| T1499.004 | Application or System Exploitation | | Impact | MITRE ATT&CK |
| T1518.001_Windows | Software Discovery: Security Software Discovery | Windows | Discovery | MITRE ATT&CK |
| T1547.002 | Authentication Package | | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1552.002_Windows | Unsecured Credentials: Credentials in Registry
| Windows | Credential Access | MITRE ATT&CK |
| T1574.009 | Path Interception by Unquoted Path | | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1574.009_Windows | Path Interception by Unquoted Path | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1574.011 | Services Registry Permissions Weakness | | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1518.001 | Security Software Discovery | | Discovery | MITRE ATT&CK |
| T1210 | Exploitation of Remote Services | | Lateral Movement | MITRE ATT&CK |
| T1003.001_Windows | OS Credential Dumping: LSASS Memory | Windows | Credential Access | MITRE ATT&CK |
| T1003.004_Windows | OS Credential Dumping: LSA Secrets | Windows | Credential Access | MITRE ATT&CK |
| T1003.008 | /etc/passwd and /etc/shadow | | Credential Access | MITRE ATT&CK |
| T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
| T1021.003 | Distributed Component Object Model | | Lateral Movement | MITRE ATT&CK |
| T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
| T1053.005 | Scheduled Task | | Execution, Persistence, Privilege Escalation | MITRE ATT&CK |
| T1059.001_Windows | Command and Scripting Interpreter: PowerShell (Windows) | Windows | Execution | MITRE ATT&CK |
| T1059.003_Windows | Command and Scripting Interpreter: Windows Command Shell | Windows | Execution | MITRE ATT&CK |
| T1059.006_Windows | Command and Scripting Interpreter: Python (Windows) | Windows | Execution | MITRE ATT&CK |
| T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
| T1078.001 | Default Accounts | | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1078.003_Windows | Valid Accounts: Local Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1195.002 | Compromise Software Supply Chain | | Initial Access | MITRE ATT&CK |
| T1195.002_Windows | Supply Chain Compromise: Compromise Software Supply Chain | Windows | Initial Access | MITRE ATT&CK |
| T1555.004 | Windows Credential Manager | | Credential Access | MITRE ATT&CK |
| T1555.004_Windows | Credentials from Password Stores: Windows Credential Manager | Windows | Credential Access | MITRE ATT&CK |
| T1574.007 | Path Interception by PATH Environment Variable | | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1606.002_Azure | Forge Web Credentials:SAML Tokens(Azure) | Entra ID | Credential Access | MITRE ATT&CK |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | | Exfiltration | MITRE ATT&CK |
| T1048.003 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | | Exfiltration | MITRE ATT&CK |
| T1003.002 | Security Account Manager | | Credential Access | MITRE ATT&CK |
| T0814 | Denial of Service | | Inhibit Response Function | MITRE ATT&CK |
| T0822 | External Remote Services | | Initial Access | MITRE ATT&CK |
| T0843_ICS | Program Download | OT | Lateral Movement | MITRE ATT&CK |
| T0866_ICS | Exploitation of Remote Services | OT | Initial Access, Lateral Movement | MITRE ATT&CK |
| T1069.002_Windows | Permission Groups Discovery: Domain Groups | Windows | Discovery | MITRE ATT&CK |
| T1557.001_Windows | Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay | Windows | Credential Access, Collection | MITRE ATT&CK |
| T1649 | Steal or Forge Authentication Certificates | | Credential Access | MITRE ATT&CK |
| T1550.001 | Application Access Token | | Lateral Movement, Defense Evasion | MITRE ATT&CK |
| T0812_ICS | Default Credentials | OT | Lateral Movement | MITRE ATT&CK |
| T0820_ICS | Exploitation for Evasion | OT | Evasion | MITRE ATT&CK |
| T0891_ICS | Hardcoded Credentials | OT | Lateral Movement, Persistence | MITRE ATT&CK |
| T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
| T1078.002 | Domain Accounts | | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1078.002_Windows | Valid Accounts: Domain Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1082 | System Information Discovery | | Discovery | MITRE ATT&CK |
| T1484.002 | Trust Modification | | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
| T1528_AWS | Steal Application Access Token (AWS) | AWS | Collection | MITRE ATT&CK |
| T1003.008_Windows | OS Credential Dumping: /etc/passwd and /etc/shadow | Linux | Credential Access | MITRE ATT&CK |
