T1547.002_Windows | Boot or Logon Autostart Execution: Authentication Package | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1211_Windows | Exploitation for Defense Evasion (Windows) | Windows | Defense Evasion | MITRE ATT&CK |
T1003.001_Windows | OS Credential Dumping: LSASS Memory | Windows | Credential Access | MITRE ATT&CK |
T1047_Windows | Windows Management Instrumentation | Windows | Execution | MITRE ATT&CK |
T1021.002_Windows | Remote Services: SMB/Windows Admin Shares | Windows | Lateral Movement | MITRE ATT&CK |
T1203_Windows | Exploitation for Client Execution (Windows) | Windows | Execution | MITRE ATT&CK |
T1012_Windows | Query Registry | Windows | Discovery | MITRE ATT&CK |
T1048.003_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
T1059.003_Windows | Command and Scripting Interpreter: Windows Command Shell | Windows | Execution | MITRE ATT&CK |
T1078.003_Windows | Valid Accounts: Local Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1495_Windows | Firmware Corruption | Windows | Impact | MITRE ATT&CK |
T1574.011_Windows | Hijack Execution Flow: Services Registry Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1530_AWS | Data from Cloud Storage Object (AWS) | AWS | Collection | MITRE ATT&CK |
T1133_AWS | External Remote Services | Windows | Initial Access, Persistence | MITRE ATT&CK |
T1528_AWS | Steal Application Access Token (AWS) | AWS | Collection | MITRE ATT&CK |
T1580_AWS | Cloud Infrastructure Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
T1069.003_AWS | Permission Groups Discovery: Cloud Groups (AWS) | AWS | Discovery | MITRE ATT&CK |
T1069.002_Windows | Permission Groups Discovery: Domain Groups | Windows | Discovery | MITRE ATT&CK |
T1078.002_Windows | Valid Accounts: Domain Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1557.001_Windows | Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay | Windows | Credential Access, Collection | MITRE ATT&CK |
T1484.002_Azure | Domain Policy Modification: Trust Modification(Azure) | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
T1592.002_PRE | Gather Victim Host Information: Software | PRE | Reconnaissance | MITRE ATT&CK |
T1595.001_PRE | Active Scanning: Scanning IP Blocks | PRE | Reconnaissance | MITRE ATT&CK |
T1114.002_Windows | Remote Email Collection | Windows | Collection | MITRE ATT&CK |
T1207_Windows | Rogue Domain Controller | Windows | Defense Evasion | MITRE ATT&CK |
T1003.006_Windows | OS Credential Dumping: DCSync | Windows | Credential Access | MITRE ATT&CK |
T1558.003_Windows | Steal or Forge Kerberos Tickets: Kerberoasting | Windows | Credential Access | MITRE ATT&CK |
T1548_Windows | Abuse Elevation Control Mechanism | Windows | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1548.005_Azure | Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
WAS.112684 | Client Side Template Injection | Web Application | Injection | OWASP |
WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
WAS.113634 | Server-Side Includes (SSI) Injection | Web Application | Injection | OWASP |
T1615_Windows | Group Policy Discovery | Windows | Discovery | MITRE ATT&CK |
T1037.003_Windows | Boot or Logon Initialization Scripts: Network Logon Script (Windows) | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1484.001_Windows | Domain Policy Modification: Group Policy Modification | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |
T1098.003_Azure | Account Manipulation: Additional Cloud Roles (Azure) | Entra ID | Persistence, Privilege Escalation | MITRE ATT&CK |
T1110.004_Windows | Brute Force: Credential Stuffing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1558.001_Windows | Steal or Forge Kerberos Tickets: Golden Ticket | Windows | Credential Access | MITRE ATT&CK |
T1059.009_Azure | Command and Scripting Interpreter: Cloud API | Entra ID | Execution | MITRE ATT&CK |
T1078.004_Azure | Valid Accounts: Cloud Accounts | Entra ID | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1087.004_Azure | Account Discovery:Cloud Account(Azure) | Entra ID | Discovery | MITRE ATT&CK |
T1556.007 | Modify Authentication Process: Hybrid Identity | Entra ID | Credential Access, Defense Evasion, Persistence | MITRE ATT&CK |
WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |