Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 17:17:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e0b325f71d6f6adecfd4dec038ff72f3f91dace9
keyboardcrunch-sentinelone-…/DefenseEvasion.md
T
keyboardcrunch e0b325f71d Create DefenseEvasion.md
2020-09-15 22:28:41 -05:00

7.2 KiB
Raw Blame History

Defense Evasion

T1055.004 Asynchronous Procedure Call

Atomics: T1055.004

T1197 BITS Jobs

Atomics: T1197

T1548.002 Bypass User Access Control

Atomics: T1548.002

T1218.003 CMSTP

Atomics: T1218.003

T1574.012 COR_PROFILER

Atomics: T1574.012

T1070.001 Clear Windows Event Logs

Atomics: T1070.001

T1027.004 Compile After Delivery

Atomics: T1027.004

T1218.001 Compiled HTML File

Atomics: T1218.001

T1218.002 Control Panel

Atomics: T1218.002

T1574.001 DLL Search Order Hijacking

Atomics: T1574.001

T1574.002 DLL Side-Loading

Atomics: T1574.002

T1078.001 Default Accounts

Atomics: T1078.001

T1140 Deobfuscate/Decode Files or Information

Atomics: T1140

T1562.002 Disable Windows Event Logging

Atomics: T1562.002

T1562.004 Disable or Modify System Firewall

Atomics: T1562.004

T1562.001 Disable or Modify Tools

Atomics: T1562.001

T1564.001 Hidden Files and Directories

Atomics: T1564.001

T1564.003 Hidden Window

Atomics: T1564.003

T1070 Indicator Removal on Host

Atomics: T1070

T1202 Indirect Command Execution

Atomics: T1202

T1553.004 Install Root Certificate

Atomics: T1553.004

T1218.004 InstallUtil

Atomics: T1218.004

T1127.001 MSBuild

Atomics: T1127.001

T1112 Modify Registry

Atomics: T1112

T1218.005 Mshta

Atomics: T1218.005

T1218.007 Msiexec

Atomics: T1218.007

T1564.004 NTFS File Attributes

Atomics: T1564.004

T1070.005 Network Share Connection Removal

Atomics: T1070.005

T1027 Obfuscated Files or Information

Atomics: T1027

T1218.008 Odbcconf

Atomics: T1218.008

T1134.004 Parent PID Spoofing

Atomics: T1134.004

T1550.002 Pass the Hash

Atomics: T1550.002

T1550.003 Pass the Ticket

Atomics: T1550.003

T1556.002 Password Filter DLL

Atomics: T1556.002

T1574.009 Path Interception by Unquoted Path

Atomics: T1574.009

T1055.012 Process Hollowing

Atomics: T1055.012

T1055 Process Injection

Atomics: T1055

T1218.009 PubPrn

Atomics: T1218.009

T1218.009 Regsvcs/Regasm

Atomics: T1218.009

T1218.010 Regsvr32

Atomics: T1218.010

T1036.003 Rename System Utilities

Atomics: T1036.003

T1207 Rogue Domain Controller

Atomics: T1207

T1014 Rootkit

Atomics: T1014

T1218.011 Rundll32

Atomics: T1218.011

T1574.010 Services File Permissions Weakness

Atomics: T1574.010

T1574.011 Services Registry Permissions Weakness

Atomics: T1574.011

T1218 Signed Binary Proxy Execution

Atomics: T1218

T1216 Signed Script Proxy Execution

Atomics: T1216

T1070.006 Timestomp

Atomics: T1070.006

T1222.001 Windows File and Directory Permissions Modification

Atomics: T1222.001

T1220 XSL Script Processing

Atomics: T1220

Reference in New Issue View Git Blame Copy Permalink