AWS Create Policy Version to allow all resources
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Process Injection
Masquerade Task or Service , Masquerading
Masquerade Task or Service , Masquerading
Disable or Modify System Firewall , Impair Defenses
Disable or Modify System Firewall , Impair Defenses
Valid Accounts
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Scheduled Task , Impair Defenses
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Compiled HTML File
Indirect Command Execution
Indirect Command Execution
Disable or Modify System Firewall , Impair Defenses
Disable or Modify System Firewall , Impair Defenses
Masquerade Task or Service , Masquerading
Masquerade Task or Service , Masquerading
Disable or Modify System Firewall , Impair Defenses
Disable or Modify System Firewall , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Install Root Certificate , Subvert Trust Controls
Install Root Certificate , Subvert Trust Controls
Rootkit , Exploitation for Privilege Escalation
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Modify Registry
File and Directory Permissions Modification
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
Process Injection
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Process Injection
Process Injection
Process Injection
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Process Injection
Process Injection
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Use Alternate Authentication Material
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Use Alternate Authentication Material
Modify Registry
Services Registry Permissions Weakness
Signed Binary Proxy Execution, Mshta
Signed Binary Proxy Execution, Mshta
Process Injection
Mshta, Signed Binary Proxy Execution
Mshta, Signed Binary Proxy Execution
Mshta, Signed Binary Proxy Execution
Mshta, Signed Binary Proxy Execution
Mshta, Signed Binary Proxy Execution
Mshta, Signed Binary Proxy Execution
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Indicator Removal on Host
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution
Modify Registry
BITS Jobs, Ingress Tool Transfer
Deobfuscate/Decode Files or Information
BITS Jobs, Ingress Tool Transfer
Dynamic-link Library Injection , Signed Binary Proxy Execution , Process Injection
Dynamic-link Library Injection , Signed Binary Proxy Execution , Process Injection
Dynamic-link Library Injection , Signed Binary Proxy Execution , Process Injection
Signed Binary Proxy Execution
BITS Jobs
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Process Injection
Use Alternate Authentication Material , Pass the Ticket
Use Alternate Authentication Material , Pass the Ticket
Modify Authentication Process
Disable or Modify Cloud Firewall , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Signed Binary Proxy Execution , Masquerading , Rundll32 , Rename System Utilities
Use Alternate Authentication Material , Pass the Ticket , Steal or Forge Kerberos Tickets , Kerberoasting , AS-REP Roasting
Use Alternate Authentication Material , Pass the Ticket , Steal or Forge Kerberos Tickets , Kerberoasting , AS-REP Roasting
Use Alternate Authentication Material , Pass the Ticket
Use Alternate Authentication Material , Pass the Ticket
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Indicator Blocking , Trusted Developer Utilities Proxy Execution , Impair Defenses
Indicator Blocking , Trusted Developer Utilities Proxy Execution , Impair Defenses
Indicator Blocking , Trusted Developer Utilities Proxy Execution , Impair Defenses
Modify Registry , OS Credential Dumping
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Hidden Files and Directories , Disable or Modify Tools , Hide Artifacts , Impair Defenses
Hidden Files and Directories , Disable or Modify Tools , Hide Artifacts , Impair Defenses
Hidden Files and Directories , Disable or Modify Tools , Hide Artifacts , Impair Defenses
Hidden Files and Directories , Disable or Modify Tools , Hide Artifacts , Impair Defenses
Modify Registry
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Modify Registry
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Abuse Elevation Control Mechanism
Virtualization/Sandbox Evasion , Time Based Evasion
Virtualization/Sandbox Evasion , Time Based Evasion
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Masquerading , Rename System Utilities , Signed Binary Proxy Execution , InstallUtil
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Obfuscated Files or Information
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Setuid and Setgid , Abuse Elevation Control Mechanism
Setuid and Setgid , Abuse Elevation Control Mechanism
Dynamic Linker Hijacking , Hijack Execution Flow
Dynamic Linker Hijacking , Hijack Execution Flow
Valid Accounts , Domain Accounts
Valid Accounts , Domain Accounts
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Setuid and Setgid , Abuse Elevation Control Mechanism
Setuid and Setgid , Abuse Elevation Control Mechanism
Setuid and Setgid , Abuse Elevation Control Mechanism
Setuid and Setgid , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Sudo and Sudo Caching , Abuse Elevation Control Mechanism
