Archive Collected Data
Screen Capture
Hidden Users
Web Shell
Malicious File
Business Relationships
Valid Accounts
System Network Configuration Discovery
Server
File and Directory Discovery
Local Account
Template Injection
Exploitation for Client Execution
Password Cracking
Drive-by Target
Query Registry
Spearphishing Attachment
Drive-by Compromise
Domains
Security Account Manager
Spearphishing Attachment
Data from Local System
File Deletion
Command and Scripting Interpreter
Clear Windows Event Logs
Disable or Modify System Firewall
Modify Registry
Tool
Compromise Software Supply Chain
Masquerade Account Name
NTDS
Additional Local or Domain Groups
Virtual Private Server
Windows Command Shell
File Transfer Protocols
Spearphishing Link
Scheduled Task
Domain Groups
Remote Email Collection
Vulnerability Scanning
Registry Run Keys / Startup Folder
Ingress Tool Transfer
External Remote Services
LSA Secrets
Exploit Public-Facing Application
Network Share Discovery
Brute Force
Remote Desktop Protocol
Forced Authentication
System Owner/User Discovery
Local Data Staging
PowerShell
Exploitation of Remote Services
Python
Remote System Discovery
Domain Account