Exploitation of zero-day and n-day vulnerabilities (e.g., 'ToolShell' SharePoint exploits)
DLL side-loading
Deployment of custom malware (PlugX, SysUpdate, HyperBro, Pandora Rootkit)
Use of Cobalt Strike Beacons
Web shell deployment (e.g., spinstall0.aspx)
Spear-phishing and strategic web compromises
Reverse proxy tools for persistence
Browser traffic hijacking