In recent years there has been a persistent surge in the frequency, volume, and impact of cyberattacks. Despite concerted efforts to detect and thwart these threats, attackers continuously innovate, finding novel ways to bypass detective controls. They exploit a diverse range of threats, which include Common Vulnerabilities and Exposures (CVEs) but also the misconfigurations, identity issues and active directory issues, i.e., exposures, which go far beyond CVEs, and are so often exploited in attacks.