Windows WinLogon with Public Network Connection
Bootkit
Exfiltration Over Unencrypted Non-C2 Protocol
OS Credential Dumping, DCSync, Rogue Domain Controller
Exploit Public-Facing Application
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
Process Injection
Process Injection
System Binary Proxy Execution, Rundll32
Process Injection
Use Alternate Authentication Material
Exploit Public-Facing Application
Exploit Public-Facing Application, Command and Scripting Interpreter
Ingress Tool Transfer, Exfiltration Over Web Service, System Binary Proxy Execution
TFTP Boot, Pre-OS Boot
Exploitation for Client Execution
Application Layer Protocol, Web Protocols
SMB/Windows Admin Shares, Remote Services
SMB/Windows Admin Shares, Remote Services
Exfiltration Over Alternative Protocol
Remote Desktop Protocol, Remote Services
Email Collection, Remote Email Collection
Remote Email Collection, Email Collection
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
File Transfer Protocols, Application Layer Protocol
Remote Desktop Protocol, Remote Services
Non-Application Layer Protocol