Tags

abuse_elevation_control_mechanism1

access_token_manipulation1

account_discovery3

account_manipulation1

active_debug_code1

active_scanning3

additional_local_or_domain_groups1

cleartext_storage_of_sensitive_information1

client-side_nforcement_of_server-side_security1

code_injection3

code_repositories2

command_and_control2

command_and_scripting_interpreter4

credential_access3

credential_stuffing1

credentials_in_files3

cross_site_scripting1

data_from_information_repositories2

defense_evasion2

deserialization_of_untrusted_data1

domain_account1

domain_or_tenant_policy_modification1

email_collection1

exfiltration_over_c2_channel1

exploit_public-facing_application4

exploitation_for_client_execution1

exposure_of_information_through_directory_listing2

file_and_directory_discovery1

gather_victim_host_information3

group_policy_modification1

improper_export_of_android_application_components1

incorrect_privilege_assignment2

ingress_tool_transfer1

initial_access5

insecure_storage_of_sensitive_information2

insertion_of_sensitive_information_into_log_file1

insufficiently_protected_credentials1

lateral_movement3

local_accounts1

local_email_collection1

make_and_impersonate_token1

malicious_file1

mobile_hacking_lab3

network_service_discovery1

os_command_injection2

pass_the_ticket1

password_cracking2

password_spraying1

path_traversal1

permission_groups_discovery1

privilege_escalation3

protocol_tunneling1

reconnaissance3

remote_services3

scanning_ip_blocks3

search_victim-owned_websites3

spearphishing_link1

spreadphishing_link1

steal_or_forge_authentication_certificates1

steal_or_forge_kerberos_tickets1

steal_web_session_cookie1

sudo_and_sudo_caching1

system_owner/user_discovery2

unsecured_credentials3

use_alternate_authentication_material2

use_of_hard_coded_credentials1

use_of_weak_hash1

user_execution1

valid_accounts2

vulnerability_scanning3

weak_password_requirements1

web_session_cookie1

windows_remote_management1

wordlist_scanning1