Execution - Windows

  1. T1203: Exploitation for Client Execution

  2. T1559: Inter-Process Communication

  3. T1106: Native API

  4. T1059: Command and Scripting Interpreter, with sub-techniques for Command Shell (T1059.003), PowerShell (T1059.001), and Visual Basic (T1059.005)

  5. T1053: Scheduled Task/Job, including sub-techniques for At (T1053.002), Scheduled Task (T1053.005), and Systemd Timers (T1053.004)

  6. T1129: Shared Modules

  7. T1204: User Execution, with sub-techniques for Malicious File (T1204.002) and Malicious Link (T1204.001)

  8. T1047: Windows Management Instrumentation

PreviousInitial Access - WindowsNextPersistence - Windows

Last updated