ESProfiler
Enterprise ATT&CK

Enterprise ATT&CK

V18.1.0Adversary Behavior
MITRE
Map Your Stack!
Define your Security Stack, and then when you're ready, you can map it against this framework to understand where you may have gaps and excessive overlap.

Reconnaissance

No Coverage0/36

Active Scanning

No Coverage0/3

Gather Victim Host Information

No Coverage0/4

Gather Victim Identity Information

No Coverage0/3

Gather Victim Network Information

No Coverage0/6

Gather Victim Org Information

No Coverage0/4

Phishing for Information

No Coverage0/4

Search Closed Sources

No Coverage0/2

Search Open Technical Databases

No Coverage0/5

Search Open Websites/Domains

No Coverage0/3

Search Threat Vendor Data

No Coverage

Search Victim-Owned Websites

No Coverage

Resource Development

No Coverage0/40

Acquire Access

No Coverage

Acquire Infrastructure

No Coverage0/8

Compromise Accounts

No Coverage0/3

Compromise Infrastructure

No Coverage0/8

Develop Capabilities

No Coverage0/4

Establish Accounts

No Coverage0/3

Obtain Capabilities

No Coverage0/7

Stage Capabilities

No Coverage0/6

Initial Access

No Coverage0/22

Content Injection

No Coverage

Drive-by Compromise

No Coverage

Exploit Public-Facing Application

No Coverage

External Remote Services

No Coverage

Hardware Additions

No Coverage

Phishing

No Coverage0/4

Replication Through Removable Media

No Coverage

Supply Chain Compromise

No Coverage0/3

Trusted Relationship

No Coverage

Valid Accounts

No Coverage0/4

Wi-Fi Networks

No Coverage

Spearphishing Link

No Coverage

Spearphishing Attachment

No Coverage

Spearphishing via Service

No Coverage

Execution

No Coverage0/63

Cloud Administration Command

No Coverage

Command and Scripting Interpreter

No Coverage0/13

Container Administration Command

No Coverage

Deploy Container

No Coverage

ESXi Administration Command

No Coverage

Exploitation for Client Execution

No Coverage

Input Injection

No Coverage

Inter-Process Communication

No Coverage0/3

Native API

No Coverage

Poisoned Pipeline Execution

No Coverage

Scheduled Task/Job

No Coverage0/5

Serverless Execution

No Coverage

Shared Modules

No Coverage

Software Deployment Tools

No Coverage

System Services

No Coverage0/3

User Execution

No Coverage0/5

Windows Management Instrumentation

No Coverage

Regsvcs/Regasm

No Coverage

Source

No Coverage

Launchctl

No Coverage

AppleScript

No Coverage

Rundll32

No Coverage

Regsvr32

No Coverage

LSASS Driver

No Coverage

Component Object Model and Distributed COM

No Coverage

CMSTP

No Coverage

Scripting

No Coverage

Control Panel Items

No Coverage

Mshta

No Coverage

Graphical User Interface

No Coverage

Trap

No Coverage

Local Job Scheduling

No Coverage

Windows Remote Management

No Coverage

Compiled HTML File

No Coverage

Space after Filename

No Coverage

Dynamic Data Exchange

No Coverage

Service Execution

No Coverage

PowerShell

No Coverage

InstallUtil

No Coverage

Persistence

No Coverage0/162

Account Manipulation

No Coverage0/7

BITS Jobs

No Coverage

Boot or Logon Autostart Execution

No Coverage0/14

Boot or Logon Initialization Scripts

No Coverage0/5

Cloud Application Integration

No Coverage

Compromise Host Software Binary

No Coverage

Create Account

No Coverage0/3

Create or Modify System Process

No Coverage0/5

Event Triggered Execution

No Coverage0/18

Exclusive Control

No Coverage

External Remote Services

No Coverage

Hijack Execution Flow

No Coverage0/12

Implant Internal Image

No Coverage

Modify Authentication Process

No Coverage0/9

Modify Registry

No Coverage

Office Application Startup

No Coverage0/6

Power Settings

No Coverage

Pre-OS Boot

No Coverage0/5

Scheduled Task/Job

No Coverage0/5

Server Software Component

No Coverage0/6

Software Extensions

No Coverage0/2

Traffic Signaling

No Coverage0/2

Valid Accounts

No Coverage0/4

Malicious Shell Modification

No Coverage

Bootkit

No Coverage

LC_LOAD_DYLIB Addition

No Coverage

Plist Modification

No Coverage

File System Permissions Weakness

No Coverage

Systemd Service

No Coverage

Component Firmware

No Coverage

Rc.common

No Coverage

Port Monitors

No Coverage

Screensaver

No Coverage

Startup Items

No Coverage

AppInit DLLs

No Coverage

Login Item

No Coverage

Service Registry Permissions Weakness

