Persistence, Privilege Escalation, Lateral Movement, Defense Evasion, Command and Control, Credential Dumping, Exfiltration, Initial Access, Active Scanning, T1059, Mimikatz, PowerShell, Cobalt Strike, Sliver, Obfuscated Files, Brute Force, Spearphishing, Remote Services, DLL Injection, InMemory, Code Execution, Process Injection, Pass-the-Hash, Kerberoasting, Golden Ticket, Silver Ticket, T1021, Data Encrypted for Impact, Web Shells, Living off the Land, Fileless Malware, Command Line Interface, Scheduled Tasks, User Account Control, Execution Guardrails, Evading EDR, Process Hollowing, Dynamic Resolution, External Remote Services, Application Layer Protocol, Exfiltration Over Web Service, Data Obfuscation, Indicator Removal, Time Stomping, Remote File Copy, Deobfuscate/Decode Files, Hooking, Direct Network Shares, Masquerading, Signed Binary Proxy Execution, Clipboard Data, Input Capture, Software Deployment Tools, Hidden Files, NTLM Relay, Account Discovery, Remote Desktop Protocol, Custom Command and Control Protocol, DNS Tunneling, Valid Accounts, Network Sniffing, Group Policy Modification, XSL Script Processing, Timestomping, Process Doppelgänging, Windows Defender Evasion, COM Hijacking, Shadow IT, Cloud Services, Token Impersonation, Domain Fronting, Encrypted Channel, Modify Authentication Process, Memory Dump, Web-Based Service, Evading Antivirus, Signed Script Proxy Execution, Remote Access Tools, IP Address Spoofing, Multi-hop Proxy, Dynamic-link Library Injection, Credential Stuffing, Code Injection, Netcat, Stager, Memory Resident Malware, Named Pipe, HTTP/2 Protocol, Command and Control Over HTTPS, T1204, DNS Over HTTPS, Local Security Authority Subsystem Service (LSASS) Dumping, VM Escape, Kernel Driver Manipulation, Event Triggered Execution, SAML Token Manipulation, Container Breakout, API Hooking, Security Software Tainting, System Owner/User Discovery, File Transfer Protocol, Execution with Elevated Privileges, Application Layer Firewall Evasion, Web Application Firewall Evasion, Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), Network Device Authentication Hijacking, Abusing User Tokens, Malicious Code Signing, PowerSploit, Veil Framework, Empire, Covenant, Lateral Movement via SMB, Rootkits, SIEM Evasion, Credential Reuse, Pass-the-Ticket, LLMNR Poisoning, NTLM Downgrade Attack, Network Protocol Manipulation, IP Fragmentation, ASLR Bypass, Direct Kernel Object Manipulation (DKOM), Unhooking DLLs, Security Token Manipulation, Blue Team Operations, Forensics Evasion, Lateral TTPs, Loadable Kernel Modules, Scheduled Job, Exfiltration Over C2 Channel, Web Traffic Redirection, Data Destruction, Session Hijacking, Web Proxy Tunneling, Poison Ivy, Remote Desktop Hijacking, Host-based Intrusion Prevention System Bypass, HTTP Flooding, File-less Exploits, Python Exploits, X.509 Certificate Abuse, Attacker Control, Spoofing Communication, ARP Cache Poisoning, Proxy Server Injection, Domain Name System Hijacking, Encrypted Payloads, Rogue Access Points, Phishing Detection Evasion, System Information Discovery, Supply Chain Compromise, Suspicious Network Activity, Exploit Kits, Bash Scripts, BASH_PROFILE, Registry Key Modification, Antivirus Disable, YARA Rules, LSASS Memory Dumping, Windows Defender Manipulation, Execution Redirection, Sandbox Detection, Encoded PowerShell, Network Flow Tampering, Application Isolation Evasion, Service Execution, Digital Certificate Spoofing, Multi-factor Authentication Bypass, Abusing Backup Files, Data Leak Prevention Evasion, Tainted Data, Rogue DNS, Deleting Log Files, Fake Warnings, Application Layer Encoding, File Permissions Modification, Process Creation Obfuscation, Proxy Aware Malware, Screen Capture, Automated Collection, Clipboard Hijacking, SSH Hijacking, Fake Certificates, DNS Cache Poisoning, Spoofed DNS Responses, Denial of Service (DoS), Cross-Protocol Exploitation, Root Access Escalation, Network Scanning, Suspicious Port Activity, Exfiltration Over FTP, Volatile Memory Collection, Spoofed Legitimate Services, Application Fuzzing, Memory Manipulation, DNS Query Flooding, Forced Authentication, Session Sidejacking, Process Termination, Browser Exploits, Trusted Platform