Web Services
Modify Registry
Local Groups
Deobfuscate/Decode Files or Information
Tool
JavaScript
Create Process with Token
Visual Basic
PowerShell Profile
Web Services
Dynamic-link Library Injection
Ingress Tool Transfer
Windows Credential Manager
Proxy
Exploitation for Privilege Escalation
Group Policy Discovery
System Network Connections Discovery
Native API
Mail Protocols
SMB/Windows Admin Shares
Registry Run Keys / Startup Folder
Data from Local System
Query Registry
System Service Discovery
Brute Force
Lateral Tool Transfer
Drive-by Compromise
Server
Domain Account
Disable or Modify Tools
File/Path Exclusions
Peripheral Device Discovery
Exfiltration to Cloud Storage
Bidirectional Communication
Web Protocols
System Time Discovery
Local Account
Malicious Link
Internal Proxy
Windows Management Instrumentation Event Subscription
Archive via Utility
Windows Command Shell
Process Discovery
System Network Configuration Discovery
Malware
Data from Removable Media
Security Software Discovery
PowerShell
Command Obfuscation
Python
Databases
Remote System Discovery
Malware
Domain Groups
Fileless Storage
Winlogon Helper DLL
Code Signing Policy Modification
Spearphishing Link
Internet Connection Discovery
Web Service
System Information Discovery
Virtual Private Server
Match Legitimate Resource Name or Location
Process Injection
Local Accounts
Password Policy Discovery
File and Directory Discovery
Indicator Removal from Tools