.001 OS Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.002 Service Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.003 Application Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.004 Application or System Exploitation
SI-15 Information Output Filtering Protects T1530 Data from Cloud Storage Object
SI-15 Information Output Filtering Protects T1537 Transfer Data to Cloud Account
SI-15 Information Output Filtering Protects T1552 Unsecured Credentials
SI-15 Information Output Filtering Protects T1552.005 Cloud Instance Metadata API
SI-15 Information Output Filtering Protects T1557 Man-in-the-Middle
SI-15 Information Output Filtering Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-15 Information Output Filtering Protects T1557.002 ARP Cache Poisoning
SI-15 Information Output Filtering Protects T1570 Lateral Tool Transfer
SI-15 Information Output Filtering Protects T1572 Protocol Tunneling
SI-15 Information Output Filtering Protects T1599 Network Boundary Bridging
SI-15 Information Output Filtering Protects T1599.001 Network Address Translation Traversal
SI-15 Information Output Filtering Protects T1602 Data from Configuration Repository
SI-15 Information Output Filtering Protects T1602.001 SNMP (MIB Dump)
SI-15 Information Output Filtering Protects T1602.002 Network Device Configuration Dump
SI-16 Memory Protection Protects T1055.009 Proc Memory
SI-16 Memory Protection Protects T1543 Create or Modify System Process
SI-16 Memory Protection Protects T1543.002 Systemd Service
SI-16 Memory Protection Protects T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection Protects T1548.004 Elevated Execution with Prompt
SI-16 Memory Protection Protects T1565 Data Manipulation
SI-16 Memory Protection Protects T1565.001 Stored Data Manipulation
SI-16 Memory Protection Protects T1565.003 Runtime Data Manipulation
SI-16 Memory Protection Protects T1611 Escape to Host
SI-2 Flaw Remediation Protects T1027 Obfuscated Files or Information
SI-2 Flaw Remediation Protects T1027.002 Software Packing
SI-2 Flaw Remediation Protects T1055 Process Injection
SI-2 Flaw Remediation Protects T1055.001 Dynamic-link Library Injection
SI-2 Flaw Remediation Protects T1055.002 Portable Executable Injection
SI-2 Flaw Remediation Protects T1055.003 Thread Execution Hijacking
SI-2 Flaw Remediation Protects T1055.004 Asynchronous Procedure Call
SI-2 Flaw Remediation Protects T1055.005 Thread Local Storage
SI-2 Flaw Remediation Protects T1055.008 Ptrace System Calls
SI-2 Flaw Remediation Protects T1055.009 Proc Memory
SI-2 Flaw Remediation Protects T1055.011 Extra Window Memory Injection
SI-2 Flaw Remediation Protects T1055.012 Process Hollowing
SI-2 Flaw Remediation Protects T1055.013 Process Doppelgänging
SI-2 Flaw Remediation Protects T1055.014 VDSO Hijacking
SI-2 Flaw Remediation Protects T1059 Command and Scripting Interpreter
SI-2 Flaw Remediation Protects T1059.001 PowerShell
SI-2 Flaw Remediation Protects T1059.005 Visual Basic
SI-2 Flaw Remediation Protects T1059.006 Python
SI-2 Flaw Remediation Protects T1068 Exploitation for Privilege Escalation
SI-2 Flaw Remediation Protects T1072 Software Deployment Tools
SI-2 Flaw Remediation Protects T1137 Office Application Startup
SI-2 Flaw Remediation Protects T1137.003 Outlook Forms
SI-2 Flaw Remediation Protects T1137.004 Outlook Home Page
SI-2 Flaw Remediation Protects T1137.005 Outlook Rules
SI-2 Flaw Remediation Protects T1189 Drive-by Compromise
SI-2 Flaw Remediation Protects T1190 Exploit Public-Facing Application
SI-2 Flaw Remediation Protects T1195 Supply Chain Compromise
SI-2 Flaw Remediation Protects T1195.001 Compromise Software Dependencies and Development Tools
SI-2 Flaw Remediation Protects T1195.002 Compromise Software Supply Chain
SI-2 Flaw Remediation Protects T1195.003 Compromise Hardware Supply Chain
SI-2 Flaw Remediation Protects T1204 User Execution
SI-2 Flaw Remediation Protects T1204.001 Malicious Link
SI-2 Flaw Remediation Protects T1204.003 Malicious Image
SI-2 Flaw Remediation Protects T1210 Exploitation of Remote Services
SI-2 Flaw Remediation Protects T1211 Exploitation for Defense Evasion
SI-2 Flaw Remediation Protects T1212 Exploitation for Credential Access
SI-2 Flaw Remediation Protects T1221 Template Injection
SI-2 Flaw Remediation Protects T1495 Firmware Corruption
SI-2 Flaw Remediation Protects T1525 Implant Internal Image
SI-2 Flaw Remediation Protects T1542 Pre-OS Boot
SI-2 Flaw Remediation Protects T1542.001 System Firmware
SI-2 Flaw Remediation Protects T1542.003 Bootkit
SI-2 Flaw Remediation Protects T1542.004 ROMMONkit
SI-2 Flaw Remediation Protects T1542.005 TFTP Boot
SI-2 Flaw Remediation Protects T1546.006 LC_LOAD_DYLIB Addition
SI-2 Flaw Remediation Protects T1546.010 AppInit DLLs
SI-2 Flaw Remediation Protects T1546.011 Application Shimming
SI-2 Flaw Remediation Protects T1547.006 Kernel Modules and Extensions
SI-2 Flaw Remediation Protects T1548.002 Bypass User Account Control
SI-2 Flaw Remediation Protects T1550.002 Pass the Hash
SI-2 Flaw Remediation Protects T1552 Unsecured Credentials
SI-2 Flaw Remediation Protects T1552.006 Group Policy Preferences
SI-2 Flaw Remediation Protects T1553 Subvert Trust Controls
SI-2 Flaw Remediation Protects T1553.006 Code Signing Policy Modification
SI-2 Flaw Remediation Protects T1555.005 Password Managers
SI-2 Flaw Remediation Protects T1559 Inter-Process Communication
SI-2 Flaw Remediation Protects T1559.002 Dynamic Data Exchange
SI-2 Flaw Remediation Protects T1566 Phishing
SI-2 Flaw Remediation Protects T1566.001 Spearphishing Attachment
SI-2 Flaw Remediation Protects T1566.003 Spearphishing via Service
SI-2 Flaw Remediation Protects T1574 Hijack Execution Flow
SI-2 Flaw Remediation Protects T1574.002 DLL Side-Loading
SI-2 Flaw Remediation Protects T1601 Modify System Image
SI-2 Flaw Remediation Protects T1601.001 Patch System Image
SI-2 Flaw Remediation Protects T1601.002 Downgrade System Image
SI-2 Flaw Remediation Protects T1611 Escape to Host
SI-23 Information Fragmentation Protects T1070 Indicator Removal on Host
SI-23 Information Fragmentation Protects T1070.001 Clear Windows Event Logs
SI-23 Information Fragmentation Protects T1070.002 Clear Linux or Mac System Logs
SI-23 Information Fragmentation Protects T1072 Software Deployment Tools
SI-23 Information Fragmentation Protects T1119 Automated Collection
SI-23 Information Fragmentation Protects T1565 Data Manipulation
SI-23 Information Fragmentation Protects T1565.001 Stored Data Manipulation
SI-3 Malicious Code Protection Protects T1001 Data Obfuscation
SI-3 Malicious Code Protection Protects T1001.001 Junk Data
SI-3 Malicious Code Protection Protects T1001.002 Steganography
SI-3 Malicious Code Protection Protects T1001.003 Protocol Impersonation
SI-3 Malicious Code Protection Protects T1003 OS Credential Dumping
SI-3 Malicious Code Protection Protects T1003.001 LSASS Memory
SI-3 Malicious Code Protection Protects T1003.002 Security Account Manager
SI-3 Malicious Code Protection Protects T1003.003 NTDS
SI-3 Malicious Code Protection Protects T1003.004 LSA Secrets
SI-3 Malicious Code Protection Protects T1003.005 Cached Domain Credentials
SI-3 Malicious Code Protection Protects T1003.006 DCSync
