Valid Accounts
System Information Discovery
Compromise Software Supply Chain
Permission Groups Discovery
Wordlist Scanning
PowerShell
Rootkit
Domain Account
Credentials from Web Browsers
Match Legitimate Resource Name or Location
Windows Service
File Transfer Protocols
Remote System Discovery
Software Packing
Code Signing
Scan Databases
Tool
Additional Local or Domain Groups
SMB/Windows Admin Shares
Boot or Logon Initialization Scripts
Local Account
Bootkit
Clear Windows Event Logs
Local Account
Web Protocols
Network Share Discovery
Network Boundary Bridging
Environmental Keying
Group Policy Modification
Vulnerability Scanning
Data from Local System
External Remote Services
File Deletion
Spearphishing Attachment
Disable or Modify Tools
Scheduled Task
Registry Run Keys / Startup Folder
Accessibility Features
Brute Force
Pass the Hash
Dynamic Linker Hijacking
Windows Command Shell
Security Account Manager
Domain Generation Algorithms
Service Execution
DNS
Network Service Discovery
Archive via Utility
Rundll32
Dead Drop Resolver
Fallback Channels
Credentials from Password Stores
Compute Hijacking
NTDS
System Network Connections Discovery
Unix Shell
Data Encrypted for Impact
System Network Configuration Discovery
System Owner/User Discovery
Ingress Tool Transfer
Exploitation for Client Execution
Compiled HTML File
Modify Registry
Proxy
LSASS Memory
Impersonation
Code Repositories
BITS Jobs
Query Registry
File and Directory Discovery
Process Injection
Remote Desktop Protocol
Exploit Public-Facing Application
Lateral Tool Transfer
Obfuscated Files or Information
Multi-Stage Channels
Data Transfer Size Limits
Windows Management Instrumentation
Keylogging
Clear Command History
Masquerade Task or Service
DLL