Remote System Discovery
OS Credential Dumping
Multi-hop Proxy
Email Collection
Acquire Infrastructure
Archive Collected Data
Masquerading
Vulnerability Scanning
Virtual Private Server
Log Enumeration
Exploit Public-Facing Application
External Remote Services
Automated Collection
Non-Standard Port
File Deletion
Lateral Tool Transfer
Non-Application Layer Protocol
Video Capture
Protocol Tunneling
Brute Force
Malware
Password Spraying
Scanning IP Blocks
Web Shell
Establish Accounts
External Defacement
Scheduled Task
Exploitation of Remote Services
PowerShell
Modify Registry
DNS
Pass the Hash
Exfiltration to Cloud Storage
Exploits
Supply Chain Compromise
Data from Local System
Disk Structure Wipe
Exploitation for Client Execution
Match Legitimate Resource Name or Location
Credentials In Files
LSASS Memory
Windows Management Instrumentation
Remote Services
LSA Secrets
Security Account Manager
Default Accounts
Network Service Discovery