Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
MITRE ATT&CK Mapped Against Whitelisting Defense
T1103 - AppInitDlls
T1017 - Application Deployment Software
T1131 - Authentication Package
T1009 - Binary Padding
T1042 - Change Default Association
T1116 - Code Signing
T1122 - Component Object Model Hijacking
T1003 - Credential Access
T1055 - DLL Injection
T1038 - DLL Search Order Hijacking
T1073 - DLL Side-Loading
T1106 - Execution through API
T1129 - Execution through Module Load
T1118 - InstallUtil
T1013 - Local Port Monitor
T1031 - Modify Existing Service
T1128 - Netsh Helper DLL
T1050 - New Service
T1137 - Office Application Startup
T1034 - Path Interception
T1093 - Process Hollowing
T1060 - Registry Run Keys / Start Folder
T1121 - RegSvcs/RegAsm
T1117 - RegSvr32
T1085 - Rundll32
T1053 - Scheduled Task
T1101 - Security Support Provider
T1023 - Shortcut Modification
T1080 - Taint Shared Content
T1072 - Third-party Software
T1154 - Trap
T1127 - Trusted Developer Utilities
T1004 - Winlogon Helper DLL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.