{% hint style="success" %} Hack Responsibly.
Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here. {% endhint %}
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|
The hacking methodology categories align with the enterprise attack tactics in the MITRE ATT&CK matrix. The categories are:
- Initial access - Gaining initial entry to the target network, usually involving password-guessing, exploits, or phishing emails
- Execution - Launching attacker tools and malicious code, including RATs and backdoors
- Persistence - Creating autostart extensibility points (ASEPs) to remain active and survive system restarts
- Privilege escalation - Obtaining higher permission levels for code by running it in the context of a privileged process or account
- Defense evasion - Avoiding security controls by, for example, turning off security apps, deleting implants, and running rootkits
- Credential access - Obtaining valid credentials to extend control over devices and other resources in the network
- Discovery - Gathering information about important devices and resources, such as administrator computers, domain controllers, and file servers
- Lateral movement - Moving between devices in the target network to reach critical resources or gain network persistence
- Collection - Locating and collecting data for exfiltration
- Command and control - Connecting to attacker-controlled network infrastructure to relay data or receive commands
- Exfiltration - Extracting data from the network to an external, attacker-controlled location