Available Modules

Windows

• Windows: ADIDNS (PowerMad)
• Windows: Active Directory Automated Discovery (BloodHound)
• Windows: Data Compressed (T1002)
• Windows: Credential Dumping (T1003)
• Windows: Winlogon Helper DLL (T1004)
• Windows: Data from Local System (T1005)
• Windows: System Service Discovery (T1007)
• Windows: Application Window Discovery (T1010)
• Windows: Query Registry (T1012)
• Windows: Port Monitors (T1013)
• Windows: Accessibility Features (T1015)
• Windows: System Network Configuration Discovery (T1016)
• Windows: Remote System Discovery (T1018)
• Windows: Shortcut Modification (T1023)
• Windows: Windows Remote Management (T1028)
• Windows: Modify Existing Service (T1031)
• Windows: System Owner/User Discovery (T1033)
• Windows: Path Interception (T1034)
• Windows: Service Execution (T1035)
• Windows: Masquerading (T1036)
• Windows: Logon Scripts (T1037)
• Windows: File System Permissions Weakness (T1044)
• Windows: Windows Management Instrumentation (T1047)
• Windows: System Network Connections Discovery (T1049)
• Windows: New Service (T1050)
• Windows: Scheduled Task (T1053)
• Windows: Process Injection (T1055)
• Windows: Input Capture (T1056)
• Windows: Process Discovery (T1057)
• Windows: Run Keys (T1060)
• Windows: Security Software Discovery (T1063)
• Windows: Permission Groups Discovery (T1069)
• Windows: Indicator Removal from Tools (T1070)
• Windows: Pass the Hash (T1075)
• Windows: Windows Admin Shares (T1077)
• Windows: Valid Accounts (T1078)
• Windows: Credentials in Files (T1081)
• Windows: System Information Discovery (T1082)
• Windows: File and Directory Discovery (T1083)
• Windows: Windows Management Instrumentation Event Subscription (1084)
• Windows: Rundll32 (T1085)
• Windows: PowerShell (T1086)
• Windows: Account Discovery (T1087)
• Windows: Bypass UAC (T1088)
• Windows: Disabling Security Tools (T1089)
• Windows: Windows NTFS Extended Attributes (T1096)
• Windows: Account Manipulation (T1098)
• Windows: Timestomp (T1099)
• Windows: AppInit DLLs (T1103)
• Windows: Remote File Copy (T1105)
• Windows: File Deletion (T1107)
• Windows: Brute Force (T1110)
• Windows: Modify Registry (T1112)
• Windows: Screen Capture (T1113)
• Windows: Clipboard Data (T1115)
• Windows: Regsvr32 (T1117)
• Windows: InstallUtil (T1118)
• Windows: Automated Collection (T1119)
• Windows: Peripheral Device Discovery (T1120)
• Windows: Regsvcs/Regasm (T1121)
• Windows: Audio Capture (T1123)
• Windows: System Time Discovery (T1124)
• Windows: Video Capture (T1125)
• Windows: Trusted Developer Utilities (T1127)
• Windows: Install Root Certificate (T1130)
• Windows: Authentication Package (T1131)
• Windows: Network Share Discovery (T1135)
• Windows: Create Account (T1136)
• Windows: MSHTA (T1170)
• Windows: Distributed Component Object Model (T1175)
• Windows: Screensaver (T1180)
• Windows: CMSTP (T1191)
• Windows: Control Panel Items (T1196)
• Windows: BITS jobs (T1197)
• Windows: Password Policy Discovery (T1201)
• Windows: Kerberoasting (T1208)
• Windows: Time Providers (T1209)
• Windows: Signed Binary Proxy Execution (T1218)

Linux

• Linux: System Network Configuration Discovery (T1016)
• Linux: System Owner/User Discovery (T1033)
• Linux: System Network Connections Discovery (T1049)
• Linux: Process Discovery (T1057)
• Linux: Permission Groups Discovery (T1069)
• Linux: System Information Discovery (T1082)
• Linux: Account Discovery (T1087)
• Linux: File Deletion (T1107)
• Linux: Password Policy Discovery (T1201)

macOS

• macOS: Data Compressed (T1002)
• macOS: System Network Configuration Discovery (T1016)
• macOS: Network Share Discovery (T1135)
• macOS: Create Account (T1136)
• macOS: Bash History (T1139)
• macOS: Password Policy Discovery (T1201)

Multi

• Multi: Remote System Discovery (T1018)
• Multi: Network Service Scanning (T1046)