Publicly-reported instances of Valid Accounts bypassing endpoint security products. Maintained on the same basis for every technique in the Index.
| Product | Entries | High-confidence | Most recent |
|---|---|---|---|
| Microsoft | 4 | 4 | 2026-05-13 |
| Tripwire | 1 | 1 | 2024-06-03 |
| SK Shieldus | 1 | 1 | 2025-10-23 |
| CrowdStrike | 1 | 1 | 2025-10-07 |
| SOCFortress | 1 | 1 | 2026-05-11 |
| Product | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| Microsoft | high | 2026-05-13 | lyrie.ai | record → |
| SOCFortress | high | 2026-05-11 | www.sentinelone.com | record → |
| SK Shieldus | high | 2025-10-23 | www.asiae.co.kr | record → |
| CrowdStrike | high | 2025-10-07 | cve.akaoma.com | record → |
| Tripwire | high | 2024-06-03 | www.sentinelone.com | record → |
| Microsoft | high | 2024-05-27 | rootsecdev.medium.com | record → |
| Microsoft | high | 2024-01-20 | www.microsoft.com | record → |
| Microsoft | high | 2023-08-08 | securityboulevard.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file.