| BH12139 | Attaches debugger to another process on local or remote computer. | |
| BH12140 | Attaches debugger to local or remote runspaces. | |
| BH12306 | Does just-in-time compiling or code rewriting. | |
| BH12307 | Does process injection into the Chrome executable. | |
| BH12308 | Does process injection into the Chromium executable. | |
| BH12309 | Does process injection into the Firefox executable. | |
| BH12310 | Does process injection into the Internet Explorer executable. | |
| BH12311 | Does process injection into the Netscape executable. | |
| BH12312 | Does process injection into the Opera executable. | |
| BH12313 | Does process injection into the Safari executable. | |
| BH12314 | Does process injection into the Service Host Process executable. | |
| BH12315 | Does process injection into the Windows Command Processor executable. | |
| BH12316 | Does process injection into the Windows Explorer executable. | |
| BH12350 | Executes shellcode within the current process. | |
| BH12354 | Exports commands from another PowerShell session. | |
| BH12367 | Imports commands from another PowerShell session. | |
| BH12471 | Reads from other process' memory. | |
| BH12821 | Writes to other process' memory. | |
| BH13158 | Does process injection into the Windows Local Security Authority Subsystem Service executable. | |
| BH13227 | Accesses information about virtual memory regions of the current process. | |
| BH13228 | Accesses information about virtual memory regions of a process. | |
| BH13229 | Reads data from the process's own memory through the /proc/self/mem pseudo-file. | |
| BH13230 | Writes data to the process's own memory through the /proc/self/mem pseudo-file. | |
| BH13231 | Reads data from other process' memory through the 'mem' pseudo-file. | |
| BH13232 | Writes data to other process' memory through the 'mem' pseudo-file. | |
| BH13348 | Possibly does process injection. | |
| BH13404 | Allocates additional memory in the calling process. | |
| BH13447 | Frees previously allocated memory in the calling process. | |
| BH13479 | Allocates additional memory. | |
| BH13556 | Might read data from rendering context. | |
| BH19106 | Enumerates active runspaces within a Windows PowerShell host process. | |
| BH19284 | Enumerates stored command history. | |
| BH20228 | Uses PowerSploit/Empire command to generate a full-memory minidump of a process. | |
| BH20321 | Uses PowerSploit/Empire DLL injection command to inject a DLL into a process. | |
| BH20322 | Uses PowerSploit/Empire injection command to reflectively load a PE file in the PowerShell process, or reflectively inject a DLL into a remote process. | |
| BH20323 | Uses PowerSploit/Empire injection command which executes PowerShell commands from memory in a remote process. | |
| BH20324 | Uses PowerSploit/Empire shellcode injection command to inject MSIL shellcode into a process. | |
| BH20325 | Uses PowerSploit/Empire shellcode injection command to inject shellcode into a process. | |
