Esc
Evict
Definition
The eviction tactic is used to remove an adversary from a computer network.
Techniques
There are 19 techniques in this category, Evict.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Credential Eviction | D3-CE | Credential Eviction techniques disable or remove compromised credentials from a computer network. | |
| - Credential Revocation | D3-CR | Deleting a set of credentials permanently to prevent them from being used to authenticate. | |
| - Account Locking | D3-AL | The process of temporarily disabling user accounts on a system or domain. | |
| - Authentication Cache Invalidation | D3-ANCI | Removing tokens or credentials from an authentication cache to prevent further user associated account accesses. | |
| Object Eviction | D3-OE | Terminate or remove an object from a host machine. This is the broadest class for object eviction. | |
| - File Eviction | D3-FEV | File eviction techniques delete files from system storage. | |
| - Disk Erasure | D3-DKE | Disk Erasure is the process of securely deleting all data on a disk to ensure that it cannot be recovered by any means. | |
| - Disk Partitioning | D3-DKP | Disk Partitioning is the process of dividing a disk into multiple distinct sections, known as partitions. | |
| - Domain Registration Takedown | D3-DRT | The process of performing a takedown of the attacker's domain registration infrastructure. | |
| - Disk Formatting | D3-DKF | Disk Formatting is the process of preparing a data storage device, such as a hard drive, solid-state drive, or USB flash drive, for initial use. | |
| - DNS Cache Eviction | D3-DNSCE | Flushing DNS to clear any IP addresses or other DNS records from the cache. | Flush DNS Cache |
| - Registry Key Deletion | D3-RKD | Delete a registry key. | |
| - Email Removal | D3-ER | The email removal technique deletes email files from system storage. | Email Deletion |
| Process Eviction | D3-PE | Process eviction techniques terminate or remove running process. | |
| - Process Termination | D3-PT | Terminating a running application process on a computer system. | |
| - Process Suspension | D3-PS | Suspending a running process on a computer system. | |
| - Host Reboot | D3-HR | Initiating a host's reboot sequence to terminate all running processes. | |
| - Host Shutdown | D3-HS | Initiating a host's shutdown sequence to terminate all running processes. | |
| - Session Termination | D3-ST | Forcefully end all active sessions associated with compromised accounts or devices. |
D3FEND™
A knowledge graph of cybersecurity countermeasures