Registry Autoruns Windows can be configured to run commands at startup, with elevated privileges. These AutoRuns are configured in the Registry. If you are able to write to an AutoRun executable, ...

AS-REP Roasting AS-REP Roasting is a technique that allows retrieving password hashes for users that have Do not require Kerberos preauthentication. Enumeration Impacket To execute an AS-REP Ro...

Registry — AlwaysInstallElevated MSI files are package files used to install applications. These files run with the permissions of the user trying to install them. Windows allows for these install...

AdminSDHolder AdminSDHolder is a container that exists in every Active Directory domain for a special purpose. The Access Control List (ACL) of the AdminSDHolder object is used as a template to co...

MITRE ID : T1136.001 Tactic : Persistence Platforms: Linux, Windows, macOS Local Account Local accounts are those configured by an organization for use by users, remote support, services, ...

MITRE ID : T1098.004 Tactic : Persistence Platforms: IaaS, Linux, macOS SSH Authorized Keys SSH Authorized Keys specifies the SSH keys that can be used for logging into the user account fo...

MITRE ID : T1055 Tactic : Defense Evasion Platforms: Windows CreateThread Is a function from Kernel32.dll windows module that Creates a thread to execute within the virtual address space ...

MITRE ID : T1218.011 Tactic : Defense Evasion Platforms: Windows RUNDLL32 rundll32.exe Is a windows utility that Loads and runs 32-bit dynamic-link libraries (DLLs).Adversaries may abuse r...

MITRE ID : T1218.010 Tactic : Defense Evasion Platforms: Windows REGSVR32 Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, inc...

MITRE ID : T1218.007 Tactic : Defense Evasion Platforms: Windows MSIEXEC Msiexec.exe Is a command-line utility that Provides the means to install, modify, and perform operations on Window...