| WAS.112614 | Server-Side Template Injection | Web Application | Injection | OWASP |
| WAS.113310 | Blind XPath Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98122 | Code Injection (Timing Attack) | Web Application | Injection | OWASP |
| WAS.98114 | XPath Injection | Web Application | Injection | OWASP |
| WAS.98123 | Operating System Command Injection | Web Application | Injection | OWASP |
| WAS.113634 | Server-Side Inclusion Injection | Web Application | Injection | OWASP |
| WAS.98117 | Blind SQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98118 | Blind SQL Injection (timing attack) | Web Application | Injection | OWASP |
| WAS.98127 | LDAP Injection Authentication Bypass | Web Application | Injection | OWASP |
| WAS.98113 | XML External Entity | Web Application | Injection | OWASP |
| WAS.98119 | Blind NoSQL Injection (differential analysis) | Web Application | Injection | OWASP |
| WAS.98121 | Code Injection (Php://input Wrapper) | Web Application | Injection | OWASP |
| WAS.98124 | Operating System Command Injection (Timing Attack) | Web Application | Injection | OWASP |
| WAS.113317 | Expression Language Injection | Web Application | Injection | OWASP |
| WAS.98115 | SQL Injection | Web Application | Injection | OWASP |
| WAS.98116 | NoSQL Injection | Web Application | Injection | OWASP |
| WAS.98120 | Code Injection | Web Application | Injection | OWASP |
| T1190_WAS | Exploit Public-Facing Application | Web Application | Initial Access | MITRE ATT&CK |
| T1003.003_Windows | OS Credential Dumping: NTDS | Windows | Credential Access | MITRE ATT&CK |
| T1557.001_Windows | Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay | Windows | Credential Access, Collection | MITRE ATT&CK |
| T1078.002_Windows | Valid Accounts: Domain Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1003.002_Windows | OS Credential Dumping: Security Account Manager | Windows | Credential Access | MITRE ATT&CK |
| T1048.002_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
| T1053.005_Windows | Scheduled Task/Job: Scheduled Task | Windows | Execution, Persistence, Privilege Escalation | MITRE ATT&CK |
| T1059.001_Windows | Command and Scripting Interpreter: PowerShell (Windows) | Windows | Execution | MITRE ATT&CK |
| T1135_Windows | Network Share Discovery (Windows) | Windows | Discovery | MITRE ATT&CK |
| T1537_AWS | Transfer Data to Cloud Account | AWS | Exfiltration | MITRE ATT&CK |
| T1547.002_Windows | Boot or Logon Autostart Execution: Authentication Package | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1547.005_Windows | Boot or Logon Autostart Execution: Security Support Provider | Windows | Persistence, Privilege Escalation | MITRE ATT&CK |
| T1098.001_AWS | Account Manipulation: Additional Cloud Credentials | AWS | Persistence | MITRE ATT&CK |
| T1211_Windows | Exploitation for Defense Evasion (Windows) | Windows | Defense Evasion | MITRE ATT&CK |
| T1619_AWS | Cloud Storage Object Discovery(AWS) | AWS | Discovery | MITRE ATT&CK |
| T1003.001_Windows | OS Credential Dumping: LSASS Memory | Windows | Credential Access | MITRE ATT&CK |
| T1021.002_Windows | Remote Services: SMB/Windows Admin Shares | Windows | Lateral Movement | MITRE ATT&CK |
| T1047_Windows | Windows Management Instrumentation | Windows | Execution | MITRE ATT&CK |
| T1110.001_Windows | Brute Force: Password Guessing (Windows) | Windows | Credential Access | MITRE ATT&CK |
| T1110.003_Windows | Brute Force: Password Spraying (Windows) | Windows | Credential Access | MITRE ATT&CK |
| T1482_Windows | Domain Trust Discovery | Windows | Discovery | MITRE ATT&CK |
| T1012_Windows | Query Registry | Windows | Discovery | MITRE ATT&CK |
| T1574.011_Windows | Hijack Execution Flow: Services Registry Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
| T1048.003_Windows | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (Windows) | Windows | Exfiltration | MITRE ATT&CK |
| T1059.003_Windows | Command and Scripting Interpreter: Windows Command Shell | Windows | Execution | MITRE ATT&CK |
| T1078.003_Windows | Valid Accounts: Local Accounts | Windows | Defense Evasion, Persistence, Privilege Escalation, Initial Access | MITRE ATT&CK |
| T1133_AWS | External Remote Services | Windows | Initial Access, Persistence | MITRE ATT&CK |
| T1203_Windows | Exploitation for Client Execution (Windows) | Windows | Execution | MITRE ATT&CK |
| T1530_AWS | Data from Cloud Storage Object (AWS) | AWS | Collection | MITRE ATT&CK |
| T1495_Windows | Firmware Corruption | Windows | Impact | MITRE ATT&CK |
| T1134.005_Windows | Access Token Manipulation: SID-History Injection | Windows | Defense Evasion, Privilege Escalation | MITRE ATT&CK |
| T1558.004_Windows | Steal or Forge Kerberos Tickets: AS-REP Roasting | Windows | Credential Access | MITRE ATT&CK |
| T1574.010_Windows | Hijack Execution Flow: Services File Permissions Weakness | Windows | Persistence, Privilege Escalation, Defense Evasion | MITRE ATT&CK |
