Contents
Accessibility Features
Account Discovery
Audio Capture
Dynamic Data Exchange
AppCert DLLs
Image File Execution Options Injection
BITS Jobs
Data Compressed
AppInit DLLs
Credential Dumping
Application Shimming
Bypass User Account Control
Credentials in Files
Domain Trust Discovery
Logon Scripts
Data Staged
Authentication Package
CMSTP
Network Service Scanning
Browser Extensions
Network Share Discovery
Remote Desktop Protocol
Change Default File Association
Compiled HTML File
Remote Services
Inhibit System Recovery
Scheduled Task
Create Account
Email Collection
Service Execution
DLL Search Order Hijacking
Component Object Model Hijacking
Control Panel Items
Process Discovery
User Execution
Password Filter DLL
Windows Admin Shares
Service Stop
Windows Management Instrumentation
Remote System Discovery
Windows Remote Management
Deobfuscate/Decode Files or Information
Security Software Discovery
Modify Existing Service
Disabling Security Tools
System Information Discovery
Netsh Helper DLL
System Network Configuration Discovery
System Network Connections Discovery
Standard Application Layer Protocol
Office Application Startup
System Owner/User Discovery
Port Monitors
File Permissions Modification
System Time Discovery
Registry Run Keys / Startup Folder
Screensaver
Security Support Provider
Hidden Files and Directories
Indicator Removal on Host
Time Providers
Indirect Command Execution
Install Root Certificate
InstallUtil
Winlogon Helper DLL
Masquerading
Modify Registry
Mshta
NTFS File Attributes
Network Share Connection Removal
Process Hollowing
Process Injection
Regsvr32
Signed Script Proxy Execution
Template Injection