Execution
Execution involves techniques that allow us to determine whether the code controlled by the attacker runs locally or remotely. Techniques that execute malicious code are usually combined with others to achieve broader objectives, such as exploring a network or stealing data.
Persistence
Persistence consists of techniques that attackers use to maintain access to systems during restarts, credential changes, and other interruptions that could disrupt access. Persistence techniques include any access changes, actions, or configurations that allow an attacker to maintain their position in the systems.
Privilege escalation
Privilege escalation involves techniques used by attackers to obtain higher-level permissions on a networked system. Attackers can usually explore a network with unprivileged access, but since they require elevated permissions to complete their objectives, they typically try to exploit system weaknesses, misconfigurations, and known vulnerabilities to escalate their position.
Defense Evasion
Defense evasion consists of techniques that attackers use to avoid detection during their attack. Techniques used for defense evasion include disabling or uninstalling security software or encrypting data and scripts.
Credential access
Credential access involves techniques for stealing passwords. Techniques used to obtain such passwords include keylogging or credential dumping. The use of legitimate credentials—i.e., real ones—can facilitate attackers' access to systems, making detection more difficult and giving them the opportunity to create more legitimate accounts.
Discovery
Discovery consists of techniques an attacker uses to gain knowledge about the system and the internal network. These techniques help the attacker observe the environment and orient themselves before deciding how to act. It also allows cybercriminals to explore what they can control and what is around the entry point.
Lateral movement
Lateral movement involves techniques that attackers use to enter a network and control systems remotely. To achieve their goal, cybercriminals typically move between various devices connected to the same network using lateral movement.
Collection
Collection consists of techniques used to gather information and detect information sources. Common collection methods include screenshots, keystrokes, among others.
Command and control
Command and control consist of techniques that cybercriminals use to communicate with systems that are already under their control within a network or botnet. They usually try to mimic normal traffic to avoid detection.
Exfiltration
Exfiltration consists of techniques that attackers use to steal data from their network. Once the data has been gathered, attackers typically package it using compression and encryption to avoid detection while removing it.
Impact
Impact consists of techniques that cybercriminals use to disrupt the availability of a service or compromise the integrity of server data by manipulating operational and business processes.
Ransomware
Ransomware attacks involve encrypting information on systems, making all documents inaccessible. Once the attack has been executed, attackers demand a ransom to provide the decryption key for the information. The technique involves testing different ransomware attacks to validate whether systems are protected against this type of attack or not.
-3.png?width=600&height=375&name=Dise%C3%B1o%20sin%20t%C3%ADtulo%20(3)-3.png)
.png?width=262&height=150&name=accio-10-negre%20(1).png)