SI-3 Malicious Code Protection Protects T1003.007 Proc Filesystem
SI-3 Malicious Code Protection Protects T1003.008 /etc/passwd and /etc/shadow
SI-3 Malicious Code Protection Protects T1008 Fallback Channels
SI-3 Malicious Code Protection Protects T1011.001 Exfiltration Over Bluetooth
SI-3 Malicious Code Protection Protects T1021.003 Distributed Component Object Model
SI-3 Malicious Code Protection Protects T1021.005 VNC
SI-3 Malicious Code Protection Protects T1027 Obfuscated Files or Information
SI-3 Malicious Code Protection Protects T1027.002 Software Packing
SI-3 Malicious Code Protection Protects T1029 Scheduled Transfer
SI-3 Malicious Code Protection Protects T1030 Data Transfer Size Limits
SI-3 Malicious Code Protection Protects T1036 Masquerading
SI-3 Malicious Code Protection Protects T1036.003 Rename System Utilities
SI-3 Malicious Code Protection Protects T1036.005 Match Legitimate Name or Location
SI-3 Malicious Code Protection Protects T1037 Boot or Logon Initialization Scripts
SI-3 Malicious Code Protection Protects T1037.002 Logon Script (Mac)
SI-3 Malicious Code Protection Protects T1037.003 Network Logon Script
SI-3 Malicious Code Protection Protects T1037.004 RC Scripts
SI-3 Malicious Code Protection Protects T1037.005 Startup Items
SI-3 Malicious Code Protection Protects T1041 Exfiltration Over C2 Channel
SI-3 Malicious Code Protection Protects T1046 Network Service Scanning
SI-3 Malicious Code Protection Protects T1048 Exfiltration Over Alternative Protocol
SI-3 Malicious Code Protection Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-3 Malicious Code Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-3 Malicious Code Protection Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-3 Malicious Code Protection Protects T1052 Exfiltration Over Physical Medium
SI-3 Malicious Code Protection Protects T1052.001 Exfiltration over USB
SI-3 Malicious Code Protection Protects T1055 Process Injection
SI-3 Malicious Code Protection Protects T1055.001 Dynamic-link Library Injection
SI-3 Malicious Code Protection Protects T1055.002 Portable Executable Injection
SI-3 Malicious Code Protection Protects T1055.003 Thread Execution Hijacking
SI-3 Malicious Code Protection Protects T1055.004 Asynchronous Procedure Call
SI-3 Malicious Code Protection Protects T1055.005 Thread Local Storage
SI-3 Malicious Code Protection Protects T1055.008 Ptrace System Calls
SI-3 Malicious Code Protection Protects T1055.009 Proc Memory
SI-3 Malicious Code Protection Protects T1055.011 Extra Window Memory Injection
SI-3 Malicious Code Protection Protects T1055.012 Process Hollowing
SI-3 Malicious Code Protection Protects T1055.013 Process Doppelgänging
SI-3 Malicious Code Protection Protects T1055.014 VDSO Hijacking
SI-3 Malicious Code Protection Protects T1056.002 GUI Input Capture
SI-3 Malicious Code Protection Protects T1059 Command and Scripting Interpreter
SI-3 Malicious Code Protection Protects T1059.001 PowerShell
SI-3 Malicious Code Protection Protects T1059.005 Visual Basic
SI-3 Malicious Code Protection Protects T1059.006 Python
SI-3 Malicious Code Protection Protects T1059.007 JavaScript
SI-3 Malicious Code Protection Protects T1068 Exploitation for Privilege Escalation
SI-3 Malicious Code Protection Protects T1070 Indicator Removal on Host
SI-3 Malicious Code Protection Protects T1070.001 Clear Windows Event Logs
SI-3 Malicious Code Protection Protects T1070.002 Clear Linux or Mac System Logs
SI-3 Malicious Code Protection Protects T1070.003 Clear Command History
SI-3 Malicious Code Protection Protects T1071 Application Layer Protocol
SI-3 Malicious Code Protection Protects T1071.001 Web Protocols
SI-3 Malicious Code Protection Protects T1071.002 File Transfer Protocols
SI-3 Malicious Code Protection Protects T1071.003 Mail Protocols
SI-3 Malicious Code Protection Protects T1071.004 DNS
SI-3 Malicious Code Protection Protects T1072 Software Deployment Tools
SI-3 Malicious Code Protection Protects T1080 Taint Shared Content
SI-3 Malicious Code Protection Protects T1090 Proxy
SI-3 Malicious Code Protection Protects T1090.001 Internal Proxy
SI-3 Malicious Code Protection Protects T1090.002 External Proxy
SI-3 Malicious Code Protection Protects T1091 Replication Through Removable Media
SI-3 Malicious Code Protection Protects T1092 Communication Through Removable Media
SI-3 Malicious Code Protection Protects T1095 Non-Application Layer Protocol
SI-3 Malicious Code Protection Protects T1098.004 SSH Authorized Keys
SI-3 Malicious Code Protection Protects T1102 Web Service
SI-3 Malicious Code Protection Protects T1102.001 Dead Drop Resolver
SI-3 Malicious Code Protection Protects T1102.002 Bidirectional Communication
SI-3 Malicious Code Protection Protects T1102.003 One-Way Communication
SI-3 Malicious Code Protection Protects T1104 Multi-Stage Channels
SI-3 Malicious Code Protection Protects T1105 Ingress Tool Transfer
SI-3 Malicious Code Protection Protects T1111 Two-Factor Authentication Interception
SI-3 Malicious Code Protection Protects T1132 Data Encoding
SI-3 Malicious Code Protection Protects T1132.001 Standard Encoding
SI-3 Malicious Code Protection Protects T1132.002 Non-Standard Encoding
SI-3 Malicious Code Protection Protects T1137 Office Application Startup
SI-3 Malicious Code Protection Protects T1137.001 Office Template Macros
SI-3 Malicious Code Protection Protects T1176 Browser Extensions
SI-3 Malicious Code Protection Protects T1185 Man in the Browser
SI-3 Malicious Code Protection Protects T1189 Drive-by Compromise
SI-3 Malicious Code Protection Protects T1190 Exploit Public-Facing Application
SI-3 Malicious Code Protection Protects T1201 Password Policy Discovery
SI-3 Malicious Code Protection Protects T1203 Exploitation for Client Execution
SI-3 Malicious Code Protection Protects T1204 User Execution
SI-3 Malicious Code Protection Protects T1204.001 Malicious Link
SI-3 Malicious Code Protection Protects T1204.002 Malicious File
SI-3 Malicious Code Protection Protects T1204.003 Malicious Image
SI-3 Malicious Code Protection Protects T1210 Exploitation of Remote Services
SI-3 Malicious Code Protection Protects T1211 Exploitation for Defense Evasion
SI-3 Malicious Code Protection Protects T1212 Exploitation for Credential Access
SI-3 Malicious Code Protection Protects T1218.002 Control Panel
SI-3 Malicious Code Protection Protects T1219 Remote Access Software
SI-3 Malicious Code Protection Protects T1221 Template Injection
SI-3 Malicious Code Protection Protects T1485 Data Destruction
SI-3 Malicious Code Protection Protects T1486 Data Encrypted for Impact
SI-3 Malicious Code Protection Protects T1490 Inhibit System Recovery
SI-3 Malicious Code Protection Protects T1491 Defacement
SI-3 Malicious Code Protection Protects T1491.001 Internal Defacement
SI-3 Malicious Code Protection Protects T1491.002 External Defacement
SI-3 Malicious Code Protection Protects T1525 Implant Internal Image
SI-3 Malicious Code Protection Protects T1539 Steal Web Session Cookie
SI-3 Malicious Code Protection Protects T1543 Create or Modify System Process
SI-3 Malicious Code Protection Protects T1543.002 Systemd Service
SI-3 Malicious Code Protection Protects T1546.002 Screensaver
SI-3 Malicious Code Protection Protects T1546.004 Unix Shell Configuration Modification
SI-3 Malicious Code Protection Protects T1546.006 LC_LOAD_DYLIB Addition
SI-3 Malicious Code Protection Protects T1546.013 PowerShell Profile
SI-3 Malicious Code Protection Protects T1546.014 Emond
SI-3 Malicious Code Protection Protects T1547.002 Authentication Package
SI-3 Malicious Code Protection Protects T1547.005 Security Support Provider
SI-3 Malicious Code Protection Protects T1547.006 Kernel Modules and Extensions
SI-3 Malicious Code Protection Protects T1547.007 Re-opened Applications
SI-3 Malicious Code Protection Protects T1547.008 LSASS Driver
SI-3 Malicious Code Protection Protects T1547.013 XDG Autostart Entries
SI-3 Malicious Code Protection Protects T1548 Abuse Elevation Control Mechanism
SI-3 Malicious Code Protection Protects T1548.004 Elevated Execution with Prompt
SI-3 Malicious Code Protection Protects T1553.003 SIP and Trust Provider Hijacking
SI-3 Malicious Code Protection Protects T1557 Man-in-the-Middle
SI-3 Malicious Code Protection Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-3 Malicious Code Protection Protects T1557.002 ARP Cache Poisoning
SI-3 Malicious Code Protection Protects T1558 Steal or Forge Kerberos Tickets
SI-3 Malicious Code Protection Protects T1558.002 Silver Ticket
SI-3 Malicious Code Protection Protects T1558.003 Kerberoasting
SI-3 Malicious Code Protection Protects T1558.004 AS-REP Roasting
SI-3 Malicious Code Protection Protects T1559 Inter-Process Communication
SI-3 Malicious Code Protection Protects T1559.001 Component Object Model
SI-3 Malicious Code Protection Protects T1559.002 Dynamic Data Exchange
SI-3 Malicious Code Protection Protects T1560 Archive Collected Data
SI-3 Malicious Code Protection Protects T1560.001 Archive via Utility
SI-3 Malicious Code Protection Protects T1561 Disk Wipe
SI-3 Malicious Code Protection Protects T1561.001 Disk Content Wipe
SI-3 Malicious Code Protection Protects T1561.002 Disk Structure Wipe
SI-3 Malicious Code Protection Protects T1562 Impair Defenses
SI-3 Malicious Code Protection Protects T1562.001 Disable or Modify Tools
SI-3 Malicious Code Protection Protects T1562.002 Disable Windows Event Logging
SI-3 Malicious Code Protection Protects T1562.004 Disable or Modify System Firewall
SI-3 Malicious Code Protection Protects T1562.006 Indicator Blocking
SI-3 Malicious Code Protection Protects T1564.004 NTFS File Attributes
SI-3 Malicious Code Protection Protects T1566 Phishing
SI-3 Malicious Code Protection Protects T1566.001 Spearphishing Attachment
SI-3 Malicious Code Protection Protects T1566.002 Spearphishing Link
SI-3 Malicious Code Protection Protects T1566.003 Spearphishing via Service
SI-3 Malicious Code Protection Protects T1568 Dynamic Resolution
SI-3 Malicious Code Protection Protects T1568.002 Domain Generation Algorithms
SI-3 Malicious Code Protection Protects T1569 System Services
SI-3 Malicious Code Protection Protects T1569.002 Service Execution
SI-3 Malicious Code Protection Protects T1570 Lateral Tool Transfer
SI-3 Malicious Code Protection Protects T1571 Non-Standard Port
SI-3 Malicious Code Protection Protects T1572 Protocol Tunneling
SI-3 Malicious Code Protection Protects T1573 Encrypted Channel
SI-3 Malicious Code Protection Protects T1573.001 Symmetric Cryptography
SI-3 Malicious Code Protection Protects T1573.002 Asymmetric Cryptography
SI-3 Malicious Code Protection Protects T1574 Hijack Execution Flow
SI-3 Malicious Code Protection Protects T1574.001 DLL Search Order Hijacking
SI-3 Malicious Code Protection Protects T1574.004 Dylib Hijacking
SI-3 Malicious Code Protection Protects T1574.007 Path Interception by PATH Environment Variable
SI-3 Malicious Code Protection Protects T1574.008 Path Interception by Search Order Hijacking
SI-3 Malicious Code Protection Protects T1574.009 Path Interception by Unquoted Path
SI-3 Malicious Code Protection Protects T1598 Phishing for Information
SI-3 Malicious Code Protection Protects T1598.001 Spearphishing Service
SI-3 Malicious Code Protection Protects T1598.002 Spearphishing Attachment
SI-3 Malicious Code Protection Protects T1598.003 Spearphishing Link
SI-3 Malicious Code Protection Protects T1602 Data from Configuration Repository
SI-3 Malicious Code Protection Protects T1602.001 SNMP (MIB Dump)
SI-3 Malicious Code Protection Protects T1602.002 Network Device Configuration Dump
SI-3 Malicious Code Protection Protects T1611 Escape to Host
SI-4 System Monitoring Protects T1001 Data Obfuscation
SI-4 System Monitoring Protects T1001.001 Junk Data
SI-4 System Monitoring Protects T1001.002 Steganography
SI-4 System Monitoring Protects T1001.003 Protocol Impersonation
SI-4 System Monitoring Protects T1003 OS Credential Dumping
SI-4 System Monitoring Protects T1003.001 LSASS Memory
SI-4 System Monitoring Protects T1003.002 Security Account Manager
SI-4 System Monitoring Protects T1003.003 NTDS
SI-4 System Monitoring Protects T1003.004 LSA Secrets
SI-4 System Monitoring Protects T1003.005 Cached Domain Credentials
SI-4 System Monitoring Protects T1003.006 DCSync
SI-4 System Monitoring Protects T1003.007 Proc Filesystem
SI-4 System Monitoring Protects T1003.008 /etc/passwd and /etc/shadow
SI-4 System Monitoring Protects T1008 Fallback Channels
SI-4 System Monitoring Protects T1011 Exfiltration Over Other Network Medium
SI-4 System Monitoring Protects T1011.001 Exfiltration Over Bluetooth
SI-4 System Monitoring Protects T1020.001 Traffic Duplication
SI-4 System Monitoring Protects T1021 Remote Services
SI-4 System Monitoring Protects T1021.001 Remote Desktop Protocol
SI-4 System Monitoring Protects T1021.002 SMB/Windows Admin Shares
SI-4 System Monitoring Protects T1021.003 Distributed Component Object Model
SI-4 System Monitoring Protects T1021.004 SSH
SI-4 System Monitoring Protects T1021.005 VNC
SI-4 System Monitoring Protects T1021.006 Windows Remote Management
SI-4 System Monitoring Protects T1027 Obfuscated Files or Information
SI-4 System Monitoring Protects T1027.002 Software Packing
SI-4 System Monitoring Protects T1029 Scheduled Transfer
SI-4 System Monitoring Protects T1030 Data Transfer Size Limits
SI-4 System Monitoring Protects T1036 Masquerading
SI-4 System Monitoring Protects T1036.001 Invalid Code Signature
SI-4 System Monitoring Protects T1036.003 Rename System Utilities
SI-4 System Monitoring Protects T1036.005 Match Legitimate Name or Location
SI-4 System Monitoring Protects T1037 Boot or Logon Initialization Scripts
SI-4 System Monitoring Protects T1037.002 Logon Script (Mac)
SI-4 System Monitoring Protects T1037.003 Network Logon Script
SI-4 System Monitoring Protects T1037.004 RC Scripts
SI-4 System Monitoring Protects T1037.005 Startup Items
SI-4 System Monitoring Protects T1040 Network Sniffing
SI-4 System Monitoring Protects T1041 Exfiltration Over C2 Channel
SI-4 System Monitoring Protects T1046 Network Service Scanning
SI-4 System Monitoring Protects T1048 Exfiltration Over Alternative Protocol
SI-4 System Monitoring Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-4 System Monitoring Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-4 System Monitoring Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-4 System Monitoring Protects T1052 Exfiltration Over Physical Medium
