Exploitation of edge-of-network devices (VPNs, Firewalls)
Living-off-the-land (LotL) techniques
Credential harvesting and reuse
DLL side-loading
Use of legitimate administrative tools for lateral movement
Command and Control (C2) via encrypted, common protocols