Okta Successful Single Factor Authentication
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
DLL Side-Loading, Boot or Logon Autostart Execution
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Valid Accounts, Brute Force
System Binary Proxy Execution
Valid Accounts, Cloud Accounts
Valid Accounts, Cloud Accounts
DLL Side-Loading
System Binary Proxy Execution
System Binary Proxy Execution
System Binary Proxy Execution
Phishing, Modify Registry
Modify Registry
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Valid Accounts, Local Accounts
Valid Accounts, Local Accounts
Valid Accounts
Modify Authentication Process
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Modify Authentication Process, Multi-Factor Authentication
Modify Authentication Process, Multi-Factor Authentication
Password Spraying, Valid Accounts, Default Accounts
Password Spraying, Valid Accounts, Default Accounts
Modify Cloud Compute Configurations
Account Manipulation, Valid Accounts
Account Manipulation, Valid Accounts
Account Manipulation, Valid Accounts
DLL Search Order Hijacking, DLL Side-Loading, Hijack Execution Flow
DLL Search Order Hijacking, DLL Side-Loading, Hijack Execution Flow
DLL Search Order Hijacking, DLL Side-Loading, Hijack Execution Flow
Hide Artifacts, NTFS File Attributes
Hide Artifacts, NTFS File Attributes
Hide Artifacts, NTFS File Attributes
Hide Artifacts, NTFS File Attributes
Time Based Evasion, Virtualization/Sandbox Evasion
Time Based Evasion, Virtualization/Sandbox Evasion
Hidden Files and Directories, Disable or Modify Tools, Hide Artifacts, Impair Defenses, Modify Registry
Hidden Files and Directories, Disable or Modify Tools, Hide Artifacts, Impair Defenses, Modify Registry
Hidden Files and Directories, Disable or Modify Tools, Hide Artifacts, Impair Defenses, Modify Registry
Hidden Files and Directories, Disable or Modify Tools, Hide Artifacts, Impair Defenses, Modify Registry
Hidden Files and Directories, Disable or Modify Tools, Hide Artifacts, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Cloud Accounts
Process Injection
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Use Alternate Authentication Material
Abuse Elevation Control Mechanism, Indirect Command Execution
Abuse Elevation Control Mechanism, Indirect Command Execution
Abuse Elevation Control Mechanism
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Compromise Accounts, Cloud Accounts, Modify Authentication Process, Multi-Factor Authentication
Compromise Accounts, Cloud Accounts, Modify Authentication Process, Multi-Factor Authentication
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Process Injection
Msiexec, System Binary Proxy Execution
Msiexec, System Binary Proxy Execution
Match Legitimate Name or Location, Masquerading, OS Credential Dumping, Active Scanning
Match Legitimate Name or Location, Masquerading, OS Credential Dumping, Active Scanning
File and Directory Permissions Modification, Windows File and Directory Permissions Modification
File and Directory Permissions Modification, Windows File and Directory Permissions Modification
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
File and Directory Permissions Modification, System Network Connections Discovery, System Owner/User Discovery, System Shutdown/Reboot, System Network Config...
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Use Alternate Authentication Material, Pass the Ticket, Steal or Forge Kerberos Tickets, Kerberoasting, AS-REP Roasting
Use Alternate Authentication Material, Pass the Ticket, Steal or Forge Kerberos Tickets, Kerberoasting, AS-REP Roasting
Masquerading
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Modify Registry
Indicator Blocking, Trusted Developer Utilities Proxy Execution, Impair Defenses
Indicator Blocking, Trusted Developer Utilities Proxy Execution, Impair Defenses
Indicator Blocking, Trusted Developer Utilities Proxy Execution, Impair Defenses
Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Create Process with Token, Access Token Manipulation
Create Process with Token, Access Token Manipulation
Modify Registry
Use Alternate Authentication Material, Pass the Ticket
Use Alternate Authentication Material, Pass the Ticket
Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Clear Windows Event Logs, Indicator Removal
Clear Windows Event Logs, Indicator Removal
Modify Registry
Disable Windows Event Logging, Impair Defenses, Server Software Component, IIS Components
Disable Windows Event Logging, Impair Defenses, Server Software Component, IIS Components
Indicator Removal, Clear Windows Event Logs
Indicator Removal, Clear Windows Event Logs
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Modify Registry
Modify Registry
Use Alternate Authentication Material, Pass the Ticket
Use Alternate Authentication Material, Pass the Ticket
Modify Registry
Valid Accounts, Cloud Accounts
Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Domain Policy Modification, Domain Trust Modification
Domain Policy Modification, Domain Trust Modification
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Impair Defenses
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Valid Accounts
Compromise Accounts, Cloud Accounts, Modify Authentication Process, Multi-Factor Authentication
Compromise Accounts, Cloud Accounts, Modify Authentication Process, Multi-Factor Authentication
