| T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1619_AWS | Cloud Storage Object Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
| T1135_Windows | Network Share Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
| T1133_Windows | External Remote Services (Windows) | Windows | Persistence, Initial Access | MITRE ATT&CK |
| 1078.001 | Valid Accounts: Default Accounts | Azure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1021.001_Windows | Remote Services: Remote Desktop Protocol | Windows | Lateral Movement | MITRE ATT&CK |
| T1021.006_Windows | Remote Services: Windows Remote Management | Windows | Lateral Movement | MITRE ATT&CK |
| T1059.004_Linux | Command and Scripting Interpreter: Unix Shell | Linux | Execution | MITRE ATT&CK |
| T1068_Windows | Exploitation for Privilege Escalation (Windows) | Windows | Privilege Escalation | MITRE ATT&CK |
| T1087.004_AWS | Account Discovery: Cloud Account (AWS) | AWS | Discovery | MITRE ATT&CK |
| T1098.004 | SSH Authorized Keys | Cloud | Privilege Escalation, Persistence | MITRE ATT&CK |
| T1204.002_AWS | User Execution: Malicious File (AWS) | AWS | Execution | MITRE ATT&CK |
| T1499.004 | Endpoint Denial of Service: Application or System Exploitation | Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS | Impact | MITRE ATT&CK |
| T1552.005_AWS | Cloud Instance Metadata API | AWS | Credential Access | MITRE ATT&CK |
| T1555.004_Windows | Credentials from Password Stores: Windows Credential Manager | Windows | Credential Access | MITRE ATT&CK |
| T1574.007_Windows | Path Interception by PATH Environment Variable | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1648_AWS | Serverless Execution | AWS | Execution | MITRE ATT&CK |
| T0873_ICS | Project File Infection | OT | Persistence | MITRE ATT&CK |
| T1595.001_PRE | Active Scanning: Scanning IP Blocks | PRE | Reconnaissance | MITRE ATT&CK |
| WAS.112439 | Server-Side Request Forgery | Web Application | Server-Side Request Forgery (SSRF) | OWASP |
| WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
| WAS.113162 | My SQL Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
| T1592.002_PRE | Gather Victim Host Information: Software | PRE | Reconnaissance | MITRE ATT&CK |
| WAS.112684 | Client Side Template Injection | Web Application | Injection | OWASP |
| WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
| WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.113634 | Server-Side Includes (SSI) Injection | Web Application | Injection | OWASP |