No Coverage

DLL Search Order Hijacking

No Coverage

New Service

No Coverage

Hypervisor

No Coverage

AppCert DLLs

No Coverage

Winlogon Helper DLL

No Coverage

Authentication Package

No Coverage

Launchctl

No Coverage

Image File Execution Options Injection

No Coverage

Modify Existing Service

No Coverage

Hooking

No Coverage

System Firmware

No Coverage

Change Default File Association

No Coverage

Re-opened Applications

No Coverage

Redundant Access

No Coverage

Kernel Modules and Extensions

No Coverage

Security Support Provider

No Coverage

LSASS Driver

No Coverage

PowerShell Profile

No Coverage

SIP and Trust Provider Hijacking

No Coverage

Application Shimming

No Coverage

Registry Run Keys / Startup Folder

No Coverage

Shortcut Modification

No Coverage

Component Object Model Hijacking

No Coverage

Accessibility Features

No Coverage

Dylib Hijacking

No Coverage

Trap

No Coverage

Netsh Helper DLL

No Coverage

Local Job Scheduling

No Coverage

Setuid and Setgid

No Coverage

Web Shell

No Coverage

Path Interception

No Coverage

Emond

No Coverage

Hidden Files and Directories

No Coverage

Time Providers

No Coverage

Launch Agent

No Coverage

Windows Management Instrumentation Event Subscription

No Coverage

Launch Daemon

No Coverage

Privilege Escalation

No Coverage0/124

Abuse Elevation Control Mechanism

No Coverage0/6

Access Token Manipulation

No Coverage0/5

Account Manipulation

No Coverage0/7

Boot or Logon Autostart Execution

No Coverage0/14

Boot or Logon Initialization Scripts

No Coverage0/5

Create or Modify System Process

No Coverage0/5

Domain or Tenant Policy Modification

No Coverage0/2

Escape to Host

No Coverage

Event Triggered Execution

No Coverage0/18

Exploitation for Privilege Escalation

No Coverage

Hijack Execution Flow

No Coverage0/12

Process Injection

No Coverage0/12

Scheduled Task/Job

No Coverage0/5

Valid Accounts

No Coverage0/4

Plist Modification

No Coverage

File System Permissions Weakness

No Coverage

Elevated Execution with Prompt

No Coverage

SID-History Injection

No Coverage

Port Monitors

No Coverage

Sudo Caching

No Coverage

Startup Items

No Coverage

AppInit DLLs

No Coverage

Service Registry Permissions Weakness

No Coverage

DLL Search Order Hijacking

No Coverage

New Service

No Coverage

AppCert DLLs

No Coverage

Extra Window Memory Injection

No Coverage

Image File Execution Options Injection

No Coverage

Hooking

No Coverage

PowerShell Profile

No Coverage

Application Shimming

No Coverage

Accessibility Features

No Coverage

Parent PID Spoofing

No Coverage

Sudo

No Coverage

Dylib Hijacking

No Coverage

Setuid and Setgid

No Coverage

Web Shell

No Coverage

Path Interception

No Coverage

Bypass User Account Control

No Coverage

Emond

No Coverage

Launch Daemon

No Coverage

Defense Evasion

No Coverage0/235

Abuse Elevation Control Mechanism

No Coverage0/6

Access Token Manipulation

No Coverage0/5

BITS Jobs

No Coverage

Build Image on Host

No Coverage

Debugger Evasion

No Coverage

Delay Execution

No Coverage

Deobfuscate/Decode Files or Information

No Coverage

Deploy Container

No Coverage

Direct Volume Access

No Coverage

Domain or Tenant Policy Modification

No Coverage0/2

Email Spoofing

No Coverage

Execution Guardrails

No Coverage0/2

Exploitation for Defense Evasion

No Coverage

File and Directory Permissions Modification

No Coverage0/2

Hide Artifacts

No Coverage0/14

Hijack Execution Flow

No Coverage0/12

Impair Defenses

No Coverage0/12

Impersonation

No Coverage

Indicator Removal

No Coverage0/10

Indirect Command Execution

No Coverage

Masquerading

No Coverage0/12

Modify Authentication Process

No Coverage0/9

Modify Cloud Compute Infrastructure

No Coverage0/5

Modify Cloud Resource Hierarchy

No Coverage

Modify Registry

No Coverage

Modify System Image

No Coverage0/2

Network Boundary Bridging

No Coverage0/1

Obfuscated Files or Information

No Coverage0/17

Plist File Modification

No Coverage

Pre-OS Boot

No Coverage0/5

Process Injection

No Coverage0/12

Reflective Code Loading

No Coverage

Rogue Domain Controller

No Coverage

Rootkit

No Coverage

Selective Exclusion

No Coverage

Subvert Trust Controls

No Coverage0/6

System Binary Proxy Execution

No Coverage0/14

System Script Proxy Execution

No Coverage0/2

