Pass the Hash
Masquerading
JavaScript
Windows Management Instrumentation
Software Deployment Tools
Lateral Tool Transfer
NTFS File Attributes
Credentials in Registry
Process Injection
PubPrn
Spearphishing Attachment
Network Share Discovery
System Owner/User Discovery
Non-Standard Port
System Information Discovery
Domains
Query Registry
Command Obfuscation
Windows Command Shell
Exfiltration Over Unencrypted Non-C2 Protocol
DLL
Spearphishing Link
Spearphishing Link
Local Account
PowerShell
LSASS Memory
Network Service Discovery
Drive-by Target
Exfiltration Over C2 Channel
Masquerade Task or Service
OS Credential Dumping
Local Accounts
Gather Victim Identity Information
Timestomp
Drive-by Compromise
Rundll32
Command and Scripting Interpreter
Modify Registry
Mail Protocols
Archive Collected Data
Malicious Link
Web Protocols
Match Legitimate Resource Name or Location
File Deletion
Fileless Storage
Ingress Tool Transfer
Scheduled Task
Rename Legitimate Utilities
Windows Service
Upload Malware
Linux and Mac Permissions
Service Execution
Remote System Discovery
Mshta
File and Directory Discovery
Clear Windows Event Logs
Visual Basic
Tool
SMB/Windows Admin Shares
Pass the Ticket
Web Services
Web Shell
Hidden Files and Directories
System Network Configuration Discovery
Junk Code Insertion
System Network Connections Discovery
Hidden Window
Encrypted/Encoded File
Keylogging
Email Addresses
Regsvr32
Exploitation for Privilege Escalation
Social Media Accounts
Office Application Startup
Exploitation for Client Execution
Malicious File
Registry Run Keys / Startup Folder
Web Service