T1069.002_Windows | Permission Groups Discovery: Domain Groups | Windows | Discovery | MITRE ATT&CK |
T1615_Windows | Group Policy Discovery | Windows | Discovery | MITRE ATT&CK |
T1037.003_Windows | Boot or Logon Initialization Scripts: Network Logon Script (Windows) | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1484.001_Windows | Domain Policy Modification: Group Policy Modification | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1114.002_Windows | Remote Email Collection | Windows | Collection | MITRE ATT&CK |
T1207_Windows | Rogue Domain Controller | Windows | Defense Evasion | MITRE ATT&CK |
T1003.006_Windows | OS Credential Dumping: DCSync | Windows | Credential Access | MITRE ATT&CK |
T1558.003_Windows | Steal or Forge Kerberos Tickets: Kerberoasting | Windows | Credential Access | MITRE ATT&CK |
T1548_Windows | Abuse Elevation Control Mechanism | Windows | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1548.005_Azure | Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1078.002_Windows | Valid Accounts: Domain Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1134.005_Windows | Access Token Manipulation: SID-History Injection | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1558.004_Windows | Steal or Forge Kerberos Tickets: AS-REP Roasting | Windows | Credential Access | MITRE ATT&CK |
T1069.003_Azure | Permission Groups Discovery:Cloud Groups(Azure) | Entra ID | Discovery | MITRE ATT&CK |
T1098.001_Azure | Account Manipulation: Additional Cloud Credentials | Entra ID | Persistence | MITRE ATT&CK |
T1557.001_Windows | Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay | Windows | Credential Access, Collection | MITRE ATT&CK |
T1484.002_Azure | Domain Policy Modification: Trust Modification(Azure) | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |
T1098.003_Azure | Account Manipulation: Additional Cloud Roles (Azure) | Entra ID | Persistence, Privilege Escalation | MITRE ATT&CK |
T1574.010_Windows | Hijack Execution Flow: Services File Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1110.004_Windows | Brute Force: Credential Stuffing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1558.001_Windows | Steal or Forge Kerberos Tickets: Golden Ticket | Windows | Credential Access | MITRE ATT&CK |
T1059.009_Azure | Command and Scripting Interpreter: Cloud API | Entra ID | Execution | MITRE ATT&CK |
T1078.004_Azure | Valid Accounts: Cloud Accounts | Entra ID | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1087.004_Azure | Account Discovery:Cloud Account(Azure) | Entra ID | Discovery | MITRE ATT&CK |
T1556.007 | Modify Authentication Process: Hybrid Identity | Entra ID | Credential Access, Defense Evasion, Persistence | MITRE ATT&CK |
T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
T1059.004_Linux | Command and Scripting Interpreter: Unix Shell | Linux | Execution | MITRE ATT&CK |
T1555.004_Windows | Credentials from Password Stores: Windows Credential Manager | Windows | Credential Access | MITRE ATT&CK |
T1574.007_Windows | Path Interception by PATH Environment Variable | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1499.004 | Endpoint Denial of Service: Application or System Exploitation | Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Impact | MITRE ATT&CK |
T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
1078.001 | Valid Accounts: Default Accounts | Azure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1133_Windows | External Remote Services (Windows) | Windows | Persistence, Initial Access | MITRE ATT&CK |
T1190_Aws | Exploit Public-Facing Application (Aws) | Aws | Initial Access, Persistence | MITRE ATT&CK |
T1003.008_Windows | OS Credential Dumping: /etc/passwd and /etc/shadow | Linux | Credential Access | MITRE ATT&CK |
T1059.005_Windows | Command and Scripting Interpreter: Visual Basic | Windows | Execution | MITRE ATT&CK |
T1059.006_Windows | Command and Scripting Interpreter: Python (Windows) | Windows | Execution | MITRE ATT&CK |
T1218.007_Windows | System Binary Proxy Execution: Msiexec | Windows | Defense Evasion | MITRE ATT&CK |
T1219_Windows | Remote Access Software | Windows | Command and Control | MITRE ATT&CK |
T1552.002_Windows | Unsecured Credentials: Credentials in Registry
| Windows | Credential Access | MITRE ATT&CK |
T1574.009_Windows | Path Interception by Unquoted Path | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1003.004_Windows | OS Credential Dumping: LSA Secrets | Windows | Credential Access | MITRE ATT&CK |
T1210_Windows | Exploitation of Remote Services (Windows) | Windows | Lateral Movement | MITRE ATT&CK |
T1606.002_Azure | Forge Web Credentials:SAML Tokens(Azure) | Entra ID | Credential Access | MITRE ATT&CK |