Splunk risky Command Abuse disclosed february 2023
Abuse Elevation Control Mechanism, Indirect Command Execution
Abuse Elevation Control Mechanism, Indirect Command Execution
Abuse Elevation Control Mechanism
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Image File Execution Options Injection
Abuse Elevation Control Mechanism
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
DLL Side-Loading
RDP Hijacking, Remote Service Session Hijacking, Windows Service
Unix Shell Configuration Modification, Event Triggered Execution
Unix Shell Configuration Modification, Event Triggered Execution
RC Scripts, Boot or Logon Initialization Scripts
RC Scripts, Boot or Logon Initialization Scripts
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Access Token Manipulation, Token Impersonation/Theft
Access Token Manipulation, Token Impersonation/Theft
Services Registry Permissions Weakness
Create or Modify System Process, Windows Service
Create or Modify System Process, Windows Service
Port Monitors, Boot or Logon Autostart Execution
Port Monitors, Boot or Logon Autostart Execution
Pre-OS Boot, Registry Run Keys / Startup Folder
Cloud Groups, Account Manipulation, Permission Groups Discovery
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Systemd Timers, Scheduled Task/Job
Systemd Timers, Scheduled Task/Job
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Multi-Factor Authentication Request Generation, Valid Accounts, Brute Force
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
Additional Cloud Roles
Additional Cloud Roles
Setuid and Setgid, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Process Injection
Account Manipulation
Valid Accounts, Brute Force
Scheduled Task/Job
Domain or Tenant Policy Modification, Trust Modification
Domain or Tenant Policy Modification, Trust Modification
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Scheduled Task/Job, Scheduled Task
Scheduled Task/Job, Scheduled Task
Domain or Tenant Policy Modification, Group Policy Modification
Domain or Tenant Policy Modification, Group Policy Modification
Account Manipulation
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Container Orchestration Job
Process Injection
Security Support Provider, Boot or Logon Autostart Execution
Security Support Provider, Boot or Logon Autostart Execution
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Exploitation for Privilege Escalation
Scheduled Task/Job
Process Injection
Active Setup, Boot or Logon Autostart Execution
Active Setup, Boot or Logon Autostart Execution
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Account Manipulation
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Systemd Timers, Scheduled Task/Job
Systemd Timers, Scheduled Task/Job
Token Impersonation/Theft, Access Token Manipulation
Token Impersonation/Theft, Access Token Manipulation
DLL Side-Loading, Boot or Logon Autostart Execution
DLL Side-Loading, Boot or Logon Autostart Execution
Bypass User Account Control, Abuse Elevation Control Mechanism, MMC
Bypass User Account Control, Abuse Elevation Control Mechanism, MMC
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Exploitation for Privilege Escalation
Abuse Elevation Control Mechanism, Bypass User Account Control
Abuse Elevation Control Mechanism, Bypass User Account Control
Domain or Tenant Policy Modification, Group Policy Modification
Domain or Tenant Policy Modification, Group Policy Modification
Process Injection
Process Injection, Dynamic-link Library Injection
Process Injection, Dynamic-link Library Injection
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
SID-History Injection, Access Token Manipulation
SID-History Injection, Access Token Manipulation
Valid Accounts
Domain or Tenant Policy Modification
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Account Manipulation
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Process Injection
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Account Manipulation, Additional Email Delegate Permissions
Account Manipulation, Additional Email Delegate Permissions
Valid Accounts
Scheduled Task/Job, Scheduled Task
Scheduled Task/Job, Scheduled Task
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
At, Scheduled Task/Job
At, Scheduled Task/Job
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Process Injection
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Parent PID Spoofing, Access Token Manipulation
Parent PID Spoofing, Access Token Manipulation
Event Triggered Execution, Accessibility Features
Event Triggered Execution, Accessibility Features
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Domain or Tenant Policy Modification, Group Policy Modification
Domain or Tenant Policy Modification, Group Policy Modification
Windows Management Instrumentation Event Subscription
Account Manipulation, Device Registration
Account Manipulation, Device Registration
Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Exploitation for Privilege Escalation
