| WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |
| WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |
| WAS.113212 | Content Injection | Web Application | Injection | OWASP |
| WAS.98113 | XML External Entity | Web Application | Security Misconfiguration | OWASP |
| WAS.113069 | SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.98114 | XPath Injection | Web Application | Injection | OWASP |
| WAS.98123 | Operating System Command Injection | Web Application | Injection | OWASP |
| WAS.98623 | Host Header Injection | Web Application | Injection | OWASP |
| WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
| WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
| WAS.113162 | My SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.112439 | Server-Side Request Forgery | Web Application | Server-Side Request Forgery (SSRF) | OWASP |
| WAS.98115 | SQL Injection | Web Application | Injection | OWASP |
| WAS.98116 | NoSQL Injection | Web Application | Injection | OWASP |
| WAS.98120 | Code Injection | Web Application | Injection | OWASP |
| WAS.113317 | Expression Language Injection | Web Application | Injection | OWASP |
| T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
| WAS.112684 | Client Side Template Injection | Web Application | Injection | OWASP |
| WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
| WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.113634 | Server-Side Includes (SSI) Injection | Web Application | Injection | OWASP |
| T1190_Aws | Exploit Public-Facing Application (Aws) | Aws | Initial Access, Persistence | MITRE ATT&CK |
| T1133_Windows | External Remote Services (Windows) | Windows | Persistence, Initial Access | MITRE ATT&CK |
| T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
| T1114.002_Windows | Remote Email Collection | Windows | Collection | MITRE ATT&CK |
| T1204.002_AWS | User Execution: Malicious File (AWS) | AWS | Execution | MITRE ATT&CK |
| T1207_Windows | Rogue Domain Controller | Windows | Defense Evasion | MITRE ATT&CK |
| T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
| T1648_AWS | Serverless Execution | AWS | Execution | MITRE ATT&CK |
| T1059.004_Linux | Command and Scripting Interpreter: Unix Shell | Linux | Execution | MITRE ATT&CK |
| T1555.004_Windows | Credentials from Password Stores: Windows Credential Manager | Windows | Credential Access | MITRE ATT&CK |
| T1574.007_Windows | Path Interception by PATH Environment Variable | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1003.006_Windows | OS Credential Dumping: DCSync | Windows | Credential Access | MITRE ATT&CK |
| T1558.003_Windows | Steal or Forge Kerberos Tickets: Kerberoasting | Windows | Credential Access | MITRE ATT&CK |
| T1499.004 | Endpoint Denial of Service: Application or System Exploitation | Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Impact | MITRE ATT&CK |
| T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
| T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
| T1548_Windows | Abuse Elevation Control Mechanism | Windows | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1548.005_Azure | Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
| 1078.001 | Valid Accounts: Default Accounts | Azure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1087.004_AWS | Account Discovery: Cloud Account (AWS) | AWS | Discovery | MITRE ATT&CK |
| T1069.002_Windows | Permission Groups Discovery: Domain Groups | Windows | Discovery | MITRE ATT&CK |
| T1133_Azure | Exploit Public-Facing Application (Azure) | Entra ID | Initial Access, Persistence | MITRE ATT&CK |
| T0812_ICS | Default Credentials | OT | Lateral Movement | MITRE ATT&CK |
| T0843_ICS | Program Download | OT | Lateral Movement | MITRE ATT&CK |
| T0866_ICS | Exploitation of Remote Services | OT | Initial Access, Lateral Movement | MITRE ATT&CK |
| T1574.010_Windows | Hijack Execution Flow: Services File Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
