Web shell deployment (GodZilla, AntSword)
DLL side-loading (abusing python.exe with python20.dll)
Custom Go-based network scanning (ScanPortPlus)
Linux-specific backdoor deployment (Xnote)
Modified Fast Reverse Proxy (FRP) for persistence
Credential theft using Mimikatz, LsaRecorder, DumpIt, and Volatility
Stealthy data exfiltration (WinRAR compression, Base64 encoding, and terminal printing)
Living-off-the-land binaries (LOLBINs)
Spear-phishing with malicious attachments and links (ABCDoor, ValleyRAT)