 | 0-click RCE against public-facing service | |
| 0-day exploitation of researchers | |
| 0ktapus phishing to harvest employee credentials | |
| 10-minute sleep to evade sandboxes | |
| 15-day time check to evade analysis | |
| 15-minute delay to evade sandboxes | |
| 15-minute execution delay to evade sandboxing | |
| 1‑click malicious links for delivery | |
| 1-click token theft via malicious link | |
| 1-day local privilege escalation to SYSTEM | |
| 2020 spear phishing against U.S. Naval Academy and Naval War College | |
| 2FA adversary-in-the-middle credential capture | |
| 2FA bypass with forged device responses | |
| 2FA cookie and session theft | |
| 2FA-focused credential capture objective | |
| 2FA interception via LabRat | |
| 2FA status and recovery codes theft | |
| 2FA-themed phishing campaign delivery | |
| 32-bit PowerShell in-memory loader and AMSI bypass | |
| 3AM ransomware encrypts data for impact | |
| 3DES-based payload decryption | |
| 401 challenge to force Kerberos authentication | |
| 56-day dormancy to evade detection | |
| 64-bit core injection via Heaven’s Gate | |
| 6in4 IPv6-over-IPv4 tunneling to reach target | |
| 7-Zip prepared for data archiving | |
| 8Base/Phobos ransomware data encryption | |
| Abnormal devices added to environment for access | |
| Abnormal PowerShell command execution | |
| Abort on disallowed system languages | |
| Abort when sandboxed | |
| Abuse accessibility features for persistence | |
| Abuse accessibility feature to run cmd.exe as SYSTEM | |
| Abuse Accessibility to Auto-Grant Permissions | |
| Abuse access tokens for elevation | |
| Abuse account-linking to gain admin context | |
| Abuse ADCS / certificate issuance | |
| Abuse AD CS certificates with Certipy | |
| Abuse AD CS (ESC5) to issue/forge auth certificates | |
| Abuse AD CS misconfigurations for auth certificates | |
| Abuse AD CS roles and settings for privilege escalation | |
| Abuse AD CS to forge authentication certificates (CVE-2024-49019) | |
| Abuse AD CS to steal/forge auth certificates | |
| Abuse ADCS web enrollment to steal certificates | |
| Abuse additional IAM roles to escalate and spread access | |
| Abuse additional roles for elevated access | |
| Abuse additional valid credentials | |
| Abuse AD domain accounts for elevated access | |
| Abuse AD Group Policy to distribute wiper | |
| Abuse AD group to gain ESXi admin (CVE-2024-37085) | |
