|
T1004
|
Winlogon Helper DLL |
Winlogon.exe is a Windows component responsible for actions at logon/logoff as well as the secure attention sequence (SA… |
persistence
|
|
T1547.004
|
Winlogon Helper DLL |
Adversaries may abuse features of Winlogon to execute DLLs and/or executables when a user logs in. Winlogon.exe is a Win… |
persistence
|
|
T1595.003
|
Wordlist Scanning |
Adversaries may iteratively probe infrastructure using brute-forcing and crawling techniques. While this technique emplo… |
reconnaissance
|
|
T1683.001
|
Written Content |
Adversaries may create or tailor written materials to support targeting and malicious operations. Content may include ph… |
resource-development
|
|
T1547.013
|
XDG Autostart Entries |
Adversaries may add or modify XDG Autostart Entries to execute malicious programs or commands when a user’s desktop envi… |
persistence
|
|
T1559.003
|
XPC Services |
Adversaries can provide malicious content to an XPC service daemon for local code execution. macOS uses XPC services for… |
execution
|
|
T1220
|
XSL Script Processing |
Adversaries may bypass application control and obscure execution of code by embedding scripts inside XSL files. Extensib… |
stealth
|
|
T1505.006
|
vSphere Installation Bundles |
Adversaries may abuse vSphere Installation Bundles (VIBs) to establish persistent access to ESXi hypervisors. VIBs are c… |
persistence
|
Trusted Design