Technique List
| Technique Name | Technique ID's | Categories | Has Snippet(s) | Has Rules(s) | Creation Date |
|---|---|---|---|---|---|
| Hijack Execution Flow: Executable Installer File Permissions Weakness | T1574.005 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hijack Execution Flow: DLL Side-Loading | T1574.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: Process Argument Spoofing | T1564.010 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: Email Hiding Rules | T1564.008 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: VBA Stomping | T1564.007 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: Run Virtual Instance | T1564.006 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: Hidden File System | T1564.005 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: NTFS File Attributes | T1564.004 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: Hidden Window | T1564.003 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: Hidden Users | T1564.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Hide Artifacts: Hidden Files and Directories | T1564.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Windows File and Directory Permissions Modification | T1222.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Domain Member | U1341 | Sandbox Evasion | 1 year, 2 months | ||
| CPU Counting | U1340 B0009.018 | Sandbox Evasion | 1 year, 2 months | ||
| Return Address Spoofing | U0518 | Antivirus/EDR Evasion | 1 year, 2 months | ||
| Avoiding Memory Scanners (Yara, Pe-sieve...) | U1009 | Others | 1 year, 2 months | ||
| Domain Policy Modification: Domain Trust Modification | T1484.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Domain Policy Modification: Group Policy Modification | T1484.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Access Token Manipulation: SID-History Injection | T1134.005 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Access Token Manipulation: Make and Impersonate Token | T1134.003 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Access Token Manipulation: Create Process with Token | T1134.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Access Token Manipulation: Token Impersonation/Theft | T1134.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
| Homograph Attack (Punycode) | U0909 | Network Evasion | 1 year, 3 months | ||
| Domain Fronting | U0908 T1090.004 | Network Evasion, Defense Evasion [Mitre] | 1 year, 3 months | ||
| Milfuscator | U1429 | Packers | 1 year, 3 months | ||
| Dirty Vanity | U1242 | Process Manipulating | 1 year, 4 months | ||
| Mark-Of-The-Web (MOTW) Bypass | U0517 | Antivirus/EDR Evasion | 1 year, 5 months | ||
| Tamper DLL Export Names & GetProcAddress Spoofing | U1241 | Process Manipulating | 1 year, 8 months | ||
| Hijack Execution Flow: DLL Search Order Hijacking | T1574.001 | Defense Evasion [Mitre] | 1 year, 8 months | ||
| DLL Proxying | U1240 | Process Manipulating | 1 year, 8 months |