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Process Injection, Portable Executable Injection
Process Injection, Portable Executable Injection
SSH Authorized Keys, Account Manipulation
SSH Authorized Keys, Account Manipulation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Scheduled Task/Job, At
Scheduled Task/Job, At
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Account Manipulation
Account Manipulation
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Exploitation for Privilege Escalation
Valid Accounts, Cloud Accounts
Valid Accounts, Cloud Accounts
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Valid Accounts
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Process Injection
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Account Manipulation, Additional Email Delegate Permissions
Account Manipulation, Additional Email Delegate Permissions
Valid Accounts
Token Impersonation/Theft, Access Token Manipulation
Token Impersonation/Theft, Access Token Manipulation
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Valid Accounts
Rootkit, Exploitation for Privilege Escalation
Account Manipulation
Account Manipulation
SID-History Injection, Access Token Manipulation
SID-History Injection, Access Token Manipulation
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Abuse Elevation Control Mechanism, Bypass User Account Control
Abuse Elevation Control Mechanism, Bypass User Account Control
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Launch Agent, Create or Modify System Process
Launch Agent, Create or Modify System Process
Multi-Factor Authentication Request Generation, Multi-Factor Authentication, Device Registration
Windows Service, Create or Modify System Process
Windows Service, Create or Modify System Process
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Component Object Model Hijacking, Command and Scripting Interpreter, PowerShell
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Create or Modify System Process, Windows Service
Create or Modify System Process, Windows Service
Change Default File Association, Event Triggered Execution
Change Default File Association, Event Triggered Execution
Dynamic-link Library Injection, Process Injection
Dynamic-link Library Injection, Process Injection
Cloud Accounts
Account Manipulation, Valid Accounts
Account Manipulation, Valid Accounts
Multi-Factor Authentication Request Generation, Multi-Factor Authentication, Device Registration
Valid Accounts
Valid Accounts, Cloud Accounts
Valid Accounts, Cloud Accounts
Process Injection
Create or Modify System Process
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Windows Service, Create or Modify System Process
Windows Service, Create or Modify System Process
Exploitation for Privilege Escalation
Process Injection
Bypass User Account Control
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
At, Scheduled Task/Job
At, Scheduled Task/Job
Create or Modify System Process, Windows Service
Create or Modify System Process, Windows Service
Process Injection
Scheduled Task
Windows Management Instrumentation Event Subscription, Event Triggered Execution
Windows Management Instrumentation Event Subscription, Event Triggered Execution
Valid Accounts, Local Accounts
Valid Accounts, Local Accounts
Valid Accounts
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Abuse Elevation Control Mechanism
Create Process with Token, Access Token Manipulation
Create Process with Token, Access Token Manipulation
Domain or Tenant Policy Modification, Group Policy Modification
Domain or Tenant Policy Modification, Group Policy Modification
Kernel Modules and Extensions
Scheduled Task/Job, Scheduled Task
Scheduled Task/Job, Scheduled Task
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Valid Accounts, Cloud Accounts
Exploitation for Privilege Escalation
Account Manipulation, Valid Accounts
Account Manipulation, Valid Accounts
Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process
Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process
Scheduled Task, PowerShell, Command and Scripting Interpreter
External Remote Services, Exploit Public-Facing Application, Exploitation of Remote Services, Exploitation for Privilege Escalation
Path Interception by Unquoted Path, Hijack Execution Flow
Path Interception by Unquoted Path, Hijack Execution Flow
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Application Shimming, Event Triggered Execution
Application Shimming, Event Triggered Execution
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Valid Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Image File Execution Options Injection, Event Triggered Execution
Image File Execution Options Injection, Event Triggered Execution
Setuid and Setgid, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Component Object Model Hijacking, Event Triggered Execution