Template Injection

No Coverage

Traffic Signaling

No Coverage0/2

Trusted Developer Utilities Proxy Execution

No Coverage0/3

Unused/Unsupported Cloud Regions

No Coverage

Use Alternate Authentication Material

No Coverage0/4

Valid Accounts

No Coverage0/4

Virtualization/Sandbox Evasion

No Coverage0/3

Weaken Encryption

No Coverage0/2

XSL Script Processing

No Coverage

Indicator Removal from Tools

No Coverage

Hidden Window

No Coverage

Plist Modification

No Coverage

HISTCONTROL

No Coverage

Component Firmware

No Coverage

Timestomp

No Coverage

Code Signing

No Coverage

Process Hollowing

No Coverage

Regsvcs/Regasm

No Coverage

Application Access Token

No Coverage

Disabling Security Tools

No Coverage

Revert Cloud Instance

No Coverage

DLL Search Order Hijacking

No Coverage

Binary Padding

No Coverage

Extra Window Memory Injection

No Coverage

Launchctl

No Coverage

File Deletion

No Coverage

Image File Execution Options Injection

No Coverage

Rundll32

No Coverage

Regsvr32

No Coverage

Indicator Blocking

No Coverage

Redundant Access

No Coverage

Gatekeeper Bypass

No Coverage

Software Packing

No Coverage

SIP and Trust Provider Hijacking

No Coverage

CMSTP

No Coverage

Scripting

No Coverage

Control Panel Items

No Coverage

Component Object Model Hijacking

No Coverage

Parent PID Spoofing

No Coverage

LC_MAIN Hijacking

No Coverage

Mshta

No Coverage

DLL Side-Loading

No Coverage

Process Doppelgänging

No Coverage

Web Session Cookie

No Coverage

Bypass User Account Control

No Coverage

Hidden Users

No Coverage

Compile After Delivery

No Coverage

Compiled HTML File

No Coverage

Clear Command History

No Coverage

Install Root Certificate

No Coverage

Hidden Files and Directories

No Coverage

Space after Filename

No Coverage

Network Share Connection Removal

No Coverage

NTFS File Attributes

No Coverage

InstallUtil

No Coverage

Credential Access

No Coverage0/71

Adversary-in-the-Middle

No Coverage0/4

Brute Force

No Coverage0/4

Credentials from Password Stores

No Coverage0/6

Exploitation for Credential Access

No Coverage

Forced Authentication

No Coverage

Forge Web Credentials

No Coverage0/2

Input Capture

No Coverage0/4

Modify Authentication Process

No Coverage0/9

Multi-Factor Authentication Interception

No Coverage

Multi-Factor Authentication Request Generation

No Coverage

Network Sniffing

No Coverage

OS Credential Dumping

No Coverage0/8

Steal Application Access Token

No Coverage

Steal or Forge Authentication Certificates

No Coverage

Steal or Forge Kerberos Tickets

No Coverage0/5

Steal Web Session Cookie

No Coverage

Unsecured Credentials

No Coverage0/8

LLMNR/NBT-NS Poisoning and Relay

No Coverage

Cloud Instance Metadata API

No Coverage

Securityd Memory

No Coverage

Credentials in Registry

No Coverage

Bash History

No Coverage

Credentials from Web Browsers

No Coverage

Private Keys

No Coverage

Hooking

No Coverage

Input Prompt

No Coverage

Keychain

No Coverage

Kerberoasting

No Coverage

Password Filter DLL

No Coverage

Credentials in Files

No Coverage

Discovery

No Coverage0/44

Account Discovery

No Coverage0/4

Application Window Discovery

No Coverage

Browser Information Discovery

No Coverage

Cloud Infrastructure Discovery

No Coverage

Cloud Service Dashboard

No Coverage

Cloud Service Discovery

No Coverage

Cloud Storage Object Discovery

No Coverage

Container and Resource Discovery

No Coverage

Debugger Evasion

No Coverage

Device Driver Discovery

No Coverage

Domain Trust Discovery

No Coverage

File and Directory Discovery

No Coverage

Group Policy Discovery

No Coverage

Local Storage Discovery

No Coverage

Log Enumeration

No Coverage

Network Service Discovery

No Coverage

Network Share Discovery

No Coverage

Network Sniffing

No Coverage

Password Policy Discovery

No Coverage

Peripheral Device Discovery

No Coverage

Permission Groups Discovery

No Coverage0/3

Process Discovery

No Coverage

Query Registry

No Coverage

Remote System Discovery

No Coverage

Software Discovery

No Coverage0/2

System Information Discovery

No Coverage

System Location Discovery

No Coverage0/1

System Network Configuration Discovery

No Coverage0/2

System Network Connections Discovery

No Coverage

System Owner/User Discovery

No Coverage

