Skip to content

Coverage map

A mapping of techniques I have hands-on experience with, drawn from penetration tests, the OSEP and CRTE lab work, and live incident response.

Star map

Technique Constellation

38 techniques · 12 tactics

T1595 Active ScanningT1589 Gather Victim Identity InfoReconnaissance (TA0043)2ReconnaissanceTA0043T1566 PhishingT1190 Exploit Public-Facing ApplicationInitial Access (TA0001)2Initial AccessTA0001T1059.001 PowerShellT1059.003 Windows Command ShellT1047 WMIT1204 User ExecutionExecution (TA0002)4ExecutionTA0002T1053 Scheduled Task/JobT1078 Valid AccountsT1547 Boot/Logon AutostartPersistence (TA0003)3PersistenceTA0003T1134 Access Token ManipulationT1068 Exploitation for Privilege EscalationT1558 Steal/Forge Kerberos TicketsT1484 Domain Policy ModificationPrivilege Escalation (TA0004)4Privilege EscalationTA0004T1562 Impair DefensesT1055 Process InjectionT1027 Obfuscated Files/InformationT1036 MasqueradingT1218 System Binary Proxy ExecutionT1070 Indicator RemovalDefense Evasion (TA0005)6Defense EvasionTA0005T1003 OS Credential DumpingT1558 Steal/Forge Kerberos TicketsT1552 Unsecured CredentialsT1649 Steal/Forge Auth CertificatesCredential Access (TA0006)4Credential AccessTA0006T1087 Account DiscoveryT1482 Domain Trust DiscoveryT1046 Network Service DiscoveryT1069 Permission Groups DiscoveryDiscovery (TA0007)4DiscoveryTA0007T1021 Remote ServicesT1550 Use Alternate Auth MaterialT1570 Lateral Tool TransferLateral Movement (TA0008)3Lateral MovementTA0008T1071 Application Layer ProtocolT1572 Protocol TunnelingT1573 Encrypted ChannelCommand & Control (TA0011)3Command & ControlTA0011T1041 Exfiltration Over C2T1567 Exfiltration Over Web ServiceExfiltration (TA0010)2ExfiltrationTA0010T1496 Resource HijackingImpact (TA0040)1ImpactTA0040

← swipe the star map →

Hover a hub for a tactic, or a node for the technique and supporting evidence.

Hub size = techniques mapped · the spine follows the attack lifecycle, Reconnaissance to Impact

Breakdown

Tactics & Evidence

1-2 3-4 5+MITRE ATT&CK v15