Linux and Mac File and Directory Permissions Modification , File and Directory Permissions Modification
Linux and Mac File and Directory Permissions Modification , File and Directory Permissions Modification
Valid Accounts , Domain Accounts
Valid Accounts , Domain Accounts
Valid Accounts , Domain Accounts
Valid Accounts , Domain Accounts
Windows File and Directory Permissions Modification, File and Directory Permissions Modification
Windows File and Directory Permissions Modification, File and Directory Permissions Modification
File Deletion, Indicator Removal on Host
File Deletion, Indicator Removal on Host
DLL Side-Loading , Hijack Execution Flow
DLL Side-Loading , Hijack Execution Flow
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools
Indicator Removal on Host
Domain Accounts
Valid Accounts
Valid Accounts
Use Alternate Authentication Material, Pass the Hash
Use Alternate Authentication Material, Pass the Hash
File and Directory Permissions Modification
File and Directory Permissions Modification
Command and Scripting Interpreter, Indirect Command Execution
Service Stop, Valid Accounts
File and Directory Permissions Modification
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Process Injection , Dynamic-link Library Injection
Process Injection , Dynamic-link Library Injection
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Data Destruction, File Deletion, Indicator Removal on Host
Data Destruction, File Deletion, Indicator Removal on Host
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
InstallUtil , Signed Binary Proxy Execution
Access Token Manipulation , Token Impersonation/Theft
Access Token Manipulation , Token Impersonation/Theft
Disable or Modify System Firewall , Impair Defenses
Disable or Modify System Firewall , Impair Defenses
Compile After Delivery , Obfuscated Files or Information
Compile After Delivery , Obfuscated Files or Information
XSL Script Processing
Use Alternate Authentication Material, Pass the Hash
Use Alternate Authentication Material, Pass the Hash
Match Legitimate Name or Location , Masquerading , OS Credential Dumping , Active Scanning
Match Legitimate Name or Location , Masquerading , OS Credential Dumping , Active Scanning
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Process Injection
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Process Injection
Clear Windows Event Logs , Indicator Removal on Host
Clear Windows Event Logs , Indicator Removal on Host
Process Injection , Create or Modify System Process , Parent PID Spoofing , Access Token Manipulation
Process Injection , Create or Modify System Process , Parent PID Spoofing , Access Token Manipulation
Process Injection , Create or Modify System Process , Parent PID Spoofing , Access Token Manipulation
Data Destruction , File Deletion , Indicator Removal on Host
Data Destruction , File Deletion , Indicator Removal on Host
Process Injection
Rename System Utilities , Masquerading
Rename System Utilities , Masquerading
Modify Registry
Regsvr32 , Modify Registry
Regsvr32 , Modify Registry
Signed Binary Proxy Execution , Regsvr32
Signed Binary Proxy Execution , Regsvr32
MSBuild , Trusted Developer Utilities Proxy Execution
MSBuild , Trusted Developer Utilities Proxy Execution
Verclsid , Signed Binary Proxy Execution
Verclsid , Signed Binary Proxy Execution
Process Injection
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities
Process Injection
Process Injection
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Disable or Modify System Firewall , Impair Defenses
Disable or Modify System Firewall , Impair Defenses
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Compiled HTML File
BITS Jobs , Ingress Tool Transfer
BITS Jobs
Install Root Certificate , Subvert Trust Controls
Install Root Certificate , Subvert Trust Controls
XSL Script Processing
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Control Panel
Signed Binary Proxy Execution , Control Panel
Signed Binary Proxy Execution , CMSTP
Signed Binary Proxy Execution , CMSTP
Indicator Removal on Host
Msiexec , Signed Binary Proxy Execution
Msiexec , Signed Binary Proxy Execution
Process Injection
Process Injection
Signed Binary Proxy Execution , Regsvr32
Signed Binary Proxy Execution , Regsvr32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Process Injection
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
DLL Side-Loading , Hijack Execution Flow
DLL Side-Loading , Hijack Execution Flow
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
File Deletion , Indicator Removal on Host
File Deletion , Indicator Removal on Host
Obfuscated Files or Information , Indicator Removal from Tools
Obfuscated Files or Information , Indicator Removal from Tools
Indicator Removal on Host , Clear Windows Event Logs
Indicator Removal on Host , Clear Windows Event Logs
Indicator Removal on Host, Clear Windows Event Logs
Indicator Removal on Host, Clear Windows Event Logs
Indicator Removal on Host, Clear Windows Event Logs
Indicator Removal on Host, Clear Windows Event Logs