SI-4 System Monitoring Protects T1052.001 Exfiltration over USB
SI-4 System Monitoring Protects T1053 Scheduled Task/Job
SI-4 System Monitoring Protects T1053.001 At (Linux)
SI-4 System Monitoring Protects T1053.002 At (Windows)
SI-4 System Monitoring Protects T1053.003 Cron
SI-4 System Monitoring Protects T1053.004 Launchd
SI-4 System Monitoring Protects T1053.005 Scheduled Task
SI-4 System Monitoring Protects T1053.006 Systemd Timers
SI-4 System Monitoring Protects T1055 Process Injection
SI-4 System Monitoring Protects T1055.001 Dynamic-link Library Injection
SI-4 System Monitoring Protects T1055.002 Portable Executable Injection
SI-4 System Monitoring Protects T1055.003 Thread Execution Hijacking
SI-4 System Monitoring Protects T1055.004 Asynchronous Procedure Call
SI-4 System Monitoring Protects T1055.005 Thread Local Storage
SI-4 System Monitoring Protects T1055.008 Ptrace System Calls
SI-4 System Monitoring Protects T1055.009 Proc Memory
SI-4 System Monitoring Protects T1055.011 Extra Window Memory Injection
SI-4 System Monitoring Protects T1055.012 Process Hollowing
SI-4 System Monitoring Protects T1055.013 Process Doppelgänging
SI-4 System Monitoring Protects T1055.014 VDSO Hijacking
SI-4 System Monitoring Protects T1056.002 GUI Input Capture
SI-4 System Monitoring Protects T1059 Command and Scripting Interpreter
SI-4 System Monitoring Protects T1059.001 PowerShell
SI-4 System Monitoring Protects T1059.002 AppleScript
SI-4 System Monitoring Protects T1059.003 Windows Command Shell
SI-4 System Monitoring Protects T1059.004 Unix Shell
SI-4 System Monitoring Protects T1059.005 Visual Basic
SI-4 System Monitoring Protects T1059.006 Python
SI-4 System Monitoring Protects T1059.007 JavaScript
SI-4 System Monitoring Protects T1059.008 Network Device CLI
SI-4 System Monitoring Protects T1068 Exploitation for Privilege Escalation
SI-4 System Monitoring Protects T1070 Indicator Removal on Host
SI-4 System Monitoring Protects T1070.001 Clear Windows Event Logs
SI-4 System Monitoring Protects T1070.002 Clear Linux or Mac System Logs
SI-4 System Monitoring Protects T1070.003 Clear Command History
SI-4 System Monitoring Protects T1071 Application Layer Protocol
SI-4 System Monitoring Protects T1071.001 Web Protocols
SI-4 System Monitoring Protects T1071.002 File Transfer Protocols
SI-4 System Monitoring Protects T1071.003 Mail Protocols
SI-4 System Monitoring Protects T1071.004 DNS
SI-4 System Monitoring Protects T1072 Software Deployment Tools
SI-4 System Monitoring Protects T1078 Valid Accounts
SI-4 System Monitoring Protects T1078.001 Default Accounts
SI-4 System Monitoring Protects T1078.002 Domain Accounts
SI-4 System Monitoring Protects T1078.003 Local Accounts
SI-4 System Monitoring Protects T1078.004 Cloud Accounts
SI-4 System Monitoring Protects T1080 Taint Shared Content
SI-4 System Monitoring Protects T1087 Account Discovery
SI-4 System Monitoring Protects T1087.001 Local Account
SI-4 System Monitoring Protects T1087.002 Domain Account
SI-4 System Monitoring Protects T1090 Proxy
SI-4 System Monitoring Protects T1090.001 Internal Proxy
SI-4 System Monitoring Protects T1090.002 External Proxy
SI-4 System Monitoring Protects T1091 Replication Through Removable Media
SI-4 System Monitoring Protects T1092 Communication Through Removable Media
SI-4 System Monitoring Protects T1095 Non-Application Layer Protocol
SI-4 System Monitoring Protects T1098 Account Manipulation
SI-4 System Monitoring Protects T1098.001 Additional Cloud Credentials
SI-4 System Monitoring Protects T1098.002 Exchange Email Delegate Permissions
SI-4 System Monitoring Protects T1098.003 Add Office 365 Global Administrator Role
SI-4 System Monitoring Protects T1098.004 SSH Authorized Keys
SI-4 System Monitoring Protects T1102 Web Service
SI-4 System Monitoring Protects T1102.001 Dead Drop Resolver
SI-4 System Monitoring Protects T1102.002 Bidirectional Communication
SI-4 System Monitoring Protects T1102.003 One-Way Communication
SI-4 System Monitoring Protects T1104 Multi-Stage Channels
SI-4 System Monitoring Protects T1105 Ingress Tool Transfer
SI-4 System Monitoring Protects T1110 Brute Force
SI-4 System Monitoring Protects T1110.001 Password Guessing
SI-4 System Monitoring Protects T1110.002 Password Cracking
SI-4 System Monitoring Protects T1110.003 Password Spraying
SI-4 System Monitoring Protects T1110.004 Credential Stuffing
SI-4 System Monitoring Protects T1111 Two-Factor Authentication Interception
SI-4 System Monitoring Protects T1114 Email Collection
SI-4 System Monitoring Protects T1114.001 Local Email Collection
SI-4 System Monitoring Protects T1114.002 Remote Email Collection
SI-4 System Monitoring Protects T1114.003 Email Forwarding Rule
SI-4 System Monitoring Protects T1119 Automated Collection
SI-4 System Monitoring Protects T1127 Trusted Developer Utilities Proxy Execution
SI-4 System Monitoring Protects T1127.001 MSBuild
SI-4 System Monitoring Protects T1129 Shared Modules
SI-4 System Monitoring Protects T1132 Data Encoding
SI-4 System Monitoring Protects T1132.001 Standard Encoding
SI-4 System Monitoring Protects T1132.002 Non-Standard Encoding
SI-4 System Monitoring Protects T1133 External Remote Services
SI-4 System Monitoring Protects T1135 Network Share Discovery
SI-4 System Monitoring Protects T1136 Create Account
SI-4 System Monitoring Protects T1136.001 Local Account
SI-4 System Monitoring Protects T1136.002 Domain Account
SI-4 System Monitoring Protects T1136.003 Cloud Account
SI-4 System Monitoring Protects T1137 Office Application Startup
SI-4 System Monitoring Protects T1137.001 Office Template Macros
SI-4 System Monitoring Protects T1176 Browser Extensions
SI-4 System Monitoring Protects T1185 Man in the Browser
SI-4 System Monitoring Protects T1187 Forced Authentication
SI-4 System Monitoring Protects T1189 Drive-by Compromise
SI-4 System Monitoring Protects T1190 Exploit Public-Facing Application
SI-4 System Monitoring Protects T1197 BITS Jobs
SI-4 System Monitoring Protects T1201 Password Policy Discovery
SI-4 System Monitoring Protects T1203 Exploitation for Client Execution
SI-4 System Monitoring Protects T1204 User Execution
SI-4 System Monitoring Protects T1204.001 Malicious Link
SI-4 System Monitoring Protects T1204.002 Malicious File
SI-4 System Monitoring Protects T1204.003 Malicious Image
SI-4 System Monitoring Protects T1205 Traffic Signaling
SI-4 System Monitoring Protects T1205.001 Port Knocking
SI-4 System Monitoring Protects T1210 Exploitation of Remote Services
SI-4 System Monitoring Protects T1211 Exploitation for Defense Evasion
SI-4 System Monitoring Protects T1212 Exploitation for Credential Access
SI-4 System Monitoring Protects T1213 Data from Information Repositories
SI-4 System Monitoring Protects T1213.001 Confluence
SI-4 System Monitoring Protects T1213.002 Sharepoint
SI-4 System Monitoring Protects T1216 Signed Script Proxy Execution
SI-4 System Monitoring Protects T1216.001 PubPrn
SI-4 System Monitoring Protects T1218 Signed Binary Proxy Execution
SI-4 System Monitoring Protects T1218.001 Compiled HTML File
SI-4 System Monitoring Protects T1218.002 Control Panel
SI-4 System Monitoring Protects T1218.003 CMSTP
SI-4 System Monitoring Protects T1218.004 InstallUtil