Domain Policy Modification, Domain Trust Modification
Domain Policy Modification, Domain Trust Modification
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Modify Authentication Process, Multi-Factor Authentication
Modify Authentication Process, Multi-Factor Authentication
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Modify Registry
Disable or Modify Cloud Firewall, Impair Defenses
Disable or Modify Cloud Firewall, Impair Defenses
Disable or Modify System Firewall, Impair Defenses
Disable or Modify System Firewall, Impair Defenses
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Modify Registry
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Modify Registry
Modify Registry
Indicator Removal
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Masquerading
Parent PID Spoofing, Access Token Manipulation
Parent PID Spoofing, Access Token Manipulation
Abuse Elevation Control Mechanism, Bypass User Account Control
Abuse Elevation Control Mechanism, Bypass User Account Control
Abuse Elevation Control Mechanism, Bypass User Account Control
Abuse Elevation Control Mechanism, Bypass User Account Control
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities
Path Interception by Unquoted Path, Hijack Execution Flow
Path Interception by Unquoted Path, Hijack Execution Flow
Abuse Elevation Control Mechanism
Plist File Modification
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
Masquerading
Modify Registry, Bypass User Account Control, Abuse Elevation Control Mechanism
Modify Registry, Bypass User Account Control, Abuse Elevation Control Mechanism
Modify Registry, Bypass User Account Control, Abuse Elevation Control Mechanism
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
System Binary Proxy Execution, Compiled HTML File
System Binary Proxy Execution, Compiled HTML File
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
SID-History Injection, Access Token Manipulation
SID-History Injection, Access Token Manipulation
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Rogue Domain Controller
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Compromise Accounts, Unused/Unsupported Cloud Regions
Modify Registry
Hidden Window, Run Virtual Instance
Hidden Window, Run Virtual Instance
Msiexec
Hide Artifacts, NTFS File Attributes
Hide Artifacts, NTFS File Attributes
Impair Defenses
Valid Accounts
SIP and Trust Provider Hijacking
SIP and Trust Provider Hijacking
SIP and Trust Provider Hijacking
Multi-Factor Authentication Request Generation, Valid Accounts, Brute Force
Multi-Factor Authentication Request Generation, Multi-Factor Authentication, Device Registration
Multi-Factor Authentication Request Generation, Multi-Factor Authentication, Device Registration
Multi-Factor Authentication Request Generation, Multi-Factor Authentication, Device Registration
Modify Registry
Impair Defenses, Disable or Modify Cloud Logs
Impair Defenses, Disable or Modify Cloud Logs
Fileless Storage, Obfuscated Files or Information
Fileless Storage, Obfuscated Files or Information
Impair Defenses, Disable or Modify Tools
Impair Defenses, Disable or Modify Tools
Hidden Window
Impair Defenses, Disable or Modify System Firewall
Impair Defenses, Disable or Modify System Firewall
Hidden Window
Virtualization/Sandbox Evasion, Time Based Evasion
Virtualization/Sandbox Evasion, Time Based Evasion
Rename System Utilities, Masquerading
Rename System Utilities, Masquerading
Mark-of-the-Web Bypass
Modify Authentication Process
Bypass User Account Control
DLL Side-Loading
Modify Registry
Process Injection
Process Injection
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Process Injection
Process Injection
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Process Injection
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Modify Registry
Process Injection
Modify Registry
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Process Injection
System Binary Proxy Execution, Regsvr32
System Binary Proxy Execution, Regsvr32
Obfuscated Files or Information, Fileless Storage
Obfuscated Files or Information, Fileless Storage
Process Injection, Portable Executable Injection
Process Injection, Portable Executable Injection
Modify Registry
Malicious File, Masquerade File Type
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
PowerShell, Ingress Tool Transfer, Fileless Storage
File and Directory Permissions Modification
Windows File and Directory Permissions Modification, File and Directory Permissions Modification
Windows File and Directory Permissions Modification, File and Directory Permissions Modification
File and Directory Permissions Modification
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Modify Authentication Process, Multi-Factor Authentication
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Modify Authentication Process, Multi-Factor Authentication
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Impair Defenses, Disable or Modify Cloud Logs
Impair Defenses, Disable or Modify Cloud Logs
Steal or Forge Authentication Certificates, Use Alternate Authentication Material
HTML Smuggling
Domain Policy Modification
Abuse Elevation Control Mechanism
Modify Authentication Process, Multi-Factor Authentication
Modify Authentication Process, Multi-Factor Authentication
Access Token Manipulation
Obfuscated Files or Information
