Flame
Flame is a sophisticated toolkit that has been used to collect information since at least 2010, largely targeting Middle East countries.
Net
The [Net] ity is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft Net Utility) [Net](https://attack.mitre.org/software/S0039) has a great deal of functionality, (Citation: Savill 1999) much of which is useful for an adversary, such as gathering system and network information for
RemoteUtilities
[RemoteUtilities] is a legitimate remote administration tool that has been used by [MuddyWater](https://attack.mitre.org/groups/G0069) since at least 2021 for execution on target machines.(Citation: Trend Micro Muddy Water March 2021)
BloodHound
[BloodHound] is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment.(Citation: GitHub Bloodhound)(Citation: CrowdStrike BloodHound April 2018)(Citation: FoxIT Wocao December 2019)
certutil
[certutil] is a command-line utility that can be used to obtain certificate authority information and configure Certificate Services. (Citation: TechNet Certutil)
at
[at] is used to schedule tasks on a system to run at a specified date or time. (Citation: TechNet At)
UACMe
[UACMe] is an open source assessment tool that contains many methods for bypassing Windows User Account Control on multiple versions of the operating system. (Citation: Github UACMe)
PowerSploit
[PowerSploit] is an open source, offensive security framework comprised of [PowerShell](https://attack.mitre.org/techniques/T1059/001) modules and scripts that perform a wide range of tasks related to penetration testing such as code execution, persistence, bypassing anti-virus, recon, and exfiltration. (Citation: GitHub PowerSploit May 2012) (Citation: PowerShellMagazine PowerSploit July 2014) (C
Windows Credential Editor
[Windows Credential Editor] is a password dumping tool. (Citation: Amplia WCE)
Impacket
[Impacket] is an open source collection of modules written in Python for programmatically constructing and manipulating network protocols. [Impacket] contains several tools for remote service execution, Kerberos manipulation, Windows credential dumping, packet sniffing, and relay attacks.(Citation: Impacket Tools)