PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) |
Attack Pattern |
1 |
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
1 |
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
1 |
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
1 |
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) |
Attack Pattern |
1 |
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) |
Attack Pattern |
1 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) |
Attack Pattern |
1 |
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) |
Attack Pattern |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
1 |
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) |
mitre-tool |
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
1 |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
2 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
2 |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) |
Attack Pattern |
2 |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
2 |
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
2 |
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) |
Attack Pattern |
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
2 |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
2 |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) |
Attack Pattern |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
2 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
2 |
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
2 |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
2 |