Modify Registry
Pre-OS Boot, Registry Run Keys / Startup Folder
Domain Policy Modification, Group Policy Modification
Domain Policy Modification, Group Policy Modification
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Modify Registry
Modify Registry
Modify Registry
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Modify Registry
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Install Root Certificate, Subvert Trust Controls
Install Root Certificate, Subvert Trust Controls
Modify Registry
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Services Registry Permissions Weakness
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses, Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Modify Registry
Modify Registry, OS Credential Dumping
Right-to-Left Override, Masquerading
Right-to-Left Override, Masquerading
Right-to-Left Override, Masquerading
Right-to-Left Override, Masquerading
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Domain Policy Modification, Group Policy Modification
Domain Policy Modification, Group Policy Modification
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Domain Accounts, Permission Groups Discovery
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Indicator Removal
System Binary Proxy Execution, Regsvr32
System Binary Proxy Execution, Regsvr32
Indicator Removal
Disable or Modify System Firewall, Impair Defenses
Disable or Modify System Firewall, Impair Defenses
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Virtualization/Sandbox Evasion, Time Based Evasion
Virtualization/Sandbox Evasion, Time Based Evasion
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Obfuscated Files or Information, Indicator Removal from Tools
Obfuscated Files or Information, Indicator Removal from Tools
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Command and Scripting Interpreter, Process Injection, PowerShell
Impair Defenses, PowerShell, Command and Scripting Interpreter
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
File Deletion, Indicator Removal
File Deletion, Indicator Removal
System Firmware, Pre-OS Boot
System Firmware, Pre-OS Boot
Access Token Manipulation, Token Impersonation/Theft
Access Token Manipulation, Token Impersonation/Theft
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify System Firewall, Impair Defenses
Disable or Modify System Firewall, Impair Defenses
Masquerade Task or Service, Masquerading
Masquerade Task or Service, Masquerading
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Domain Policy Modification, Group Policy Modification
Domain Policy Modification, Group Policy Modification
Command and Scripting Interpreter, Obfuscated Files or Information, PowerShell
Domain Policy Modification, Group Policy Modification
Domain Policy Modification, Group Policy Modification
Abuse Elevation Control Mechanism
Domain Policy Modification, Group Policy Modification
Domain Policy Modification, Group Policy Modification
Domain Policy Modification, Group Policy Modification, Domain Accounts
Domain Policy Modification, Group Policy Modification, Domain Accounts
Domain Policy Modification, Group Policy Modification, Domain Accounts
Network Share Discovery, Valid Accounts
Web Session Cookie, Cloud Service Dashboard
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Valid Accounts, Default Accounts, Modify Authentication Process
Valid Accounts, Default Accounts, Modify Authentication Process
Valid Accounts, Default Accounts, Modify Authentication Process
Valid Accounts, Default Accounts, Credential Stuffing
Valid Accounts, Default Accounts, Credential Stuffing
Valid Accounts, Default Accounts, Password Spraying
Valid Accounts, Default Accounts, Password Spraying
System Binary Proxy Execution, Regsvr32
System Binary Proxy Execution, Regsvr32
Rootkit, Exploitation for Privilege Escalation
Process Injection, Portable Executable Injection
Process Injection, Portable Executable Injection
Process Injection
Modify Authentication Process, Multi-Factor Authentication
Modify Authentication Process, Multi-Factor Authentication
Disable or Modify Tools
Rogue Domain Controller
Modify Registry
Impair Defenses, Disable Windows Event Logging, Server Software Component, IIS Components
Impair Defenses, Disable Windows Event Logging, Server Software Component, IIS Components
Indirect Command Execution
BITS Jobs, Ingress Tool Transfer
OS Credential Dumping, DCSync, Rogue Domain Controller
Domain Policy Modification
SID-History Injection, Access Token Manipulation
SID-History Injection, Access Token Manipulation
Access Token Manipulation, SID-History Injection
Access Token Manipulation, SID-History Injection
Modify Registry
Modify Registry
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
File Deletion, Indicator Removal
File Deletion, Indicator Removal
Dynamic-link Library Injection, Process Injection
Dynamic-link Library Injection, Process Injection
Regsvr32, System Binary Proxy Execution
Regsvr32, System Binary Proxy Execution
Process Injection
Process Injection
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Rogue Domain Controller
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Modify Authentication Process, Multi-Factor Authentication
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Modify Authentication Process, Multi-Factor Authentication
System Script Proxy Execution, System Binary Proxy Execution
