| Active Directory Kerberos Attacks |
Password Spraying, Brute Force |
Credential Access |
| Azure Active Directory Account Takeover |
Compromise Accounts, Cloud Accounts, Brute Force, Password Spraying |
Resource Development |
| Azure Active Directory Privilege Escalation |
Account Manipulation |
Persistence |
| GCP Account Takeover |
Compromise Accounts, Cloud Accounts, Brute Force, Password Spraying, Credential Stuffing |
Resource Development |
| Insider Threat |
Password Spraying, Brute Force |
Credential Access |
| Office 365 Account Takeover |
Steal Application Access Token |
Credential Access |
| Office 365 Persistence Mechanisms |
Account Manipulation, Additional Cloud Roles |
Persistence |
| Snake Keylogger |
Malicious File, User Execution |
Execution |
| Snake Malware |
Kernel Modules and Extensions, Service Execution |
Persistence |
| Sneaky Active Directory Persistence Tricks |
Security Support Provider, Boot or Logon Autostart Execution |
Persistence |