Esc
Evict
Definition
The eviction tactic is used to remove an adversary from a computer network.
Techniques
There are 19 techniques in this category, Evict.
Name | ID | Definition | Synonyms |
---|---|---|---|
Credential Eviction | D3-CE | Credential Eviction techniques disable or remove compromised credentials from a computer network. | |
- Account Locking | D3-AL | The process of temporarily disabling user accounts on a system or domain. | |
- Authentication Cache Invalidation | D3-ANCI | Removing tokens or credentials from an authentication cache to prevent further user associated account accesses. | |
- Credential Revocation | D3-CR | Deleting a set of credentials permanently to prevent them from being used to authenticate. | |
Object Eviction | D3-OE | Terminate or remove an object from a host machine. This is the broadest class for object eviction. | |
- Domain Registration Takedown | D3-DRT | The process of performing a takedown of the attacker's domain registration infrastructure. | |
- Disk Formatting | D3-DKF | Disk Formatting is the process of preparing a data storage device, such as a hard drive, solid-state drive, or USB flash drive, for initial use. | |
- DNS Cache Eviction | D3-DNSCE | Flushing DNS to clear any IP addresses or other DNS records from the cache. | Flush DNS Cache |
- Registry Key Deletion | D3-RKD | Delete a registry key. | |
- File Eviction | D3-FEV | File eviction techniques delete files from system storage. | |
- Disk Erasure | D3-DKE | Disk Erasure is the process of securely deleting all data on a disk to ensure that it cannot be recovered by any means. | |
- Disk Partitioning | D3-DKP | Disk Partitioning is the process of dividing a disk into multiple distinct sections, known as partitions. | |
- Email Removal | D3-ER | The email removal technique deletes email files from system storage. | Email Deletion |
Process Eviction | D3-PE | Process eviction techniques terminate or remove running process. | |
- Host Shutdown | D3-HS | Initiating a host's shutdown sequence to terminate all running processes. | |
- Session Termination | D3-ST | Forcefully end all active sessions associated with compromised accounts or devices. | |
- Process Termination | D3-PT | Terminating a running application process on a computer system. | |
- Process Suspension | D3-PS | Suspending a running process on a computer system. | |
- Host Reboot | D3-HR | Initiating a host's reboot sequence to terminate all running processes. |
D3FEND™
A knowledge graph of cybersecurity countermeasures