Privilege Escalation

Name Technique Tactic
Active Directory Kerberos Attacks Password Spraying, Brute Force Credential Access
Azure Active Directory Account Takeover Compromise Accounts, Cloud Accounts, Brute Force, Password Spraying Resource Development
Azure Active Directory Privilege Escalation Account Manipulation Persistence
Insider Threat Password Spraying, Brute Force Credential Access
Living Off The Land Trusted Developer Utilities Proxy Execution, MSBuild Defense Evasion
Local Privilege Escalation With KrbRelayUp Windows Service Persistence
Office 365 Persistence Mechanisms Account Manipulation, Additional Cloud Roles Persistence
Snake Keylogger Malicious File, User Execution Execution
Snake Malware Kernel Modules and Extensions, Service Execution Persistence
Sneaky Active Directory Persistence Tricks Security Support Provider, Boot or Logon Autostart Execution Persistence
sAMAccountName Spoofing and Domain Controller Impersonation Valid Accounts, Domain Accounts Defense Evasion

CMD Echo Pipe - Escalation

Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process

CMD Echo Pipe - Escalation

Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process