Trusted Design戦術「Lateral Movement」に関連する攻撃手法(Technique)の一覧です。
| Technique ID | Name | Description |
|---|---|---|
| T1017 | Application Deployment Software | Adversaries may deploy malicious software to systems within a network using application deployment systems employed by e… |
| T1021 | Remote Services | Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to log into a service that accepts remot… |
| T1021.001 | Remote Desktop Protocol | Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to log into a computer using the Remote … |
| T1021.002 | SMB/Windows Admin Shares | Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to interact with a remote network share … |
| T1021.003 | Distributed Component Object Model | Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to interact with remote machines by taki… |
| T1021.004 | SSH | Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to log into remote machines using Secure… |
| T1021.005 | VNC | Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to remotely control machines using Virtu… |
| T1021.006 | Windows Remote Management | Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to interact with remote systems using Wi… |
| T1021.007 | Cloud Services | Adversaries may log into accessible cloud services within a compromised environment using [Valid Accounts](https://attac… |
| T1021.008 | Direct Cloud VM Connections | Adversaries may leverage [Valid Accounts](https://attack.mitre.org/techniques/T1078) to log directly into accessible clo… |
| T1051 | Shared Webroot | **This technique has been deprecated and should no longer be used.** Adversaries may add malicious content to an intern… |
| T1075 | Pass the Hash | Pass the hash (PtH) is a method of authenticating as a user without having access to the user's cleartext password. This… |
| T1076 | Remote Desktop Protocol | Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a syst… |
| T1077 | Windows Admin Shares | Windows systems have hidden network shares that are accessible only to administrators and provide the ability for remote… |
| T1080 | Taint Shared Content | Adversaries may deliver payloads to remote systems by adding content to shared storage locations, such as network drive… |
| T1091 | Replication Through Removable Media | Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removabl… |
| T1097 | Pass the Ticket | Pass the ticket (PtT) is a method of authenticating to a system using Kerberos tickets without having access to an accou… |
| T1175 | Component Object Model and Distributed COM | **This technique has been deprecated. Please use [Distributed Component Object Model](https://attack.mitre.org/technique… |
| T1184 | SSH Hijacking | Secure Shell (SSH) is a standard means of remote access on Linux and macOS systems. It allows a user to connect to anoth… |
| T1210 | Exploitation of Remote Services | Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network. Exploi… |
| T1534 | Internal Spearphishing | After they already have access to accounts or systems within the environment, adversaries may use internal spearphishing… |
| T1550 | Use Alternate Authentication Material | Adversaries may use alternate authentication material, such as password hashes, Kerberos tickets, and application access… |
| T1550.001 | Application Access Token | Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted … |
| T1550.002 | Pass the Hash | Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal s… |
| T1550.003 | Pass the Ticket | Adversaries may “pass the ticket” using stolen Kerberos tickets to move laterally within an environment, bypassing norma… |
| T1550.004 | Web Session Cookie | Adversaries can use stolen session cookies to authenticate to web applications and services. This technique bypasses som… |
| T1563 | Remote Service Session Hijacking | Adversaries may take control of preexisting sessions with remote services to move laterally in an environment. Users may… |
| T1563.001 | SSH Hijacking | Adversaries may hijack a legitimate user's SSH session to move laterally within an environment. Secure Shell (SSH) is a … |
| T1563.002 | RDP Hijacking | Adversaries may hijack a legitimate user’s remote desktop session to move laterally within an environment. Remote deskto… |
| T1570 | Lateral Tool Transfer | Adversaries may transfer tools or other files between systems in a compromised environment. Once brought into the victim… |