SI-4 System Monitoring Protects T1218.005 Mshta
SI-4 System Monitoring Protects T1218.008 Odbcconf
SI-4 System Monitoring Protects T1218.009 Regsvcs/Regasm
SI-4 System Monitoring Protects T1218.010 Regsvr32
SI-4 System Monitoring Protects T1218.011 Rundll32
SI-4 System Monitoring Protects T1218.012 Verclsid
SI-4 System Monitoring Protects T1219 Remote Access Software
SI-4 System Monitoring Protects T1220 XSL Script Processing
SI-4 System Monitoring Protects T1221 Template Injection
SI-4 System Monitoring Protects T1222 File and Directory Permissions Modification
SI-4 System Monitoring Protects T1222.001 Windows File and Directory Permissions Modification
SI-4 System Monitoring Protects T1222.002 Linux and Mac File and Directory Permissions Modification
SI-4 System Monitoring Protects T1484 Domain Policy Modification
SI-4 System Monitoring Protects T1485 Data Destruction
SI-4 System Monitoring Protects T1486 Data Encrypted for Impact
SI-4 System Monitoring Protects T1489 Service Stop
SI-4 System Monitoring Protects T1490 Inhibit System Recovery
SI-4 System Monitoring Protects T1491 Defacement
SI-4 System Monitoring Protects T1491.001 Internal Defacement
SI-4 System Monitoring Protects T1491.002 External Defacement
SI-4 System Monitoring Protects T1499 Endpoint Denial of Service
SI-4 System Monitoring Protects T1499.001 OS Exhaustion Flood
SI-4 System Monitoring Protects T1499.002 Service Exhaustion Flood
SI-4 System Monitoring Protects T1499.003 Application Exhaustion Flood
SI-4 System Monitoring Protects T1499.004 Application or System Exploitation
SI-4 System Monitoring Protects T1505 Server Software Component
SI-4 System Monitoring Protects T1505.001 SQL Stored Procedures
SI-4 System Monitoring Protects T1505.002 Transport Agent
SI-4 System Monitoring Protects T1525 Implant Internal Image
SI-4 System Monitoring Protects T1528 Steal Application Access Token
SI-4 System Monitoring Protects T1530 Data from Cloud Storage Object
SI-4 System Monitoring Protects T1537 Transfer Data to Cloud Account
SI-4 System Monitoring Protects T1539 Steal Web Session Cookie
SI-4 System Monitoring Protects T1542.004 ROMMONkit
SI-4 System Monitoring Protects T1542.005 TFTP Boot
SI-4 System Monitoring Protects T1543 Create or Modify System Process
SI-4 System Monitoring Protects T1543.002 Systemd Service
SI-4 System Monitoring Protects T1543.003 Windows Service
SI-4 System Monitoring Protects T1546.002 Screensaver
SI-4 System Monitoring Protects T1546.004 Unix Shell Configuration Modification
SI-4 System Monitoring Protects T1546.006 LC_LOAD_DYLIB Addition
SI-4 System Monitoring Protects T1546.008 Accessibility Features
SI-4 System Monitoring Protects T1546.013 PowerShell Profile
SI-4 System Monitoring Protects T1546.014 Emond
SI-4 System Monitoring Protects T1547.002 Authentication Package
SI-4 System Monitoring Protects T1547.003 Time Providers
SI-4 System Monitoring Protects T1547.004 Winlogon Helper DLL
SI-4 System Monitoring Protects T1547.005 Security Support Provider
SI-4 System Monitoring Protects T1547.006 Kernel Modules and Extensions
SI-4 System Monitoring Protects T1547.007 Re-opened Applications
SI-4 System Monitoring Protects T1547.008 LSASS Driver
SI-4 System Monitoring Protects T1547.009 Shortcut Modification
SI-4 System Monitoring Protects T1547.011 Plist Modification
SI-4 System Monitoring Protects T1547.012 Print Processors
SI-4 System Monitoring Protects T1547.013 XDG Autostart Entries
SI-4 System Monitoring Protects T1548 Abuse Elevation Control Mechanism
SI-4 System Monitoring Protects T1548.001 Setuid and Setgid
SI-4 System Monitoring Protects T1548.002 Bypass User Account Control
SI-4 System Monitoring Protects T1548.003 Sudo and Sudo Caching
SI-4 System Monitoring Protects T1548.004 Elevated Execution with Prompt
SI-4 System Monitoring Protects T1550.001 Application Access Token
SI-4 System Monitoring Protects T1550.003 Pass the Ticket
SI-4 System Monitoring Protects T1552 Unsecured Credentials
SI-4 System Monitoring Protects T1552.001 Credentials In Files
SI-4 System Monitoring Protects T1552.002 Credentials in Registry
SI-4 System Monitoring Protects T1552.003 Bash History
SI-4 System Monitoring Protects T1552.004 Private Keys
SI-4 System Monitoring Protects T1552.005 Cloud Instance Metadata API
SI-4 System Monitoring Protects T1552.006 Group Policy Preferences
SI-4 System Monitoring Protects T1553 Subvert Trust Controls
SI-4 System Monitoring Protects T1553.001 Gatekeeper Bypass
SI-4 System Monitoring Protects T1553.003 SIP and Trust Provider Hijacking
SI-4 System Monitoring Protects T1553.004 Install Root Certificate
SI-4 System Monitoring Protects T1553.005 Mark-of-the-Web Bypass
SI-4 System Monitoring Protects T1555 Credentials from Password Stores
SI-4 System Monitoring Protects T1555.001 Keychain
SI-4 System Monitoring Protects T1555.002 Securityd Memory
SI-4 System Monitoring Protects T1555.004 Windows Credential Manager
SI-4 System Monitoring Protects T1555.005 Password Managers
SI-4 System Monitoring Protects T1556 Modify Authentication Process
SI-4 System Monitoring Protects T1556.001 Domain Controller Authentication
SI-4 System Monitoring Protects T1556.002 Password Filter DLL
SI-4 System Monitoring Protects T1556.003 Pluggable Authentication Modules
SI-4 System Monitoring Protects T1556.004 Network Device Authentication
SI-4 System Monitoring Protects T1557 Man-in-the-Middle
SI-4 System Monitoring Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-4 System Monitoring Protects T1557.002 ARP Cache Poisoning
SI-4 System Monitoring Protects T1558 Steal or Forge Kerberos Tickets
SI-4 System Monitoring Protects T1558.002 Silver Ticket
SI-4 System Monitoring Protects T1558.003 Kerberoasting
SI-4 System Monitoring Protects T1558.004 AS-REP Roasting
SI-4 System Monitoring Protects T1559 Inter-Process Communication
SI-4 System Monitoring Protects T1559.002 Dynamic Data Exchange
SI-4 System Monitoring Protects T1560 Archive Collected Data
SI-4 System Monitoring Protects T1560.001 Archive via Utility
SI-4 System Monitoring Protects T1561 Disk Wipe
SI-4 System Monitoring Protects T1561.001 Disk Content Wipe
SI-4 System Monitoring Protects T1561.002 Disk Structure Wipe
SI-4 System Monitoring Protects T1562 Impair Defenses
SI-4 System Monitoring Protects T1562.001 Disable or Modify Tools
SI-4 System Monitoring Protects T1562.002 Disable Windows Event Logging
SI-4 System Monitoring Protects T1562.003 Impair Command History Logging
SI-4 System Monitoring Protects T1562.004 Disable or Modify System Firewall
SI-4 System Monitoring Protects T1562.006 Indicator Blocking
SI-4 System Monitoring Protects T1563 Remote Service Session Hijacking
SI-4 System Monitoring Protects T1563.001 SSH Hijacking
SI-4 System Monitoring Protects T1563.002 RDP Hijacking
SI-4 System Monitoring Protects T1564.002 Hidden Users
SI-4 System Monitoring Protects T1564.004 NTFS File Attributes
SI-4 System Monitoring Protects T1564.006 Run Virtual Instance
SI-4 System Monitoring Protects T1564.007 VBA Stomping
SI-4 System Monitoring Protects T1565 Data Manipulation
SI-4 System Monitoring Protects T1565.001 Stored Data Manipulation
SI-4 System Monitoring Protects T1565.002 Transmitted Data Manipulation
SI-4 System Monitoring Protects T1565.003 Runtime Data Manipulation
