Disable ETW Through Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Security Account Manager, OS Credential Dumping
File and Directory Permissions Modification, System Network Connections Discovery, System Owner/User Discovery, System Shutdown/Reboot, System Network Config...
Credentials from Password Stores, Credentials from Web Browsers
Disable or Modify Tools, Impair Defenses