Professional Documents
Culture Documents
Defense Evasion
Defense Evasion
Defense Evasion
Hidden Window
Stripped Payloads
Token Impersonation/Theft
Embedded Payloads
Create Process with Token
SID-History Injection
System Firmware
Component Firmware
Invalid Code Signature
Bootkit
T1542 - Pre-OS Boot Right-to-Left Override
ROMMONkit
Rename System Utilities
TFTP Boot
Masquerade Task or Service
T1036 - Masquerading
Match Legitimate Name or Location
Dynamic-link Library Injection
Space after Filename
Portable Executable Injection
Double File Extension
Thread Execution Hijacking
VDSO Hijacking
T1140 - Deobfuscate/Decode Files or Information
ListPlanting
Gatekeeper Bypass
Environmental Keying
Code Signing
T1480 - Execution Guardrails
Install Root Certificate T1553 - Subvert Trust Controls T1211 - Exploitation for Defense Evasion
Mark-of-the-Web Bypass MITRE ATT&CK-Defense Evasion
Code Signing Policy Modification Windows File and Directory Permissions Modification
T1222 - File and Directory Permissions Modification Linux and Mac File and Directory Permissions Modification
Compiled HTML File
MMC KernelCallbackTable
Indicator Blocking
Port Knocking T1562 - Impair Defenses
Disable or Modify Cloud Firewall
Socket Filters T1205 - Traffic Signaling
Disable Cloud Logs
Multi-Factor Authentication
Reduce Key Space Hybrid Identity
Disable Crypto Hardware T1600 - Weaken Encryption
Create Snapshot