System Script Proxy Execution, System Binary Proxy Execution
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts, Cloud Accounts
Valid Accounts, Cloud Accounts
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
System Binary Proxy Execution
Odbcconf, System Binary Proxy Execution
Odbcconf, System Binary Proxy Execution
SID-History Injection, Access Token Manipulation
SID-History Injection, Access Token Manipulation
Rogue Domain Controller
Compiled HTML File, System Binary Proxy Execution
Compiled HTML File, System Binary Proxy Execution
Compiled HTML File, System Binary Proxy Execution
Compiled HTML File, System Binary Proxy Execution
Compiled HTML File, System Binary Proxy Execution
Compiled HTML File, System Binary Proxy Execution
Compiled HTML File, System Binary Proxy Execution
Compiled HTML File, System Binary Proxy Execution
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Abuse Elevation Control Mechanism
Process Injection
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
Compromise Accounts, Cloud Accounts, Unused/Unsupported Cloud Regions
Compromise Accounts, Cloud Accounts, Unused/Unsupported Cloud Regions
Compromise Accounts, Cloud Accounts, Unused/Unsupported Cloud Regions
Token Impersonation/Theft, Access Token Manipulation
Token Impersonation/Theft, Access Token Manipulation
Token Impersonation/Theft, Access Token Manipulation
Token Impersonation/Theft, Access Token Manipulation
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
Process Injection, Portable Executable Injection
Process Injection, Portable Executable Injection
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
DLL Search Order Hijacking
System Information Discovery, Rootkit
Obfuscated Files or Information, Unix Shell
Obfuscated Files or Information
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Impair Defenses, Disable or Modify Cloud Logs
Impair Defenses, Disable or Modify Cloud Logs
Impair Defenses, Disable or Modify Cloud Logs
Impair Defenses, Disable or Modify Cloud Logs
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Disable or Modify Cloud Logs, Impair Defenses
Mavinject, System Binary Proxy Execution
Mavinject, System Binary Proxy Execution
Odbcconf
PowerShell, Command and Scripting Interpreter, Disable or Modify Tools, Impair Defenses
PowerShell, Command and Scripting Interpreter, Disable or Modify Tools, Impair Defenses
Odbcconf
System Binary Proxy Execution
Odbcconf
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Modify Registry
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Modify Registry
Modify Registry
Msiexec
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Process Injection
Valid Accounts
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Local Accounts, Credentials In Files
Obfuscated Files or Information, Indicator Removal from Tools, PowerShell
Obfuscated Files or Information, Indicator Removal from Tools, PowerShell
Scheduled Task, Impair Defenses
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Masquerading, Rundll32, Rename System Utilities
System Binary Proxy Execution, Masquerading, Rundll32, Rename System Utilities
System Binary Proxy Execution, Masquerading, Rundll32, Rename System Utilities
System Binary Proxy Execution, Masquerading, Rundll32, Rename System Utilities
System Binary Proxy Execution, Compiled HTML File
System Binary Proxy Execution, Compiled HTML File
Indirect Command Execution
Indirect Command Execution
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Rootkit, Exploitation for Privilege Escalation
Masquerading
File and Directory Permissions Modification
File and Directory Permissions Modification
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
Use Alternate Authentication Material
MSBuild, Trusted Developer Utilities Proxy Execution
MSBuild, Trusted Developer Utilities Proxy Execution
Trusted Developer Utilities Proxy Execution, MSBuild
Trusted Developer Utilities Proxy Execution, MSBuild
Mshta, System Binary Proxy Execution
Mshta, System Binary Proxy Execution
Process Injection
Mshta, System Binary Proxy Execution
Mshta, System Binary Proxy Execution
Mshta, System Binary Proxy Execution
Mshta, System Binary Proxy Execution
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
System Binary Proxy Execution
BITS Jobs, Ingress Tool Transfer
Deobfuscate/Decode Files or Information
BITS Jobs, Ingress Tool Transfer
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
System Binary Proxy Execution
BITS Jobs
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Process Injection
Disable or Modify Cloud Firewall, Impair Defenses
Disable or Modify Cloud Firewall, Impair Defenses
Modify Authentication Process
Obfuscated Files or Information
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Dynamic Linker Hijacking, Hijack Execution Flow
Dynamic Linker Hijacking, Hijack Execution Flow
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Linux and Mac File and Directory Permissions Modification, File and Directory Permissions Modification
Linux and Mac File and Directory Permissions Modification, File and Directory Permissions Modification
Setuid and Setgid, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
File Deletion, Indicator Removal
File Deletion, Indicator Removal
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Windows File and Directory Permissions Modification, File and Directory Permissions Modification
