02. Offensive 🏹: Attack techniques about everything, including cloud.
01. Web: everything related to web-specific techniques. Examples:
CSS bypasses
List of HTTP uploads docs
SQL Injection
02. Reconnaissance, Initial Access: everything that is done to enumerate and get access to an internal network. No authentication required. Examples:
Phishing via third parties
Evil reverse proxy
NAC bypass
spraying
03. Execution, Persistence, PE: any technique that is used to execute code locally in a system, including defense evasion/bypasses, persistence and local privilege escalation. Examples:
DLL hijacking
AMSI/ETW bypass
API unhooking
Windows Script Hosts
04. Discovery, Lateral Movement: all enumeration actions that are authenticated and usually inside an internal network. All techniques that involve executing code in a remote system. Examples:
Bloodhound
ROADRecon
ADCS
MSSQL
Shadows creds
Kerberos things
05. Credential Access: anything that its main objective is to harvest, manage, crack, dump credentials. Examples:
LSASS dumping
Clous cracking
Chrome/Edge Harvesting
SAS strings decryption
06. Exfiltration, Impact: all final actions in an engagement to prove impact. Examples: