T1037.003_Windows | Boot or Logon Initialization Scripts: Network Logon Script (Windows) | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
T1484.001_Windows | Domain Policy Modification: Group Policy Modification | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1615_Windows | Group Policy Discovery | Windows | Discovery | MITRE ATT&CK |
T1114.002 | Remote Email Collection | | Collection | MITRE ATT&CK |
T1069.002_Windows | Permission Groups Discovery: Domain Groups | Windows | Discovery | MITRE ATT&CK |
T1003.003 | NTDS | | Credential Access | MITRE ATT&CK |
T1078.002_Windows | Valid Accounts: Domain Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1069.002 | Domain Groups | | Discovery | MITRE ATT&CK |
T1003.006_Windows | OS Credential Dumping: DCSync | Windows | Credential Access | MITRE ATT&CK |
T1114.002_Windows | Remote Email Collection | Windows | Collection | MITRE ATT&CK |
T1207_Windows | Rogue Domain Controller | Windows | Defense Evasion | MITRE ATT&CK |
T1548.005_Azure | Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1548_Windows | Abuse Elevation Control Mechanism | Windows | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1558.003_Windows | Steal or Forge Kerberos Tickets: Kerberoasting | Windows | Credential Access | MITRE ATT&CK |
T1558.003 | Kerberoasting | | Credential Access | MITRE ATT&CK |
T1078.004 | Cloud Accounts | | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1098.003 | Additional Cloud Roles | | Persistence, Privilege Escalation | MITRE ATT&CK |
T1556.007 | Hybrid Identity | | Credential Access, Defense Evasion, Persistence | MITRE ATT&CK |
T1550.001 | Application Access Token | | Lateral Movement, Defense Evasion | MITRE ATT&CK |
T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
T1484.002_Azure | Domain Policy Modification: Trust Modification(Azure) | Entra ID | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1557.001_Windows | Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay | Windows | Credential Access, Collection | MITRE ATT&CK |
T1484.002 | Trust Modification | | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | | Credential Access, Collection | MITRE ATT&CK |
T1078.002 | Domain Accounts | | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
T1059.009_Azure | Command and Scripting Interpreter: Cloud API | Entra ID | Execution | MITRE ATT&CK |
T1087.004_Azure | Account Discovery:Cloud Account(Azure) | Entra ID | Discovery | MITRE ATT&CK |
T1110.004_Windows | Brute Force: Credential Stuffing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1558.001_Windows | Steal or Forge Kerberos Tickets: Golden Ticket | Windows | Credential Access | MITRE ATT&CK |
T1207 | Rogue Domain Controller | | Defense Evasion | MITRE ATT&CK |
T1484.001 | Group Policy Modification | | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1550.003 | Pass the Ticket | | Defense Evasion, Lateral Movement | MITRE ATT&CK |
T1615 | Group Policy Discovery | | Discovery | MITRE ATT&CK |
T1574.010_Windows | Hijack Execution Flow: Services File Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1003.004 | LSA Secrets | | Credential Access | MITRE ATT&CK |
T1574.010 | Services File Permissions Weakness | | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1069.003_Azure | Permission Groups Discovery:Cloud Groups(Azure) | Entra ID | Discovery | MITRE ATT&CK |
T1134.005_Windows | Access Token Manipulation: SID-History Injection | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1558.004_Windows | Steal or Forge Kerberos Tickets: AS-REP Roasting | Windows | Credential Access | MITRE ATT&CK |
T1003.006 | DCSync | | Credential Access | MITRE ATT&CK |
T1059.009 | Cloud API | | Execution | MITRE ATT&CK |
T1110.001 | Password Guessing | | Credential Access | MITRE ATT&CK |
T1110.003 | Password Spraying | | Credential Access | MITRE ATT&CK |
T1482 | Domain Trust Discovery | | Discovery | MITRE ATT&CK |
T1548.005 | Temporary Elevated Cloud Access | | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
T1548 | Abuse Elevation Control Mechanism | | Privilege Escalation, Defense Evasion | MITRE ATT&CK |
T1556.001 | Domain Controller Authentication | | Credential Access, Defense Evasion, Persistence | MITRE ATT&CK |
T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |