FortiTester ATT&CK Database Version
Name | ATT&CK Tactics & Techniques | Status | Update |
---|---|---|---|
password_spray |
Credential Access: Brute Force |
Add
|
This step uses the DomainPasswordSpray tool to perform domain password spray. |
create_volume_shadow_copy_with_vssadmin |
Credential Access: Credential Dumping |
Add
|
This step creates a copy of the Active Directory domain database. |
create_volume_shadow_copy_with_WMI |
Credential Access: Credential Dumping |
Add
|
This step creates a copy of the Active Directory domain database. |
dump_database_with_ntdsutil |
Credential Access: Credential Dumping |
Add
|
This step generates a copy of ntds.dit. |
dump_lsass_memory |
Credential Access: Credential Dumping |
Add
|
This step uses Sysinternals ProcDump to dump lsass memory. |
dump_lsa_secrets |
Credential Access: Credential Dumping |
Add
|
This step dumps secrets key from Windows registry. |
TeamViewer_files_detected_test |
Command and Control: Remote Access Tools |
Mod
|
An adversary may attempt to trick the user into downloading teamviewer and using this to maintain access to the machine.(original name is download_TeamViewer) |