Local Account
Code Signing Certificates
Exploitation of Remote Services
Archive via Utility
Windows Command Shell
Windows Management Instrumentation
Tool
Windows Service
SMB/Windows Admin Shares
Data Staged
Domain Accounts
Process Injection
Remote Services
Remote Desktop Protocol
Pass the Hash
Windows Permissions
Lateral Tool Transfer
Malicious File
Scheduled Task
Command Obfuscation
File Deletion
Group Policy Preferences
Exfiltration Over Unencrypted Non-C2 Protocol
Disable or Modify Tools
Security Software Discovery
Rundll32
Kerberoasting
PowerShell
Exfiltration to Cloud Storage
Modify Registry
Inhibit System Recovery
External Remote Services
Winlogon Helper DLL
Masquerade Task or Service
Domain Account
Backup Software Discovery
Web Protocols
Code Signing
Domain Account
Local Data Staging
Name Resolution Poisoning and SMB Relay
Ingress Tool Transfer
NTDS
System Network Configuration Discovery
Email Accounts
System Owner/User Discovery
Valid Accounts
Malicious Link
LSASS Memory
Exfiltration Over C2 Channel
Spearphishing Attachment
Security Account Manager
Service Stop
Spearphishing Link
Remote System Discovery
Data from Local System
System Information Discovery
Windows Credential Manager
Network Share Discovery
Service Execution
Registry Run Keys / Startup Folder
Windows Remote Management
Dynamic-link Library Injection
BITS Jobs