https://github.com/bscpaz/mitre
MITRE ATT&CK
https://github.com/bscpaz/mitre
cybersecurity mitre
Last synced: 5 months ago
JSON representation
MITRE ATT&CK
- Host: GitHub
- URL: https://github.com/bscpaz/mitre
- Owner: bscpaz
- Created: 2022-09-29T19:54:57.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2022-10-02T18:30:58.000Z (almost 4 years ago)
- Last Synced: 2025-07-22T08:41:11.182Z (12 months ago)
- Topics: cybersecurity, mitre
- Homepage:
- Size: 15.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
MITRE ATT&CK
This page is about cybersecurity
See more:
https://attack.mitre.org/
https://portswigger.net/web-security
https://www.hackthebox.com/
https://tryhackme.com/
https://www.youtube.com/watch?v=FSjOrIHun-A
# Advanced persistent threat (APT)
_"An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time"_.
## Disable or Remove Feature or Program
https://attack.mitre.org/mitigations/M1042/
### Command and Scripting Interpreter (T1059)
#### PowerShell (001)
* If you want to stop and disable the WinRM for security reasons, you can do so in the Services snap-in (type "services" in the start menu), or you can use PowerShell:
```shell
Stop-Service WinRM -PassThruSet-Service WinRM -StartupType Disabled -PassThru
```
* For test:
```shell
Test-WSMan localhost
```
#### Visual Basic (005)
[Behavior Prevention on Endpoint - M1040](https://attack.mitre.org/mitigations/M1040/)
* Enable Attack Surface Reduction (ASR)
* [Overview-attack-surface-reduction](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide)
* [Microsoft-defender-application-guard](https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard)
### Remote Service Session Hijacking (T1563)
#### Disable or Remove Feature or Program (M1042)
* Open Control Panel.
* Click on System and Security.
* Under the "System" section, click the "Allow remote access" option.
* Click the "Remote" tab.
* Under the "Remote Assistance" section, clear the "Allow Remote Assistance connection to this computer" option.
* Click the "Apply" button.
### Abuse Elevation Control Mechanism: Bypass User Account Control (T1548/002)
* Type "UAC" on search bar;
* Use the highest enforcement level for UAC