SI-4 System Monitoring Protects T1566 Phishing
SI-4 System Monitoring Protects T1566.001 Spearphishing Attachment
SI-4 System Monitoring Protects T1566.002 Spearphishing Link
SI-4 System Monitoring Protects T1566.003 Spearphishing via Service
SI-4 System Monitoring Protects T1568 Dynamic Resolution
SI-4 System Monitoring Protects T1568.002 Domain Generation Algorithms
SI-4 System Monitoring Protects T1569 System Services
SI-4 System Monitoring Protects T1569.002 Service Execution
SI-4 System Monitoring Protects T1570 Lateral Tool Transfer
SI-4 System Monitoring Protects T1571 Non-Standard Port
SI-4 System Monitoring Protects T1572 Protocol Tunneling
SI-4 System Monitoring Protects T1573 Encrypted Channel
SI-4 System Monitoring Protects T1573.001 Symmetric Cryptography
SI-4 System Monitoring Protects T1573.002 Asymmetric Cryptography
SI-4 System Monitoring Protects T1574 Hijack Execution Flow
SI-4 System Monitoring Protects T1574.001 DLL Search Order Hijacking
SI-4 System Monitoring Protects T1574.004 Dylib Hijacking
SI-4 System Monitoring Protects T1574.005 Executable Installer File Permissions Weakness
SI-4 System Monitoring Protects T1574.007 Path Interception by PATH Environment Variable
SI-4 System Monitoring Protects T1574.008 Path Interception by Search Order Hijacking
SI-4 System Monitoring Protects T1574.009 Path Interception by Unquoted Path
SI-4 System Monitoring Protects T1574.010 Services File Permissions Weakness
SI-4 System Monitoring Protects T1578 Modify Cloud Compute Infrastructure
SI-4 System Monitoring Protects T1578.001 Create Snapshot
SI-4 System Monitoring Protects T1578.002 Create Cloud Instance
SI-4 System Monitoring Protects T1578.003 Delete Cloud Instance
SI-4 System Monitoring Protects T1598 Phishing for Information
SI-4 System Monitoring Protects T1598.001 Spearphishing Service
SI-4 System Monitoring Protects T1598.002 Spearphishing Attachment
SI-4 System Monitoring Protects T1598.003 Spearphishing Link
SI-4 System Monitoring Protects T1599 Network Boundary Bridging
SI-4 System Monitoring Protects T1599.001 Network Address Translation Traversal
SI-4 System Monitoring Protects T1601 Modify System Image
SI-4 System Monitoring Protects T1601.001 Patch System Image
SI-4 System Monitoring Protects T1601.002 Downgrade System Image
SI-4 System Monitoring Protects T1602 Data from Configuration Repository
SI-4 System Monitoring Protects T1602.001 SNMP (MIB Dump)
SI-4 System Monitoring Protects T1602.002 Network Device Configuration Dump
SI-4 System Monitoring Protects T1610 Deploy Container
SI-4 System Monitoring Protects T1611 Escape to Host
SI-4 System Monitoring Protects T1612 Build Image on Host
SI-4 System Monitoring Protects T1613 Container and Resource Discovery
SI-5 Security Alerts, Advisories, and Directives Protects T1068 Exploitation for Privilege Escalation
SI-5 Security Alerts, Advisories, and Directives Protects T1210 Exploitation of Remote Services
SI-5 Security Alerts, Advisories, and Directives Protects T1211 Exploitation for Defense Evasion
SI-5 Security Alerts, Advisories, and Directives Protects T1212 Exploitation for Credential Access
SI-7 Software, Firmware, and Information Integrity Protects T1003 OS Credential Dumping
SI-7 Software, Firmware, and Information Integrity Protects T1003.003 NTDS
SI-7 Software, Firmware, and Information Integrity Protects T1020.001 Traffic Duplication
SI-7 Software, Firmware, and Information Integrity Protects T1027 Obfuscated Files or Information
SI-7 Software, Firmware, and Information Integrity Protects T1027.002 Software Packing
SI-7 Software, Firmware, and Information Integrity Protects T1036 Masquerading
SI-7 Software, Firmware, and Information Integrity Protects T1036.001 Invalid Code Signature
SI-7 Software, Firmware, and Information Integrity Protects T1036.005 Match Legitimate Name or Location
SI-7 Software, Firmware, and Information Integrity Protects T1037 Boot or Logon Initialization Scripts
SI-7 Software, Firmware, and Information Integrity Protects T1037.002 Logon Script (Mac)
SI-7 Software, Firmware, and Information Integrity Protects T1037.003 Network Logon Script
SI-7 Software, Firmware, and Information Integrity Protects T1037.004 RC Scripts
SI-7 Software, Firmware, and Information Integrity Protects T1037.005 Startup Items
SI-7 Software, Firmware, and Information Integrity Protects T1040 Network Sniffing
SI-7 Software, Firmware, and Information Integrity Protects T1053.006 Systemd Timers
SI-7 Software, Firmware, and Information Integrity Protects T1056.002 GUI Input Capture
SI-7 Software, Firmware, and Information Integrity Protects T1059 Command and Scripting Interpreter
SI-7 Software, Firmware, and Information Integrity Protects T1059.001 PowerShell
SI-7 Software, Firmware, and Information Integrity Protects T1059.002 AppleScript
SI-7 Software, Firmware, and Information Integrity Protects T1059.003 Windows Command Shell
SI-7 Software, Firmware, and Information Integrity Protects T1059.004 Unix Shell
SI-7 Software, Firmware, and Information Integrity Protects T1059.005 Visual Basic
SI-7 Software, Firmware, and Information Integrity Protects T1059.006 Python
SI-7 Software, Firmware, and Information Integrity Protects T1059.007 JavaScript
SI-7 Software, Firmware, and Information Integrity Protects T1059.008 Network Device CLI
SI-7 Software, Firmware, and Information Integrity Protects T1068 Exploitation for Privilege Escalation
SI-7 Software, Firmware, and Information Integrity Protects T1070 Indicator Removal on Host
SI-7 Software, Firmware, and Information Integrity Protects T1070.001 Clear Windows Event Logs
SI-7 Software, Firmware, and Information Integrity Protects T1070.002 Clear Linux or Mac System Logs
SI-7 Software, Firmware, and Information Integrity Protects T1070.003 Clear Command History
SI-7 Software, Firmware, and Information Integrity Protects T1072 Software Deployment Tools
SI-7 Software, Firmware, and Information Integrity Protects T1080 Taint Shared Content
SI-7 Software, Firmware, and Information Integrity Protects T1098.001 Additional Cloud Credentials
SI-7 Software, Firmware, and Information Integrity Protects T1098.002 Exchange Email Delegate Permissions
SI-7 Software, Firmware, and Information Integrity Protects T1098.003 Add Office 365 Global Administrator Role
SI-7 Software, Firmware, and Information Integrity Protects T1114 Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.001 Local Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.002 Remote Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.003 Email Forwarding Rule
SI-7 Software, Firmware, and Information Integrity Protects T1119 Automated Collection
SI-7 Software, Firmware, and Information Integrity Protects T1127 Trusted Developer Utilities Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1129 Shared Modules
SI-7 Software, Firmware, and Information Integrity Protects T1133 External Remote Services
SI-7 Software, Firmware, and Information Integrity Protects T1136 Create Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.001 Local Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.002 Domain Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.003 Cloud Account
