C2 Infrastructure Setup
15%
Redirectors, HTTPS listeners, domain fronting, Cobalt Strike teamserver setup
Initial Access & Phishing
15%
Spearphishing, macro weaponization, HTML smuggling, pretexting delivery
C2 Operations
20%
Cobalt Strike beacon management, sleep obfuscation, malleable C2 profiles
Internal Reconnaissance
15%
Host and network discovery from beacon, AD enumeration, share hunting
Lateral Movement
15%
Pass-the-Hash, over-pass-the-hash, beacon spawning on remote hosts
OPSEC & Evasion
10%
Process injection OPSEC, artifact kit, resource kit, parent PID spoofing
Data Exfiltration
10%
DNS exfil, HTTPS staging, covert channel awareness, DLP bypass