Technique List

Technique Name Technique ID's Categories Snippet(s) Rules(s) OS Creation Date
Hide Artifacts: Hidden File System T1564.005 Defense Evasion [Mitre] 2 years, 3 months
Hide Artifacts: NTFS File Attributes T1564.004 Defense Evasion [Mitre] 2 years, 3 months
Hide Artifacts: Hidden Window T1564.003 Defense Evasion [Mitre] 2 years, 3 months
Hide Artifacts: Hidden Users T1564.002 Defense Evasion [Mitre] 2 years, 3 months
Hide Artifacts: Hidden Files and Directories T1564.001 Defense Evasion [Mitre] 2 years, 3 months
Windows File and Directory Permissions Modification T1222.001 Defense Evasion [Mitre] 2 years, 3 months
Domain Member U1341 Sandbox Evasion 2 years, 4 months
CPU Counting U1340 B0009.018 Sandbox Evasion 2 years, 4 months
Return Address Spoofing U0518 Antivirus/EDR Evasion 2 years, 4 months
Avoiding Memory Scanners (Yara, Pe-sieve...) U1009 Others 2 years, 4 months
Domain Policy Modification: Domain Trust Modification T1484.002 Defense Evasion [Mitre] 2 years, 4 months
Domain Policy Modification: Group Policy Modification T1484.001 Defense Evasion [Mitre] 2 years, 4 months
Access Token Manipulation: SID-History Injection T1134.005 Defense Evasion [Mitre] 2 years, 4 months
Access Token Manipulation: Make and Impersonate Token T1134.003 Defense Evasion [Mitre] 2 years, 4 months
Access Token Manipulation: Create Process with Token T1134.002 Defense Evasion [Mitre] 2 years, 4 months
Access Token Manipulation: Token Impersonation/Theft T1134.001 Defense Evasion [Mitre] 2 years, 4 months
Homograph Attack (Punycode) U0909 Network Evasion 2 years, 4 months
Domain Fronting U0908 T1090.004 Network Evasion, Defense Evasion [Mitre] 2 years, 4 months
Milfuscator U1429 Packers 2 years, 5 months
Dirty Vanity U1242 Process Manipulating 2 years, 5 months
Mark-Of-The-Web (MOTW) Bypass U0517 Antivirus/EDR Evasion 2 years, 7 months
Tamper DLL Export Names & GetProcAddress Spoofing U1241 Process Manipulating 2 years, 9 months
Hijack Execution Flow: DLL Search Order Hijacking T1574.001 Defense Evasion [Mitre] 2 years, 10 months
DLL Proxying U1240 Process Manipulating 2 years, 10 months
Change Module Base Address at Runtime U1239 Process Manipulating 2 years, 10 months
Change Module Name at Runtime U1238 Process Manipulating 2 years, 10 months
FLIRT Signatures Evasion U0220 Anti-Disassembly 2 years, 10 months
Windows Event Log Evasion via Native APIs U0307 Anti-Forensic 2 years, 11 months
Trap Flag U0131 Anti-Debugging 2 years, 11 months
ICE 0xF1 U0130 Anti-Debugging 2 years, 11 months
Filter
Clear