SI-7 Software, Firmware, and Information Integrity Protects T1176 Browser Extensions
SI-7 Software, Firmware, and Information Integrity Protects T1185 Man in the Browser
SI-7 Software, Firmware, and Information Integrity Protects T1189 Drive-by Compromise
SI-7 Software, Firmware, and Information Integrity Protects T1190 Exploit Public-Facing Application
SI-7 Software, Firmware, and Information Integrity Protects T1195.003 Compromise Hardware Supply Chain
SI-7 Software, Firmware, and Information Integrity Protects T1203 Exploitation for Client Execution
SI-7 Software, Firmware, and Information Integrity Protects T1204 User Execution
SI-7 Software, Firmware, and Information Integrity Protects T1204.002 Malicious File
SI-7 Software, Firmware, and Information Integrity Protects T1204.003 Malicious Image
SI-7 Software, Firmware, and Information Integrity Protects T1210 Exploitation of Remote Services
SI-7 Software, Firmware, and Information Integrity Protects T1211 Exploitation for Defense Evasion
SI-7 Software, Firmware, and Information Integrity Protects T1212 Exploitation for Credential Access
SI-7 Software, Firmware, and Information Integrity Protects T1213 Data from Information Repositories
SI-7 Software, Firmware, and Information Integrity Protects T1213.001 Confluence
SI-7 Software, Firmware, and Information Integrity Protects T1213.002 Sharepoint
SI-7 Software, Firmware, and Information Integrity Protects T1216 Signed Script Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1216.001 PubPrn
SI-7 Software, Firmware, and Information Integrity Protects T1218 Signed Binary Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1218.001 Compiled HTML File
SI-7 Software, Firmware, and Information Integrity Protects T1218.002 Control Panel
SI-7 Software, Firmware, and Information Integrity Protects T1218.003 CMSTP
SI-7 Software, Firmware, and Information Integrity Protects T1218.004 InstallUtil
SI-7 Software, Firmware, and Information Integrity Protects T1218.005 Mshta
SI-7 Software, Firmware, and Information Integrity Protects T1218.008 Odbcconf
SI-7 Software, Firmware, and Information Integrity Protects T1218.009 Regsvcs/Regasm
SI-7 Software, Firmware, and Information Integrity Protects T1218.010 Regsvr32
SI-7 Software, Firmware, and Information Integrity Protects T1218.011 Rundll32
SI-7 Software, Firmware, and Information Integrity Protects T1218.012 Verclsid
SI-7 Software, Firmware, and Information Integrity Protects T1219 Remote Access Software
SI-7 Software, Firmware, and Information Integrity Protects T1220 XSL Script Processing
SI-7 Software, Firmware, and Information Integrity Protects T1221 Template Injection
SI-7 Software, Firmware, and Information Integrity Protects T1222 File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1222.001 Windows File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1222.002 Linux and Mac File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1485 Data Destruction
SI-7 Software, Firmware, and Information Integrity Protects T1486 Data Encrypted for Impact
SI-7 Software, Firmware, and Information Integrity Protects T1490 Inhibit System Recovery
SI-7 Software, Firmware, and Information Integrity Protects T1491 Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.001 Internal Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.002 External Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1495 Firmware Corruption
SI-7 Software, Firmware, and Information Integrity Protects T1505 Server Software Component
SI-7 Software, Firmware, and Information Integrity Protects T1505.001 SQL Stored Procedures
SI-7 Software, Firmware, and Information Integrity Protects T1505.002 Transport Agent
SI-7 Software, Firmware, and Information Integrity Protects T1525 Implant Internal Image
SI-7 Software, Firmware, and Information Integrity Protects T1530 Data from Cloud Storage Object
SI-7 Software, Firmware, and Information Integrity Protects T1542 Pre-OS Boot
SI-7 Software, Firmware, and Information Integrity Protects T1542.001 System Firmware
SI-7 Software, Firmware, and Information Integrity Protects T1542.003 Bootkit
SI-7 Software, Firmware, and Information Integrity Protects T1542.004 ROMMONkit
SI-7 Software, Firmware, and Information Integrity Protects T1542.005 TFTP Boot
SI-7 Software, Firmware, and Information Integrity Protects T1543 Create or Modify System Process
SI-7 Software, Firmware, and Information Integrity Protects T1543.002 Systemd Service
SI-7 Software, Firmware, and Information Integrity Protects T1546 Event Triggered Execution
SI-7 Software, Firmware, and Information Integrity Protects T1546.002 Screensaver
SI-7 Software, Firmware, and Information Integrity Protects T1546.004 Unix Shell Configuration Modification
SI-7 Software, Firmware, and Information Integrity Protects T1546.006 LC_LOAD_DYLIB Addition
SI-7 Software, Firmware, and Information Integrity Protects T1546.008 Accessibility Features
SI-7 Software, Firmware, and Information Integrity Protects T1546.009 AppCert DLLs
SI-7 Software, Firmware, and Information Integrity Protects T1546.010 AppInit DLLs
SI-7 Software, Firmware, and Information Integrity Protects T1546.013 PowerShell Profile
SI-7 Software, Firmware, and Information Integrity Protects T1547.002 Authentication Package
SI-7 Software, Firmware, and Information Integrity Protects T1547.003 Time Providers
SI-7 Software, Firmware, and Information Integrity Protects T1547.004 Winlogon Helper DLL
SI-7 Software, Firmware, and Information Integrity Protects T1547.005 Security Support Provider
SI-7 Software, Firmware, and Information Integrity Protects T1547.006 Kernel Modules and Extensions
SI-7 Software, Firmware, and Information Integrity Protects T1547.008 LSASS Driver
SI-7 Software, Firmware, and Information Integrity Protects T1547.011 Plist Modification
SI-7 Software, Firmware, and Information Integrity Protects T1547.013 XDG Autostart Entries
SI-7 Software, Firmware, and Information Integrity Protects T1548 Abuse Elevation Control Mechanism
SI-7 Software, Firmware, and Information Integrity Protects T1548.004 Elevated Execution with Prompt
SI-7 Software, Firmware, and Information Integrity Protects T1550.001 Application Access Token
SI-7 Software, Firmware, and Information Integrity Protects T1550.004 Web Session Cookie
SI-7 Software, Firmware, and Information Integrity Protects T1552 Unsecured Credentials
SI-7 Software, Firmware, and Information Integrity Protects T1552.004 Private Keys
SI-7 Software, Firmware, and Information Integrity Protects T1553 Subvert Trust Controls
SI-7 Software, Firmware, and Information Integrity Protects T1553.001 Gatekeeper Bypass
SI-7 Software, Firmware, and Information Integrity Protects T1553.003 SIP and Trust Provider Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1553.005 Mark-of-the-Web Bypass
SI-7 Software, Firmware, and Information Integrity Protects T1553.006 Code Signing Policy Modification
SI-7 Software, Firmware, and Information Integrity Protects T1554 Compromise Client Software Binary
SI-7 Software, Firmware, and Information Integrity Protects T1556 Modify Authentication Process
SI-7 Software, Firmware, and Information Integrity Protects T1556.001 Domain Controller Authentication
SI-7 Software, Firmware, and Information Integrity Protects T1556.003 Pluggable Authentication Modules
