Skip to content
SynAc
Browse

Terms

Alphabetical index of published term entries with tag filters and quick sort.

  1. TERMLC_LOAD_DYLIB Addition
    Updated Jan 03, 2026

    Adversaries may establish persistence by executing malicious content triggered by the execution of tainted binaries. Mach O binaries have a series of headers that are used to perform certain operations when a binary is loaded. The LC LOAD DYLIB header in a Mach O binary tells macOS and OS X which dynamic libraries (dylibs) to load during execution time. These can be added ad hoc to the compiled binary as long as adjustments are made to the rest of the fields and dependencies.(Citation: Writing Bad Malware for OSX) There are tools available to perform these changes.

    CryptographyThreats
  2. TERMLifecycle-Triggered Deletion
    Updated Jan 03, 2026

    Adversaries may modify the lifecycle policies of a cloud storage bucket to destroy all objects stored within.

    Access ControlCloud & ContainersGovernance & RiskThreats
  3. TERMLinux and Mac File and Directory Permissions Modification
    Updated Jan 03, 2026

    Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.(Citation: Hybrid Analysis Icacls1 June 2018)(Citation: Hybrid Analysis Icacls2 May 2018) File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).

    Access ControlGovernance & RiskThreats
  4. TERMLocal Data Staging
    Updated Jan 03, 2026

    Adversaries may stage collected data in a central location or directory on the local system prior to Exfiltration. Data may be kept in separate files or combined into one file through techniques such as Archive Collected Data. Interactive command shells may be used, and common functionality within cmd and bash may be used to copy data into a staging location.

    Threats
  5. TERMLSA Secrets
    Updated Jan 03, 2026

    Adversaries with SYSTEM access to a host may attempt to access Local Security Authority (LSA) secrets, which can contain a variety of different credential materials, such as credentials for service accounts.(Citation: Passcape LSA Secrets)(Citation: Microsoft AD Admin Tier Model)(Citation: Tilbury Windows Credentials) LSA secrets are stored in the registry at <code HKEY LOCAL MACHINE\SECURITY\Policy\Secrets</code . LSA secrets can also be dumped from memory.(Citation: ired Dumping LSA Secrets)

    Access ControlEndpoint SecurityGovernance & RiskIdentityThreats