Network Traffic to Active Directory Web Services Protocol
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
Remote Access Software
Exfiltration Over Unencrypted Non-C2 Protocol
Use Alternate Authentication Material
InstallUtil, System Binary Proxy Execution
Proxy, Multi-hop Proxy
Process Injection
Process Injection
System Binary Proxy Execution, Rundll32
Process Injection
Account Discovery, Domain Account, User Execution, Malicious File
OS Credential Dumping, DCSync, Rogue Domain Controller
Exploit Public-Facing Application, External Remote Services
InstallUtil, System Binary Proxy Execution
Exploit Public-Facing Application, External Remote Services
Exploit Public-Facing Application, Command and Scripting Interpreter
Ingress Tool Transfer, Exfiltration Over Web Service, System Binary Proxy Execution
TFTP Boot, Pre-OS Boot
Exploitation for Client Execution
SMB/Windows Admin Shares, Remote Services
SMB/Windows Admin Shares, Remote Services
Exfiltration Over Alternative Protocol
Remote Desktop Protocol, Remote Services
Email Collection, Remote Email Collection
Remote Email Collection, Email Collection
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
File Transfer Protocols, Application Layer Protocol
Remote Desktop Protocol, Remote Services
Non-Application Layer Protocol