Deobfuscate/Decode Files or Information
Obfuscated Files or Information , Indicator Removal from Tools
Obfuscated Files or Information , Indicator Removal from Tools
File and Directory Permissions Modification
Indicator Removal on Host , Clear Windows Event Logs
Indicator Removal on Host , Clear Windows Event Logs
File Deletion , Indicator Removal on Host
File Deletion , Indicator Removal on Host
Impair Defenses , PowerShell , Command and Scripting Interpreter
Command and Scripting Interpreter , Obfuscated Files or Information , PowerShell
Command and Scripting Interpreter , Process Injection , PowerShell
Signed Binary Proxy Execution , CMSTP
Signed Binary Proxy Execution , CMSTP
Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Signed Binary Proxy Execution , CMSTP
Signed Binary Proxy Execution , CMSTP
File and Directory Permissions Modification
Masquerading
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
File and Directory Permissions Modification
File and Directory Permissions Modification
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
File and Directory Permissions Modification
Process Injection
Obfuscated Files or Information
Process Injection
Process Injection
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
BITS Jobs
Deobfuscate/Decode Files or Information
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Modify Registry , Bypass User Account Control , Abuse Elevation Control Mechanism
Modify Registry , Bypass User Account Control , Abuse Elevation Control Mechanism
Modify Registry , Bypass User Account Control , Abuse Elevation Control Mechanism
Process Injection
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Regsvcs/Regasm
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Compiled HTML File
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Rundll32
Signed Binary Proxy Execution , Regsvr32
Signed Binary Proxy Execution , Regsvr32
Signed Binary Proxy Execution , Regsvr32
Signed Binary Proxy Execution , Regsvr32
Modify Registry
Modify Authentication Process
Valid Accounts
Valid Accounts
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Signed Binary Proxy Execution , Mshta
Trusted Developer Utilities Proxy Execution , MSBuild
Trusted Developer Utilities Proxy Execution , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild
Trusted Developer Utilities Proxy Execution
Disable or Modify Cloud Firewall , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
Disable or Modify Cloud Firewall , Impair Defenses
Masquerading , Rename System Utilities
Masquerading , Rename System Utilities
Services Registry Permissions Weakness , Hijack Execution Flow
Services Registry Permissions Weakness , Hijack Execution Flow
Disable or Modify System Firewall
Rename System Utilities
Masquerading , Rename System Utilities
Masquerading , Rename System Utilities
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Valid Accounts , Domain Accounts
Valid Accounts , Domain Accounts
TFTP Boot , Pre-OS Boot
TFTP Boot , Pre-OS Boot
Use Alternate Authentication Material , Pass the Hash
Use Alternate Authentication Material , Pass the Hash
Valid Accounts
Valid Accounts
Valid Accounts
Valid Accounts
Valid Accounts
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Indicator Removal on Host , Network Share Connection Removal
Indicator Removal on Host , Network Share Connection Removal
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Valid Accounts
Unused/Unsupported Cloud Regions
Valid Accounts
Masquerading
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Valid Accounts
Cloud Accounts , Valid Accounts
Cloud Accounts , Valid Accounts
Use Alternate Authentication Material
Valid Accounts
Valid Accounts
Valid Accounts
Valid Accounts
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Masquerading
Masquerading
Modify Registry
Valid Accounts , Default Accounts
Valid Accounts , Default Accounts
Valid Accounts , Default Accounts
Valid Accounts , Default Accounts
Valid Accounts , Default Accounts
Valid Accounts , Default Accounts
Valid Accounts , Default Accounts
Valid Accounts , Default Accounts
File and Directory Permissions Modification , Windows File and Directory Permissions Modification
File and Directory Permissions Modification , Windows File and Directory Permissions Modification
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Valid Accounts , Local Accounts
Valid Accounts , Local Accounts
Cloud Accounts
Disable or Modify Tools , Impair Defenses
Disable or Modify Tools , Impair Defenses
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Indicator Removal on Host , Clear Windows Event Logs
Indicator Removal on Host , Clear Windows Event Logs
Path Interception by Unquoted Path , Hijack Execution Flow
Path Interception by Unquoted Path , Hijack Execution Flow
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Bypass User Account Control , Abuse Elevation Control Mechanism
Hidden Files and Directories
Indicator Removal on Host
Valid Accounts
Disable or Modify Cloud Firewall
Cloud Accounts
Cloud Accounts
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Domain Accounts