Module (TPM) Evasion, SMB Relay Attacks, TLS Spoofing, SSL Hijacking, Crypt, Command and Control Frameworks, Network Traffic Manipulation, Endpoint Detection Evasion, Tunneling Protocols, Kerberos Ticket Forgery, Network Traffic Obfuscation, DNS-based C2, System Boot or Startup Scripts, Payload Encoding, WMI Persistence, Hypervisor Evasion, Domain Trust Abuse, Privileged Account Exploitation, Root Access Hijacking, Log Tampering, Hypervisor Detection, Abusing Backup Infrastructure, Traffic Redirection, Application Shimming, Process Doppelgänging, Code Signing Evasion, Dynamic Data Resolution, Binary Padding, Software Development Exploitation, Debugger Evasion, Outbound Traffic Filtering Evasion, Cryptographic Hash Collisions, PowerShell AMSI Bypass, Security Policy Evasion, Multi-Stage Payloads, WebRTC Abuse, Insider Threat, Rogue DHCP Servers, Load Balancer Manipulation, Data Compression Evasion, Steganography for Exfiltration, Tor Network C2, API Key Abuse, OSINT for Reconnaissance, Keylogger Persistence, Distributed Credential Harvesting, In-Memory Fileless Persistence, Polymorphic Code, Reverse Shell Evasion, Dynamic Invocation, Server Message Block Exploitation, Kernel Module Rootkits, Fake Browser Extensions, Cross-Container Exploitation, Dynamic Domain Generation, Logon Scripts, Binary Planting, Browser Session Replay, Code Stomping, NTFS Timestamp Manipulation, LDAP Injection, Password Spraying, Application Patching for Persistence, AWS Credential Exploitation, Abusing Cloud Backup Services, Internet of Things (IoT) Exploitation, Custom DNS Servers, Obfuscated Command Line, Service Persistence, Stack Pivoting, Sudo Exploitation, Credential Injection, Insider Account Hijacking, Proxy ARP Poisoning, Bluetooth Exploitation, Cellular Network Interception, Mobile Application Threats, GPS Spoofing, Exploit Delivery via API, Traffic Analysis Evasion, Software Supply Chain Compromise, Data Encrypted in Transit, Logon Credential Theft, MFA Token Theft, OAuth Abuse, Directory Traversal Attacks, Custom Malware Dropper, Web Shell Persistence, NTFS Stream Abuse, Traffic Shaping Evasion, Application Whitelisting Bypass, Disk Wiping Malware, Obfuscation of File Metadata, Binary Execution Evasion, Rogue Firmware, Debugger Detection, Process Ghosting, File Deletion Techniques, Proxy Execution, Automated Malware Generation, Session Hijacking through Cookies, External DNS Resolvers, Kernel Exploitation, SQL Stored Procedure Abuse, Certificate Forgery, Network Traffic Tunneling, VPN Abuse, Cloud Infrastructure Attacks, Zero-Day Exploits, Rogue Wireless Access, Process Tunneling, VPN Traffic Hijacking, LLMNR Response Poisoning, Process Signal Tampering, Obfuscation through Encryption, Abusing Legitimate Accounts, Script-Based Attacks, Remote System Discovery, Direct Code Execution, System Shell Exploits, Reverse Proxy, Redundant C2 Infrastructure, Data Compression for Exfiltration, Cloud-based Keyloggers, Abuse of Web APIs, Dynamic Link Libraries (DLL) Injection, Credential Capture from Browsers, Password Cracking, Time-based Evasion Techniques, File Transfer Tools for C2, Rogue Certificates, Application Layer Evasion Techniques, Third-Party Software Exploits, Internet Protocol Obfuscation, Host Discovery via SMB, Cross-Platform Malware, Persistence through Network Shares, Token Manipulation for Privilege Escalation, DNS Redirection Attacks, Credential Stuffing via Automated Tools, VPN Credential Theft, API Manipulation for C2, Supply Chain Attacks, Bypassing Two-Factor Authentication, Exploiting Weak Authentication Mechanisms, Rogue DHCP, Exploiting Virtualization Weaknesses, Side-Channel Exploits, Covert Data Channels, Data Destruction Malware, IP Spoofing for C2, Steganography for C2, SSH Tunneling for Persistence, Backdoor Implant Persistence, Remote Service Exploitation, Network Data Poisoning, Protocol Downgrade Attacks, Abusing Backup Files for Persistence, Escalation via Scheduled Tasks, DNS Overload Attacks, Internal Recon via LDAP Queries, Credential Harvesting through Phishing, Network Enumeration via SNMP, Code Injection via Debuggers, Memory Analysis Avoidance, File System Filtering, Rogue Admin Tools, Application-Layer Reconnaissance,