Credentials In Files
Cached Domain Credentials
Archive via Utility
Credentials from Web Browsers
Group Policy Preferences
Encrypted/Encoded File
Spearphishing Attachment
LSASS Memory
Spearphishing Link
Password Spraying
LSA Secrets
Scheduled Task
Credentials from Password Stores
Windows Management Instrumentation Event Subscription
Ingress Tool Transfer
Exfiltration Over Unencrypted Non-C2 Protocol
Tool
Network Sniffing
Web Protocols
PowerShell
Registry Run Keys / Startup Folder
Valid Accounts
Symmetric Cryptography
Visual Basic
Standard Encoding
Non-Standard Port
Cloud Accounts
Exploitation for Client Execution
Malicious File
Malicious Link
Exploitation for Privilege Escalation