Component Object Model Hijacking, Event Triggered Execution
Account Manipulation
Windows Service
Command and Scripting Interpreter, Process Injection, PowerShell
Additional Cloud Roles
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Process Injection
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Systemd Timers, Scheduled Task/Job
Systemd Timers, Scheduled Task/Job
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Application Shimming, Event Triggered Execution
Application Shimming, Event Triggered Execution
DLL Search Order Hijacking, DLL Side-Loading, Hijack Execution Flow
DLL Search Order Hijacking, DLL Side-Loading, Hijack Execution Flow
DLL Search Order Hijacking, DLL Side-Loading, Hijack Execution Flow
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Services Registry Permissions Weakness, Hijack Execution Flow
Services Registry Permissions Weakness, Hijack Execution Flow
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Scheduled Task
Valid Accounts
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Change Default File Association, Event Triggered Execution
Change Default File Association, Event Triggered Execution
Domain Accounts, Permission Groups Discovery
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
DLL Side-Loading
Domain or Tenant Policy Modification, Group Policy Modification, Domain Accounts
Domain or Tenant Policy Modification, Group Policy Modification, Domain Accounts
Domain or Tenant Policy Modification, Group Policy Modification, Domain Accounts
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Windows Service, Create or Modify System Process
Windows Service, Create or Modify System Process
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Valid Accounts
Process Injection
Process Injection
Launch Agent, Create or Modify System Process
Launch Agent, Create or Modify System Process
Domain or Tenant Policy Modification
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Valid Accounts, Domain Accounts
Valid Accounts, Domain Accounts
Exploitation for Privilege Escalation
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Process Injection
Unix Shell Configuration Modification, Event Triggered Execution
Unix Shell Configuration Modification, Event Triggered Execution
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Process Injection
Scheduled Task
Access Token Manipulation, SID-History Injection
Access Token Manipulation, SID-History Injection
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Account Manipulation, Device Registration
Account Manipulation, Device Registration
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Valid Accounts, Default Accounts, Modify Authentication Process
Valid Accounts, Default Accounts, Modify Authentication Process
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
SSH Authorized Keys, Account Manipulation
SSH Authorized Keys, Account Manipulation
Access Token Manipulation
Exploitation for Privilege Escalation
Exploitation for Privilege Escalation
Modify Registry, Bypass User Account Control, Abuse Elevation Control Mechanism
Modify Registry, Bypass User Account Control, Abuse Elevation Control Mechanism
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
Scheduled Task/Job
Valid Accounts
Scheduled Task/Job
Account Manipulation, Device Registration
Account Manipulation, Device Registration
Create or Modify System Process, Windows Service
Create or Modify System Process, Windows Service
Abuse Elevation Control Mechanism
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Account Manipulation, Additional Email Delegate Permissions
Account Manipulation, Additional Email Delegate Permissions
Valid Accounts
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Windows Management Instrumentation Event Subscription, Event Triggered Execution
Windows Management Instrumentation Event Subscription, Event Triggered Execution
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
Scheduled Task, Command and Scripting Interpreter
Dynamic Linker Hijacking, Hijack Execution Flow
Dynamic Linker Hijacking, Hijack Execution Flow
Process Injection, Portable Executable Injection
Process Injection, Portable Executable Injection
Valid Accounts
Domain or Tenant Policy Modification, Trust Modification
Domain or Tenant Policy Modification, Trust Modification
Remote Email Collection, Email Collection, Account Manipulation, Additional Cloud Roles
Remote Email Collection, Email Collection, Account Manipulation, Additional Cloud Roles
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Account Manipulation, Additional Email Delegate Permissions
Account Manipulation, Additional Email Delegate Permissions
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Create or Modify System Process, Windows Service
Create or Modify System Process, Windows Service
Scheduled Task/Job, Scheduled Task
Scheduled Task/Job, Scheduled Task
Process Injection
Process Injection
