TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Red Canary

Identity, browsers, and node.js: Everything you missed in the Threat Detection Report miniseries

Chris Brook · 2026-04-15 · Read original ↗

ATT&CK techniques detected

5 predictions
T1555.003Credentials from Web Browsers
79%
“identity, browsers, and node. js : everything you missed in the threat detection report miniseries we celebrated this year ’ s threat detection report — our annual analysis of the most prevalent threats and techniques we saw over the last year — not just by doubling down but trip…”
T1218System Binary Proxy Execution
73%
“compiled into executables or run as individual scripts, making it difficult to distinguish malicious activity from legitimate development work within an organization. - dll sideloading and lolbins exploit trust : adversaries continue to favor evergreen techniques like dll sideloa…”
T1055.001Dynamic-link Library Injection
70%
“compiled into executables or run as individual scripts, making it difficult to distinguish malicious activity from legitimate development work within an organization. - dll sideloading and lolbins exploit trust : adversaries continue to favor evergreen techniques like dll sideloa…”
T1621Multi-Factor Authentication Request Generation
67%
“and the evolving role of social engineering in threats. key takeaways - identity is the gateway : adversaries are heavily targeting credentials and tokens through methods like consent phishing ( oauth abuse ) and infostealers because identity is the most direct path to an organiz…”
T1218.011Rundll32
53%
“compiled into executables or run as individual scripts, making it difficult to distinguish malicious activity from legitimate development work within an organization. - dll sideloading and lolbins exploit trust : adversaries continue to favor evergreen techniques like dll sideloa…”

Summary

Get cliff notes from our three-part deep dive into the 2026 Threat Detection Report and watch every episode, on demand now.