2. Resource development: Techniques that an adversary uses when trying to establish resources that it can then use to support different stages of its operations. These resources can be leveraged by the adversary for use in other phases of the adversary's lifecycle, such as using purchased domains to support Command and Control, phishing email accounts as part of initial access, or stealing code signing certificates to help with defense evasion.

3. Initial access: Techniques that an adversary uses when trying to enter your network to establish that initial foothold within the network. The footholds obtained through initial access may allow continued access, such as valid accounts and use of external remote services, or may be of limited use due to changing passwords. It can be obtained by exploiting public application, phishing / spear phishing, etc.

4. Execution: Techniques where an adversary is attempting to execute malicious code controlled by the adversary on a local or remote system. An adversary may use a remote access tool to execute a PowerShell script that performs remote detection of the system, or may exploit Windows command shell, Python scripts or Java scripts.

5. Persistence: Techniques used by an adversary to maintain persistent access to a compromised system. They ensure reboots, change credentials and other interruptions that could cut off its access. Can be achieved by adding Office 365 global administrator role, boot or automatic login execution.

6. Privilege escalation: Techniques used by an adversary to gain higher level privileges on a system or network. Adversaries begin by entering and exploring a network with unprivileged access, but require elevated permissions to obtain sensitive information and complete the attack. It is accomplished by exploiting system weaknesses, misconfigurations and vulnerabilities.

7. Defense evasion: Techniques where the adversary is trying to avoid detection throughout the entire attack. Adversaries also exploit and exploit trusted processes to hide and mask their malware. May bypass User Account Control (UAC) mechanisms to elevate process privileges on the system.

8. Credential access: Techniques to steal credentials such as account names and passwords. May use techniques such as keylogging or credential dumping, brute force attack, forced authentication, etc.

9. Discovery: Techniques in which the adversary is trying to discover his environment and gain knowledge about the system and the internal network. Therefore, he can observe the environment and prepare himself before deciding how to act.

10. Lateral movement: Techniques used by the adversary when he is trying to move through our environment after compromising it. The adversary usually has to pivot through multiple systems and accounts to find the weakest link in the machine chain, to finally reach their ultimate goal. They can install their own remote access tools to do this. They can also use techniques such as hijacking remote service sessions, bypassing the hash, etc.

11. Collection: Techniques used by the adversary when they are trying to collect relevant data that will help them with their ultimate goal. They can use input capture, audio capture, Man-in-the-Middle, etc.

12. Command and control: Techniques used by the adversary to communicate with compromised systems in order to control them. This type of channel provides attackers with direct remote access to the compromised system in the target environment. There are many ways an adversary can establish command and control with various levels of stealth depending on the network structure and the victim's defenses.

13. Exfiltration: Techniques used by the adversary to steal data from our network. Most of the time adversaries package collected data to avoid detection while deleting it. Compression and encryption can be used for that. To obtain data from a victim's network, the adversary usually transfers it through its command and control channel or an alternate channel. It can also be done through physical media or through web services.