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Exploitation for Privilege Escalation, Abuse Elevation Control Mechanism, Access Token Manipulation
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Kernel Modules and Extensions, Service Execution
Time Providers, Boot or Logon Autostart Execution
Time Providers, Boot or Logon Autostart Execution
Event Triggered Execution, Screensaver
Event Triggered Execution, Screensaver
Exploitation for Privilege Escalation
Windows Service, Create or Modify System Process, Exploitation for Privilege Escalation
Windows Service, Create or Modify System Process, Exploitation for Privilege Escalation
Windows Service, Create or Modify System Process, Exploitation for Privilege Escalation
Event Triggered Execution
Scheduled Task, Impair Defenses
Process Injection
SSH Authorized Keys
Account Manipulation, Additional Cloud Roles
Account Manipulation, Additional Cloud Roles
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Account Manipulation
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Additional Email Delegate Permissions, Additional Cloud Roles
Additional Email Delegate Permissions, Additional Cloud Roles
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Account Manipulation, Additional Cloud Credentials
Account Manipulation, Additional Cloud Credentials
Create or Modify System Process
Valid Accounts
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Valid Accounts
Account Manipulation, Valid Accounts
Account Manipulation, Valid Accounts
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Process Injection
DLL Search Order Hijacking
Process Injection
Account Manipulation, Additional Cloud Credentials
Account Manipulation, Additional Cloud Credentials
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Account Manipulation
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Valid Accounts
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
Account Manipulation
Local Accounts, Credentials In Files
SID-History Injection, Access Token Manipulation
SID-History Injection, Access Token Manipulation
Network Share Discovery, Valid Accounts
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation
Scheduled Task, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Additional Email Delegate Permissions, Additional Cloud Roles
Additional Email Delegate Permissions, Additional Cloud Roles
Rootkit, Exploitation for Privilege Escalation
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Abuse Elevation Control Mechanism
Boot or Logon Initialization Scripts, Logon Script (Windows)
Boot or Logon Initialization Scripts, Logon Script (Windows)
Process Injection, Portable Executable Injection
Process Injection, Portable Executable Injection
Create or Modify System Process, Windows Service
Create or Modify System Process, Windows Service
Cloud Accounts, Valid Accounts
Cloud Accounts, Valid Accounts
Windows Service
Component Object Model Hijacking, Event Triggered Execution, PowerShell
Component Object Model Hijacking, Event Triggered Execution, PowerShell
Valid Accounts, Cloud Accounts
Valid Accounts, Cloud Accounts
Application Shimming, Event Triggered Execution
Application Shimming, Event Triggered Execution
Multi-Factor Authentication Request Generation, Multi-Factor Authentication, Device Registration
Windows Service, Create or Modify System Process
Windows Service, Create or Modify System Process
Password Spraying, Valid Accounts, Default Accounts
Password Spraying, Valid Accounts, Default Accounts
Account Manipulation
Cloud Groups, Account Manipulation, Permission Groups Discovery
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Account Manipulation
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
Account Manipulation, Impair Defenses
Account Manipulation, Impair Defenses
Windows Service
Domain or Tenant Policy Modification, Group Policy Modification
Domain or Tenant Policy Modification, Group Policy Modification
Valid Accounts, Default Accounts, Credential Stuffing
Valid Accounts, Default Accounts, Credential Stuffing
Valid Accounts, Default Accounts, Password Spraying
Valid Accounts, Default Accounts, Password Spraying
Component Object Model Hijacking, Event Triggered Execution
Component Object Model Hijacking, Event Triggered Execution
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts, Default Accounts
Valid Accounts
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
Service Stop, Valid Accounts
Service Stop, Create or Modify System Process, Windows Service
Service Stop, Create or Modify System Process, Windows Service
Remote Email Collection, Email Collection, Additional Email Delegate Permissions, Account Manipulation
Remote Email Collection, Email Collection, Additional Email Delegate Permissions, Account Manipulation
Valid Accounts
Valid Accounts
Valid Accounts
Change Default File Association
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Cloud Accounts
Scheduled Task
Valid Accounts
Cloud Accounts
Cloud Accounts
Domain Accounts