MITRE ATT&CK

This page is about cybersecurity

See more:

https://attack.mitre.org/

https://portswigger.net/web-security

https://www.hackthebox.com/

https://tryhackme.com/

https://www.youtube.com/watch?v=FSjOrIHun-A

Advanced persistent threat (APT)

"An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time".

Disable or Remove Feature or Program

https://attack.mitre.org/mitigations/M1042/

Command and Scripting Interpreter (T1059)

PowerShell (001)

• If you want to stop and disable the WinRM for security reasons, you can do so in the Services snap-in (type "services" in the start menu), or you can use PowerShell:

  Stop-Service WinRM -PassThruSet-Service WinRM -StartupType Disabled -PassThru

  • For test:

  Test-WSMan localhost

Visual Basic (005)

Behavior Prevention on Endpoint - M1040

• Enable Attack Surface Reduction (ASR)
  • Overview-attack-surface-reduction
    • Microsoft-defender-application-guard

Remote Service Session Hijacking (T1563)

Disable or Remove Feature or Program (M1042)

• Open Control Panel.
• Click on System and Security.
• Under the "System" section, click the "Allow remote access" option.
• Click the "Remote" tab.
• Under the "Remote Assistance" section, clear the "Allow Remote Assistance connection to this computer" option.
• Click the "Apply" button.

Abuse Elevation Control Mechanism: Bypass User Account Control (T1548/002)

• Type "UAC" on search bar;
• Use the highest enforcement level for UAC