SI-7 Software, Firmware, and Information Integrity Protects T1556.004 Network Device Authentication
SI-7 Software, Firmware, and Information Integrity Protects T1557 Man-in-the-Middle
SI-7 Software, Firmware, and Information Integrity Protects T1557.002 ARP Cache Poisoning
SI-7 Software, Firmware, and Information Integrity Protects T1558 Steal or Forge Kerberos Tickets
SI-7 Software, Firmware, and Information Integrity Protects T1558.002 Silver Ticket
SI-7 Software, Firmware, and Information Integrity Protects T1558.003 Kerberoasting
SI-7 Software, Firmware, and Information Integrity Protects T1558.004 AS-REP Roasting
SI-7 Software, Firmware, and Information Integrity Protects T1561 Disk Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1561.001 Disk Content Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1561.002 Disk Structure Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1562 Impair Defenses
SI-7 Software, Firmware, and Information Integrity Protects T1562.001 Disable or Modify Tools
SI-7 Software, Firmware, and Information Integrity Protects T1562.002 Disable Windows Event Logging
SI-7 Software, Firmware, and Information Integrity Protects T1562.004 Disable or Modify System Firewall
SI-7 Software, Firmware, and Information Integrity Protects T1562.006 Indicator Blocking
SI-7 Software, Firmware, and Information Integrity Protects T1564.003 Hidden Window
SI-7 Software, Firmware, and Information Integrity Protects T1564.004 NTFS File Attributes
SI-7 Software, Firmware, and Information Integrity Protects T1564.006 Run Virtual Instance
SI-7 Software, Firmware, and Information Integrity Protects T1565 Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.001 Stored Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.002 Transmitted Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1569 System Services
SI-7 Software, Firmware, and Information Integrity Protects T1569.002 Service Execution
SI-7 Software, Firmware, and Information Integrity Protects T1574 Hijack Execution Flow
SI-7 Software, Firmware, and Information Integrity Protects T1574.001 DLL Search Order Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.004 Dylib Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.006 Dynamic Linker Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.007 Path Interception by PATH Environment Variable
SI-7 Software, Firmware, and Information Integrity Protects T1574.008 Path Interception by Search Order Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.009 Path Interception by Unquoted Path
SI-7 Software, Firmware, and Information Integrity Protects T1574.012 COR_PROFILER
SI-7 Software, Firmware, and Information Integrity Protects T1599 Network Boundary Bridging
SI-7 Software, Firmware, and Information Integrity Protects T1599.001 Network Address Translation Traversal
SI-7 Software, Firmware, and Information Integrity Protects T1601 Modify System Image
SI-7 Software, Firmware, and Information Integrity Protects T1601.001 Patch System Image
SI-7 Software, Firmware, and Information Integrity Protects T1601.002 Downgrade System Image
SI-7 Software, Firmware, and Information Integrity Protects T1602 Data from Configuration Repository
SI-7 Software, Firmware, and Information Integrity Protects T1602.001 SNMP (MIB Dump)
SI-7 Software, Firmware, and Information Integrity Protects T1602.002 Network Device Configuration Dump
SI-7 Software, Firmware, and Information Integrity Protects T1609 Container Administration Command
SI-7 Software, Firmware, and Information Integrity Protects T1611 Escape to Host
SI-8 Spam Protection Protects T1204 User Execution
SI-8 Spam Protection Protects T1204.001 Malicious Link
SI-8 Spam Protection Protects T1204.002 Malicious File
SI-8 Spam Protection Protects T1204.003 Malicious Image
SI-8 Spam Protection Protects T1221 Template Injection
SI-8 Spam Protection Protects T1566 Phishing
SI-8 Spam Protection Protects T1566.001 Spearphishing Attachment
SI-8 Spam Protection Protects T1566.002 Spearphishing Link
SI-8 Spam Protection Protects T1566.003 Spearphishing via Service
SI-8 Spam Protection Protects T1598 Phishing for Information
SI-8 Spam Protection Protects T1598.001 Spearphishing Service
SI-8 Spam Protection Protects T1598.002 Spearphishing Attachment
SI-8 Spam Protection Protects T1598.003 Spearphishing Link
SR-11 Component Authenticity Protects T1059.002 AppleScript
SR-11 Component Authenticity Protects T1204.003 Malicious Image
SR-11 Component Authenticity Protects T1505 Server Software Component
SR-11 Component Authenticity Protects T1505.001 SQL Stored Procedures
SR-11 Component Authenticity Protects T1505.002 Transport Agent
SR-11 Component Authenticity Protects T1546.006 LC_LOAD_DYLIB Addition
SR-11 Component Authenticity Protects T1554 Compromise Client Software Binary
SR-11 Component Authenticity Protects T1601 Modify System Image
SR-11 Component Authenticity Protects T1601.001 Patch System Image
SR-11 Component Authenticity Protects T1601.002 Downgrade System Image
SR-4 Provenance Protects T1059.002 AppleScript
SR-4 Provenance Protects T1204.003 Malicious Image
SR-4 Provenance Protects T1505 Server Software Component
SR-4 Provenance Protects T1505.001 SQL Stored Procedures
SR-4 Provenance Protects T1505.002 Transport Agent
SR-4 Provenance Protects T1546.006 LC_LOAD_DYLIB Addition
SR-4 Provenance Protects T1554 Compromise Client Software Binary
SR-4 Provenance Protects T1601 Modify System Image
SR-4 Provenance Protects T1601.001 Patch System Image
SR-4 Provenance Protects T1601.002 Downgrade System Image
SR-5 Acquisition Strategies, Tools, and Methods Protects T1059.002 AppleScript
SR-5 Acquisition Strategies, Tools, and Methods Protects T1204.003 Malicious Image
SR-5 Acquisition Strategies, Tools, and Methods Protects T1505 Server Software Component
SR-5 Acquisition Strategies, Tools, and Methods Protects T1505.001 SQL Stored Procedures
SR-5 Acquisition Strategies, Tools, and Methods Protects T1505.002 Transport Agent
SR-5 Acquisition Strategies, Tools, and Methods Protects T1546.006 LC_LOAD_DYLIB Addition
SR-5 Acquisition Strategies, Tools, and Methods Protects T1554 Compromise Client Software Binary
SR-5 Acquisition Strategies, Tools, and Methods Protects T1601 Modify System Image
SR-5 Acquisition Strategies, Tools, and Methods Protects T1601.001 Patch System Image
SR-5 Acquisition Strategies, Tools, and Methods Protects T1601.002 Downgrade System Image
SR-6 Supplier Assessments and Reviews Protects T1059.002 AppleScript
SR-6 Supplier Assessments and Reviews Protects T1204.003 Malicious Image
SR-6 Supplier Assessments and Reviews Protects T1505 Server Software Component
SR-6 Supplier Assessments and Reviews Protects T1505.001 SQL Stored Procedures
SR-6 Supplier Assessments and Reviews Protects T1505.002 Transport Agent
SR-6 Supplier Assessments and Reviews Protects T1546.006 LC_LOAD_DYLIB Addition
SR-6 Supplier Assessments and Reviews Protects T1554 Compromise Client Software Binary
SR-6 Supplier Assessments and Reviews Protects T1601 Modify System Image
SR-6 Supplier Assessments and Reviews Protects T1601.001 Patch System Image
SR-6 Supplier Assessments and Reviews Protects T1601.002 Downgrade System Image