MITRE ATT&CK pivot

Browse documented Windows syscalls grouped by the ATT&CK technique they implement. Useful for threat hunters mapping detections back to the underlying kernel calls.

61 techniques referenced across the syscall catalog

T1003OS Credential Dumping

T1005Data from Local System

T1012Query Registry

T1014Rootkit

T1027Obfuscated Files or Information: Embedded Payloads

T1029Scheduled Transfer

T1033System Owner/User Discovery

T1055Process Injection

T1057Process Discovery

T1068Exploitation for Privilege Escalation

T1070Indicator Removal

T1083File and Directory Discovery

T1087Account Discovery

T1090Proxy

T1106Native API

T1112Modify Registry

T1134Access Token Manipulation

T1137Office Template Macros

T1480Execution Guardrails

T1485Data Destruction

T1486Data Encrypted for Impact

T1489Service Stop

T1497Virtualization/Sandbox Evasion

T1518Software Discovery

T1529System Shutdown/Reboot

T1543Create or Modify System Process: Windows Service

T1546Image File Execution Options Injection

T1547Registry Run Keys / Startup Folder

T1548Bypass User Account Control

T1552Unsecured Credentials: Credentials in Registry

T1555Credentials from Password Stores

T1559Inter-Process Communication

T1561Disk Content Wipe

T1562Impair Defenses: Disable or Modify Tools

T1564Hide Artifacts

T1571Non-Standard Port

T1574Hijack Execution Flow: Executable Installer File Permissions Weakness

T1620Reflective Code Loading

T1622Debugger Evasion