T1006
Direct Volume Access
T1027
Obfuscated Files or Information
T1038
DLL Search Order Hijacking
T1066
Indicator Removal from Tools
T1088
Bypass User Account Control
T1089
Disabling Security Tools
T1096
NTFS File Attributes
T1122
Component Object Model Hijacking
T1126
Network Share Connection Removal
T1127
Trusted Developer Utilities Proxy Execution
T1130
Install Root Certificate
T1134
Access Token Manipulation
T1140
Deobfuscate/Decode Files or Information
T1146
Clear Command History
T1151
Space after Filename
T1158
Hidden Files and Directories
T1181
Extra Window Memory Injection
T1183
Image File Execution Options Injection
T1186
Process DoppelgΓ€nging
T1196
Control Panel Items
T1198
SIP and Trust Provider Hijacking
T1202
Indirect Command Execution
T1207
Rogue Domain Controller
T1211
Exploitation for Defense Evasion
T1216
System Script Proxy Execution
T1218
System Binary Proxy Execution
T1220
XSL Script Processing
T1222
File and Directory Permissions Modification
T1480
Execution Guardrails
T1484
Domain or Tenant Policy Modification
T1497
Virtualization/Sandbox Evasion
T1500
Compile After Delivery
T1502
Parent PID Spoofing
T1527
Application Access Token
T1535
Unused/Unsupported Cloud Regions
T1536
Revert Cloud Instance
T1548
Abuse Elevation Control Mechanism
T1550
Use Alternate Authentication Material
T1553
Subvert Trust Controls
T1556
Modify Authentication Process
T1574
Hijack Execution Flow
T1578
Modify Cloud Compute Infrastructure
T1599
Network Boundary Bridging
T1601
Modify System Image
T1612
Build Image on Host
T1620
Reflective Code Loading
T1647
Plist File Modification
T1666
Modify Cloud Resource Hierarchy
T1679
Selective Exclusion