| T1195.002_Windows | Supply Chain Compromise: Compromise Software Supply Chain | Windows | Initial Access | MITRE ATT&CK |
| T1518.001_Windows | Software Discovery: Security Software Discovery | Windows | Discovery | MITRE ATT&CK |
| T1550.001_Windows | Material: Application Access Token | Windows | Lateral Movement, Defense Evasion | MITRE ATT&CK |
| T1615_Windows | Group Policy Discovery | Windows | Discovery | MITRE ATT&CK |
| T1212_Windows | Exploitation for Credential Access (Windows) | Windows | Credential Access | MITRE ATT&CK |
| T1037.003_Windows | Boot or Logon Initialization Scripts: Network Logon Script (Windows) | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1484.001_Windows | Domain Policy Modification: Group Policy Modification | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
| T1003.008_Windows | OS Credential Dumping: /etc/passwd and /etc/shadow | Linux | Credential Access | MITRE ATT&CK |
| T1059.005_Windows | Command and Scripting Interpreter: Visual Basic | Windows | Execution | MITRE ATT&CK |
| T1059.006_Windows | Command and Scripting Interpreter: Python (Windows) | Windows | Execution | MITRE ATT&CK |
| T1218.007_Windows | System Binary Proxy Execution: Msiexec | Windows | Defense Evasion | MITRE ATT&CK |
| T1219_Windows | Remote Access Software | Windows | Command and Control | MITRE ATT&CK |
| T1552.002_Windows | Unsecured Credentials: Credentials in Registry
| Windows | Credential Access | MITRE ATT&CK |
| T1574.009_Windows | Path Interception by Unquoted Path | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1003.004_Windows | OS Credential Dumping: LSA Secrets | Windows | Credential Access | MITRE ATT&CK |
| T1110.004_Windows | Brute Force: Credential Stuffing (Windows) | Windows | Credential Access | MITRE ATT&CK |
| T1210_Windows | Exploitation of Remote Services (Windows) | Windows | Lateral Movement | MITRE ATT&CK |
| T1558.001_Windows | Steal or Forge Kerberos Tickets: Golden Ticket | Windows | Credential Access | MITRE ATT&CK |
| T1059.009_Azure | Command and Scripting Interpreter: Cloud API | Entra ID | Execution | MITRE ATT&CK |
| T1078.004_Azure | Valid Accounts: Cloud Accounts | Entra ID | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1087.004_Azure | Account Discovery:Cloud Account(Azure) | Entra ID | Discovery | MITRE ATT&CK |
| T1606.002_Azure | Forge Web Credentials:SAML Tokens(Azure) | Entra ID | Credential Access | MITRE ATT&CK |
| T1003.002_Windows | OS Credential Dumping: Security Account Manager | Windows | Credential Access | MITRE ATT&CK |
| T1048.002_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
| T1053.005_Windows | Scheduled Task/Job: Scheduled Task | Windows | Execution, Persistence, Privilege Escalation | MITRE ATT&CK |
| T1059.001_Windows | Command and Scripting Interpreter: PowerShell (Windows) | Windows | Execution | MITRE ATT&CK |
| T1135_Windows | Network Share Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
| T1547.002_Windows | Boot or Logon Autostart Execution: Authentication Package | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1211_Windows | Exploitation for Defense Evasion (Windows) | Windows | Defense Evasion | MITRE ATT&CK |
| T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
| T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
| T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |
| T1003.001_Windows | OS Credential Dumping: LSASS Memory | Windows | Credential Access | MITRE ATT&CK |
| T1047_Windows | Windows Management Instrumentation | Windows | Execution | MITRE ATT&CK |
| T1021.002_Windows | Remote Services: SMB/Windows Admin Shares | Windows | Lateral Movement | MITRE ATT&CK |
| T1098.003_Azure | Account Manipulation: Additional Cloud Roles (Azure) | Entra ID | Persistence, Privilege Escalation | MITRE ATT&CK |
| WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |
| WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |
| WAS.113212 | Content Injection | Web Application | Injection | OWASP |
| WAS.98113 | XML External Entity | Web Application | Security Misconfiguration | OWASP |
| WAS.98115 | SQL Injection | Web Application | Injection | OWASP |
| WAS.98116 | NoSQL Injection | Web Application | Injection | OWASP |
| WAS.98120 | Code Injection | Web Application | Injection | OWASP |
| T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
| WAS.113317 | Expression Language Injection | Web Application | Injection | OWASP |
| WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
| WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
