SOC Incident Toolkit
Back to Campaigns
Rise of the AI-Driven Espionage Engine: Inside the New Age of Autonomous Cyber Operations

Rise of the AI-Driven Espionage Engine: Inside the New Age of Autonomous Cyber Operations

AgenticAIGTG-1002AI-orchestrated cyberattackAIDrivenIntrusion

A Chinese state-linked group misused autonomous AI to launch a large cyber espionage campaign in September 2025, targeting about thirty major global organizations. Only a few breaches succeeded, but the operation stands out as one of the first large-scale attacks carried out with minimal human involvement, showing how quickly AI-driven threats are advancing.

Notes

<p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">CONCLUSION</span></p><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">The rise of AI-driven cyber espionage campaigns, as highlighted in recent analyses by Anthropic, PwC, Cyderes, and Zscaler, marks a major turning point in cybersecurity. Threat actors now use AI to automate reconnaissance, craft social engineering messages, and orchestrate large-scale attacks with precision. These developments make it clear that traditional defenses are no longer enough.</span></p><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">This is where SOCRadar plays a vital role. Its unified threat intelligence and digital risk protection modules give organizations real-time visibility into evolving attack surfaces. With features like Threat Intelligence, Attack Surface Management (ASM), and Digital Risk Protection (DRP), SOCRadar helps detect and stop AI-driven threats before they escalate.</span></p><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Threat Intelligence continuously monitors the dark web, deep web, and open sources for chatter about your organization, helping security teams identify early warning signs of AI-orchestrated campaigns.</span></p><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ASM maps every digital asset, highlighting shadow IT and vulnerable endpoints that could be exploited by AI-driven tools.</span></p><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">DRP protects brands by identifying phishing domains, fake social media accounts, and leaked credentials, reducing exposure from AI-generated deception.</span></p><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">By integrating SOCRadar’s powerful modules into their SOC workflows, security leaders can gain predictive intelligence, automate threat response, and maintain a proactive defense posture against AI-enabled espionage.</span></p><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">In a world where attackers use AI to outpace defenses, SOCRadar empowers defenders with the same level of intelligent automation—turning data into actionable insight and giving enterprises the upper hand in the next era of cybersecurity.</span></p><div><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span></div>