Windows File and Directory Permissions Modification, File and Directory Permissions Modification
Ingress Tool Transfer, Exfiltration Over Web Service, System Binary Proxy Execution
Indicator Removal
Disable or Modify Tools
Valid Accounts
Valid Accounts
File and Directory Permissions Modification
Service Stop, Valid Accounts
File and Directory Permissions Modification
Remote Services, Distributed Component Object Model, MMC
Process Injection, Dynamic-link Library Injection
Process Injection, Dynamic-link Library Injection
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Compile After Delivery, Obfuscated Files or Information
Compile After Delivery, Obfuscated Files or Information
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
Disable or Modify System Firewall, Impair Defenses
Disable or Modify System Firewall, Impair Defenses
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
XSL Script Processing
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Process Injection
Modify Registry
Regsvr32, Modify Registry
Regsvr32, Modify Registry
MSBuild, Trusted Developer Utilities Proxy Execution
MSBuild, Trusted Developer Utilities Proxy Execution
Verclsid, System Binary Proxy Execution
Verclsid, System Binary Proxy Execution
BITS Jobs
Disable or Modify System Firewall, Impair Defenses
Disable or Modify System Firewall, Impair Defenses
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Compiled HTML File
System Binary Proxy Execution, Compiled HTML File
Install Root Certificate, Subvert Trust Controls
Install Root Certificate, Subvert Trust Controls
System Binary Proxy Execution, Compiled HTML File
System Binary Proxy Execution, Compiled HTML File
XSL Script Processing
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Control Panel
System Binary Proxy Execution, Control Panel
System Binary Proxy Execution, CMSTP
System Binary Proxy Execution, CMSTP
Indicator Removal
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Msiexec, System Binary Proxy Execution
Msiexec, System Binary Proxy Execution
Process Injection
System Binary Proxy Execution, Regsvr32
System Binary Proxy Execution, Regsvr32
Process Injection
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Bypass User Account Control, Abuse Elevation Control Mechanism, MMC
Bypass User Account Control, Abuse Elevation Control Mechanism, MMC
Bypass User Account Control, Abuse Elevation Control Mechanism, MMC
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Cloud Firewall, Impair Defenses
Disable or Modify Cloud Firewall, Impair Defenses
Indicator Removal, Clear Windows Event Logs
Indicator Removal, Clear Windows Event Logs
Indicator Removal, Clear Windows Event Logs
Indicator Removal, Clear Windows Event Logs
Indicator Removal, Clear Windows Event Logs
Indicator Removal, Clear Windows Event Logs
File and Directory Permissions Modification
File Deletion, Indicator Removal
File Deletion, Indicator Removal
System Binary Proxy Execution, CMSTP
System Binary Proxy Execution, CMSTP
System Binary Proxy Execution, CMSTP
System Binary Proxy Execution, CMSTP
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
File and Directory Permissions Modification
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Process Injection
Obfuscated Files or Information
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
BITS Jobs
Deobfuscate/Decode Files or Information
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Valid Accounts
Valid Accounts
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
Disable or Modify Cloud Firewall, Impair Defenses
Disable or Modify Cloud Firewall, Impair Defenses
Trusted Developer Utilities Proxy Execution, MSBuild
Trusted Developer Utilities Proxy Execution, MSBuild
Trusted Developer Utilities Proxy Execution
Disable or Modify Cloud Firewall, Impair Defenses
Disable or Modify Cloud Firewall, Impair Defenses
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
Services Registry Permissions Weakness, Hijack Execution Flow
Services Registry Permissions Weakness, Hijack Execution Flow
Disable or Modify System Firewall
Rename System Utilities
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Masquerading, Rename System Utilities
Masquerading, Rename System Utilities
TFTP Boot, Pre-OS Boot
TFTP Boot, Pre-OS Boot
Use Alternate Authentication Material, Pass the Hash
Use Alternate Authentication Material, Pass the Hash
Valid Accounts
Valid Accounts
Valid Accounts
Valid Accounts
Valid Accounts
Indicator Removal, Network Share Connection Removal
Indicator Removal, Network Share Connection Removal
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Valid Accounts
Unused/Unsupported Cloud Regions
Valid Accounts
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Valid Accounts
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Valid Accounts
Valid Accounts
Use Alternate Authentication Material
Valid Accounts
Valid Accounts
Masquerading
Modify Registry
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Indicator Removal, Clear Windows Event Logs
Indicator Removal, Clear Windows Event Logs
Hidden Files and Directories
Indicator Removal
Valid Accounts
Disable or Modify Cloud Firewall
Cloud Accounts
Cloud Accounts
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Unused/Unsupported Cloud Regions
Domain Accounts