System Service Discovery

No Coverage

System Time Discovery

No Coverage

Virtual Machine Discovery

No Coverage

Virtualization/Sandbox Evasion

No Coverage0/3

Security Software Discovery

No Coverage

Lateral Movement

No Coverage0/31

Exploitation of Remote Services

No Coverage

Internal Spearphishing

No Coverage

Lateral Tool Transfer

No Coverage

Remote Service Session Hijacking

No Coverage0/2

Remote Services

No Coverage0/8

Replication Through Removable Media

No Coverage

Software Deployment Tools

No Coverage

Taint Shared Content

No Coverage

Use Alternate Authentication Material

No Coverage0/4

Application Access Token

No Coverage

Application Deployment Software

No Coverage

Remote Desktop Protocol

No Coverage

Component Object Model and Distributed COM

No Coverage

Shared Webroot

No Coverage

Pass the Ticket

No Coverage

SSH Hijacking

No Coverage

Pass the Hash

No Coverage

Windows Remote Management

No Coverage

Web Session Cookie

No Coverage

Windows Admin Shares

No Coverage

Collection

No Coverage0/34

Adversary-in-the-Middle

No Coverage0/4

Archive Collected Data

No Coverage0/3

Audio Capture

No Coverage

Automated Collection

No Coverage

Browser Session Hijacking

No Coverage

Clipboard Data

No Coverage

Data from Cloud Storage

No Coverage

Data from Configuration Repository

No Coverage0/2

Data from Information Repositories

No Coverage0/6

Data from Local System

No Coverage

Data from Network Shared Drive

No Coverage

Data from Removable Media

No Coverage

Data Staged

No Coverage0/2

Email Collection

No Coverage0/3

Input Capture

No Coverage0/4

Screen Capture

No Coverage

Video Capture

No Coverage

Command and Control

No Coverage0/46

Application Layer Protocol

No Coverage0/5

Communication Through Removable Media

No Coverage

Content Injection

No Coverage

Data Encoding

No Coverage0/2

Data Obfuscation

No Coverage0/3

Dynamic Resolution

No Coverage0/3

Encrypted Channel

No Coverage0/2

Fallback Channels

No Coverage

Hide Infrastructure

No Coverage

Ingress Tool Transfer

No Coverage

Multi-Stage Channels

No Coverage

Non-Application Layer Protocol

No Coverage

Non-Standard Port

No Coverage

Protocol Tunneling

No Coverage

Proxy

No Coverage0/4

Remote Access Tools

No Coverage0/3

Traffic Signaling

No Coverage0/2

Web Service

No Coverage0/3

Domain Fronting

No Coverage

Custom Cryptographic Protocol

No Coverage

Multilayer Encryption

No Coverage

Standard Cryptographic Protocol

No Coverage

Domain Generation Algorithms

No Coverage

Multi-hop Proxy

No Coverage

Multiband Communication

No Coverage

Uncommonly Used Port

No Coverage

Custom Command and Control Protocol

No Coverage

Commonly Used Port

No Coverage

Exfiltration

No Coverage0/16

Automated Exfiltration

No Coverage0/1

Data Transfer Size Limits

No Coverage

Exfiltration Over Alternative Protocol

No Coverage0/3

Exfiltration Over C2 Channel

No Coverage

Exfiltration Over Other Network Medium

No Coverage0/1

Exfiltration Over Physical Medium

No Coverage0/1

Exfiltration Over Web Service

No Coverage0/4

Scheduled Transfer

No Coverage

Transfer Data to Cloud Account

No Coverage

Data Compressed

No Coverage

Data Encrypted

No Coverage

Impact

No Coverage0/31

Account Access Removal

No Coverage

Data Destruction

No Coverage0/1

Data Encrypted for Impact

No Coverage

Data Manipulation

No Coverage0/3

Defacement

No Coverage0/2

Disk Wipe

No Coverage0/2

Email Bombing

No Coverage

Endpoint Denial of Service

No Coverage0/4

Financial Theft

No Coverage

Firmware Corruption

No Coverage

Inhibit System Recovery

No Coverage

Network Denial of Service

No Coverage0/2

Resource Hijacking

No Coverage0/4

Service Stop

No Coverage

System Shutdown/Reboot

No Coverage

Stored Data Manipulation

No Coverage

Disk Structure Wipe

No Coverage

Disk Content Wipe

No Coverage

Runtime Data Manipulation

No Coverage

Transmitted Data Manipulation

No Coverage

My Stack

Map to security frameworks
See how your products align to NIST 800-53, ISO 27001 and SOC 2 controls so you can evidence coverage in seconds.
Spot coverage gaps
Quickly identify missing capabilities across endpoint, cloud, app security and more to guide your roadmap.
Compare vendors & products
Understand which products drive overlapping capabilities and where you can consolidate spend.