> Windows Syscalls

MITRE ATT&CK-Pivot

Durchsuchen Sie dokumentierte Windows-Syscalls, gruppiert nach der ATT&CK-Technik, die sie implementieren. Praktisch für Threat Hunter, die Detektionen zu den zugrunde liegenden Kernel-Aufrufen zurückführen.

91 Techniken im Syscall-Katalog referenziert

T1003OS Credential Dumping

T1005Data from Local System

T1012Query Registry

T1014Rootkit

T1027Obfuscated Files or Information

T1029Scheduled Transfer

T1033System Owner/User Discovery

T1055Process Injection

T1057Process Discovery

T1068Exploitation for Privilege Escalation

T1069Permission Groups Discovery

T1070Indicator Removal

T1071Application Layer Protocol

T1082System Information Discovery

T1083File and Directory Discovery

T1087Account Discovery

T1090Proxy

T1106Native API

T1112Modify Registry

T1134Access Token Manipulation

T1137Office Template Macros

T1222File and Directory Permissions Modification

T1480Execution Guardrails

T1485Data Destruction

T1486Data Encrypted for Impact

T1489Service Stop

T1490Inhibit System Recovery

T1491Internal Defacement

T1497Virtualization/Sandbox Evasion

T1499Endpoint Denial of Service

T1518Software Discovery

T1529System Shutdown/Reboot

T1542Pre-OS Boot

T1543Create or Modify System Process: Windows Service

T1546Event Triggered Execution

T1547Boot or Logon Autostart Execution

T1548Bypass User Account Control

T1552Unsecured Credentials: Credentials in Registry

T1553Subvert Trust Controls

T1555Credentials from Password Stores

T1559Inter-Process Communication

T1561Disk Content Wipe

T1562Impair Defenses

T1564Hide Artifacts

T1571Non-Standard Port

T1574Hijack Execution Flow

T1611Escape to Host

T1620Reflective Code Loading

T1622Debugger Evasion