Mitigation

<p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITIGATION&nbsp;</span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;"><a href="https://www.cyderes.com/howler-cell/first-ai-driven-cyber-espionage-campaign-anthropic-analysis">REF</a></span></p><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1595-Active Scanning</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height: 37.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1056"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1056</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1056"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Pre-compromise</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. Efforts should focus on minimizing the amount and sensitivity of data available to external parties.</span></p></td></tr></tbody></table></div><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1590-Gather Victim Network Information</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height: 37.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1056"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1056</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1056"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Pre-compromise</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. Efforts should focus on minimizing the amount and sensitivity of data available to external parties.</span></p></td></tr></tbody></table></div><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1593-Search Open Websites/Domains</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height: 37.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1013"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1013</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1013"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application Developer Guidance</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1047"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1047</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1047"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Audit</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Scan public code repositories for exposed credentials or other sensitive information before making commits. Ensure that any leaked credentials are removed from the commit history, not just the current latest version of the code.</span></p></td></tr></tbody></table></div><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1190-Exploit Public-Facing Application</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height: 37.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1048"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1048</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1048"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application Isolation and Sandboxing</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application isolation will limit what other processes and system features the exploited target can access.</span></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1050"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1050</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1050"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploit Protection</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Web Application Firewalls may be used to limit exposure of applications to prevent exploit traffic from reaching the application.</span></p></td></tr><tr style="height: 68.5pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1037"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1037</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1037"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Filter Network Traffic</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Restrict outbound network traffic from public-facing servers to prevent unauthorized connections from initiating communications with attacker-controlled infrastructure. While this may not prevent the initial exploitation, it limits the attacker's ability to verify and control the compromised server post-exploit, reducing the overall impact of the attack.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1035"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1035</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1035"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit Access to Resource Over Network</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure that all publicly exposed services are actually intended to be so, and restrict access to any that should only be available internally.</span></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1030"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1030</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1030"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Network Segmentation</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1026"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1026</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1026"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Privileged Account Management</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use least privilege for service accounts will limit what permissions the exploited process gets on the rest of the system.</span></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1051"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1051</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1051"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Update Software</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Update software regularly by employing patch management for externally exposed applications.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1016"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1016</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1016"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Vulnerability Scanning</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Regularly scan externally facing systems for vulnerabilities and establish procedures to rapidly patch systems when critical vulnerabilities are discovered through scanning and through public disclosure.</span><a href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[10]</span></a></p></td></tr></tbody></table></div><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1078-Valid Accounts</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height: 37.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1036"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1036</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1036"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Account Use Policies</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use conditional access policies to block logins from non-compliant devices or from outside defined organization IP ranges.</span><a href="https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[94]</span></a></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1015"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1015</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1015"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Active Directory Configuration</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Disable legacy authentication, which does not support MFA, and require the use of modern authentication protocols instead.</span></p></td></tr><tr style="height: 68.5pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1013"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1013</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1013"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application Developer Guidance</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage).</span></p></td></tr><tr style="height: 82pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1032"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1032</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1032"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Multi-factor Authentication</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Implement multi-factor authentication (MFA) across all account types, including default, local, domain, and cloud accounts, to prevent unauthorized access, even if credentials are compromised. MFA provides a critical layer of security by requiring multiple forms of verification beyond just a password. This measure significantly reduces the risk of adversaries abusing valid accounts to gain initial access, escalate privileges, maintain persistence, or evade defenses within your network.</span></p></td></tr><tr style="height: 94pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1027"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1027</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1027"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Password Policies</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 12pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Applications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment.</span><a href="https://www.us-cert.gov/ncas/alerts/TA13-175A"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[95]</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">&nbsp;When possible, applications that use SSH keys should be updated periodically and properly secured.</span></p><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Policies should minimize (if not eliminate) reuse of passwords between different user accounts, especially employees using the same credentials for personal accounts that may not be defended by enterprise security resources.</span></p></td></tr><tr style="height: 82pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1026"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1026</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1026"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Privileged Account Management</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Audit domain and local accounts as well as their permission levels routinely to look for situations that could allow an adversary to gain wide access by obtaining credentials of a privileged account.&nbsp;</span><a href="https://technet.microsoft.com/en-us/library/dn535501.aspx"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[3]</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">&nbsp;</span><a href="https://technet.microsoft.com/en-us/library/dn487450.aspx"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[96]</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">&nbsp;These audits should also include if default accounts have been enabled, or if new local accounts are created that have not been authorized. Follow best practices for design and administration of an enterprise network to limit privileged account use across administrative tiers.&nbsp;</span><a href="https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[97]</span></a></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1018"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1018</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1018"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">User Account Management</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Regularly audit user accounts for activity and deactivate or remove any that are no longer needed.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1017"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1017</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1017"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">User Training</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Applications may send push notifications to verify a login as a form of multi-factor authentication (MFA). Train users to only accept valid push notifications and to report suspicious push notifications.</span></p></td></tr></tbody></table></div><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1059-Command and Scripting Interpreter</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height: 37.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1049"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1049</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1049"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Antivirus/Antimalware</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Anti-virus can be used to automatically quarantine suspicious files.</span></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1047"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1047</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1047"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Audit</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Inventory systems for unauthorized command and scripting interpreter installations.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1040"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1040</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1040"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Behavior Prevention on Endpoint</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">On Windows 10, enable Attack Surface Reduction (ASR) rules to prevent&nbsp;</span><a href="https://attack.mitre.org/techniques/T1059/005"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Visual Basic</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">&nbsp;and&nbsp;</span><a href="https://attack.mitre.org/techniques/T1059/007"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">JavaScript</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">&nbsp;scripts from executing potentially malicious downloaded content&nbsp;</span><a href="https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[57]</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.</span></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1045"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1045</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1045"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Code Signing</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Where possible, only permit execution of signed scripts.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1042"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1042</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1042"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Disable or Remove Feature or Program</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Disable or remove any unnecessary or unused shells or interpreters.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1038"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1038</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1038"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Execution Prevention</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. For example, PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g.,&nbsp;</span><span style="font-size: 8.5pt; font-family: &quot; color: rgb(29, 34, 38); background-color: rgb(230, 230, 230); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Add-Type</span><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[58]</span></a></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1033"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1033</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1033"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit Software Installation</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Prevent user installation of unrequired command and scripting interpreters.</span></p></td></tr><tr style="height: 94pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1026"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1026</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1026"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Privileged Account Management</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 12pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">When PowerShell is necessary, consider restricting PowerShell execution policy to administrators. Be aware that there are methods of bypassing the PowerShell execution policy, depending on environment configuration.</span><a href="https://www.netspi.com/blog/technical-blog/network-penetration-testing/15-ways-to-bypass-the-powershell-execution-policy/"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[59]</span></a></p><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">PowerShell JEA (Just Enough Administration) may also be used to sandbox administration and limit what commands admins/users can execute through remote PowerShell sessions.</span><a href="https://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[60]</span></a></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1021"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1021</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1021"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Restrict Web-Based Content</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Script blocking extensions can help prevent the execution of scripts and HTA files that may commonly be used during the exploitation process. For malicious code served up through ads, adblockers can help prevent that code from executing in the first place.</span></p></td></tr></tbody></table></div><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1068-Exploitation for Privilege Escalation</span></p><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height: 37.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: bottom; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38; text-align: center;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height: 68.5pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1048"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1048</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1048"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application Isolation and Sandboxing</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.&nbsp;</span><a href="https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[53]</span></a></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1038"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1038</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1038"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Execution Prevention</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider blocking the execution of known vulnerable drivers that adversaries may exploit to execute code in kernel mode. Validate driver block rules in audit mode to ensure stability prior to production deployment.</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[54]</span></a></p></td></tr><tr style="height: 82pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1050"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1050</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1050"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploit Protection</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior.&nbsp;</span><a href="https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[55]</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">&nbsp;Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring.&nbsp;</span><a href="https://en.wikipedia.org/wiki/Control-flow_integrity"><span style="font-size: 7pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">[56]</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">&nbsp;Many of these protections depend on the architecture and target application binary for compatibility and may not work for software components targeted for privilege escalation.</span></p></td></tr><tr style="height: 55.75pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1019"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1019</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1019"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Threat Intelligence Program</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Develop a robust cyber threat intelligence capability to determine what types and levels of threat may use software exploits and 0-days against a particular organization.</span></p></td></tr><tr style="height: 42.25pt;"><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1051"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1051</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><a href="https://attack.mitre.org/mitigations/M1051"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Update Software</span></a></p></td><td style="border-width: 0.833333pt; border-style: solid; border-color: rgb(223, 223, 223); vertical-align: top; background-color: rgb(242, 242, 242); padding: 5pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Update software regularly by employing patch management for internal enterprise endpoints and servers.</span></p></td></tr></tbody></table></div><br><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.38;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;"><a href="https://www.cyderes.com/howler-cell/first-ai-driven-cyber-espionage-campaign-anthropic-analysis">CONTINUE</a></span></p><div><br></div>