SOC Incident Toolkit
Back to Campaigns
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Cyber EspionageBackdoorMicrosoft EdgeUkraine

The DRILLAPP backdoor campaign targets Ukrainian entities, leveraging Microsoft Edge debugging features for stealth espionage. It is linked to Russian threat actors and shares similarities with previous campaigns by the Laundry Bear group.

APT Groups

Void Blizzard

RU

Notes

<div><b>CONCLUSION</b></div><div>The DRILLAPP backdoor campaign represents a sophisticated cyber espionage effort targeting Ukrainian entities. By exploiting Microsoft Edge's debugging features, the attackers achieve stealth and persistence, making detection challenging. The campaign's evolution and use of legitimate services like Pastefy for C2 communications highlight the need for robust detection and mitigation strategies.</div><div><br></div>

Mitigation

<span id="docs-internal-guid-200a4388-7fff-626c-79af-65ddf62cb6dc"><h2 style="line-height:1.38;margin-top:18pt;margin-bottom:6pt;"><span style="font-size: 16pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITIGATION</span></h2><h2 style="line-height:1.38;margin-top:18pt;margin-bottom:6pt;"><span style="font-size: 16pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITRE ATT&amp;CK TECHNIQUES</span></h2><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Techniques Addressed by Mitigation</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1051-Execution Prevention</span></p><br><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col><col><col></colgroup><tbody><tr style="height:37.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1548</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Abuse Elevation Control Mechanism</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded from legitimate repositories which may help mitigate some of these issues. Not allowing unsigned applications from being run may also mitigate some risk.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Elevated Execution with Prompt</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded through the Apple Store which may help mitigate some of these issues. Not allowing unsigned applications from being run may also mitigate some risk.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1547</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1547/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Winlogon Helper DLL</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software that may be executed through the Winlogon helper process by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools like AppLocker </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> that are capable of auditing and/or blocking unknown DLLs.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1547/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Kernel Modules and Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application control and software restriction tools, such as SELinux, KSPP, grsecurity MODHARDEN, and Linux kernel tuning can aid in restricting kernel module loading.</span><a href="https://patchwork.kernel.org/patch/8754821/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[4]</span></a><a href="https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[5]</span></a><a href="https://www.kernel.org/doc/html/latest/security/self-protection.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[6]</span></a><a href="https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[7]</span></a><a href="https://xorl.wordpress.com/2018/02/17/lkm-loading-kernel-restrictions/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[8]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1547/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Shortcut Modification</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Prevents malicious shortcuts or LNK files from executing unwanted code by ensuring only authorized applications and scripts are allowed to run.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1059</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Command and Scripting Interpreter</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. For example, PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">PowerShell</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AppleScript</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Windows Command Shell</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Unix Shell</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. On ESXi hosts, the execInstalledOnly feature prevents binaries from being run unless they have been packaged and signed as part of a vSphere installation bundle (VIB).</span><a href="https://cloud.google.com/blog/topics/threat-intelligence/vmware-detection-containment-hardening"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[10]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Visual Basic</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. VBA macros obtained from the Internet, based on the file's Mark of the Web (MOTW) attribute, may be blocked from executing in Office applications (ex: Access, Excel, PowerPoint, Visio, and Word) by default starting in Windows Version 2203.</span><a href="https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[11]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Python</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist Python where not required.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.007</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">JavaScript</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist scripting where appropriate.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Device CLI</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TACACS+ can keep control over which commands administrators are permitted to use through the configuration of authentication and command authorization. </span><a href="https://tools.cisco.com/security/center/resources/integrity_assurance.html#39"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[12]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Cloud API</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate to block use of PowerShell CmdLets or other host based resources to access cloud API resources.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.010</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AutoHotKey &amp; AutoIT</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to prevent execution of AutoIt3.exe, AutoHotkey.exe, and other related features that may not be required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.011</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Lua</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist Lua interpreters where appropriate.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.013</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Container CLI/API</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny scripting where appropriate. Tools such as Python or Go can utilize Kubernetes and Docker within a client library and execute commands within their application.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1609"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1609</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1609"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Container Administration Command</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use read-only containers, read-only file systems, and minimal images when possible to prevent the execution of commands.</span><a href="https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[13]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> Where possible, also consider using application control and software restriction tools (such as those provided by SELinux) to restrict access to files, processes, and system calls in containers.</span><a href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[14]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1611"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1611</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1611"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Escape to Host</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use read-only containers, read-only file systems, and minimal images when possible to prevent the running of commands.</span><a href="https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[13]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> Where possible, also consider using application control and software restriction tools (such as those provided by SELinux) to restrict access to files, processes, and system calls in containers.</span><a href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[14]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1546</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Screensaver</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Block .scr files from being executed from non-standard locations.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">LC_LOAD_DYLIB Addition</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Allow applications via known hashes.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Accessibility Features</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries can replace accessibility features binaries with alternate binaries to execute this technique. Identify and block potentially malicious software executed through accessibility features functionality by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AppCert DLLs</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries install new AppCertDLL binaries to execute this technique. Identify and block potentially malicious software executed through AppCertDLLs functionality by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.010</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AppInit DLLs</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries can install new AppInit DLLs binaries to execute this technique. Identify and block potentially malicious software executed through AppInit DLLs functionality by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1068"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1068</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1068"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exploitation for Privilege Escalation</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider blocking the execution of known vulnerable drivers that adversaries may exploit to execute code in kernel mode. Validate driver block rules in audit mode to ensure stability prior to production deployment.</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[18]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1564</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hide Artifacts</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1564/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hidden Window</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit or restrict program execution using anti-virus software. On MacOS, allowlist programs that are allowed to have the plist tag. All other programs should be considered suspicious.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hide Artifacts</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1564/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Run Virtual Instance</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to mitigate installation and use of unapproved virtualization software.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1574</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hijack Execution Flow</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries may use new payloads to execute this technique. Identify and block potentially malicious software executed through hijacking by using application control solutions also capable of blocking libraries loaded by legitimate software.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">DLL</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software executed through DLL hijacking by using application control solutions capable of blocking DLLs loaded by legitimate software.</span><a href="https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[19]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Dynamic Linker Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries may use new payloads to execute this technique. Identify and block potentially malicious software executed through hijacking by using application control solutions also capable of blocking libraries loaded by legitimate software.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.007</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Path Interception by PATH Environment Variable</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries will likely need to place new binaries in locations to be executed through this weakness. Identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate.</span><a href="https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[20]</span></a><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[21]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[22]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Path Interception by Search Order Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries will likely need to place new binaries in locations to be executed through this weakness. Identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate.</span><a href="https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[20]</span></a><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[21]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[22]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Path Interception by Unquoted Path</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries will likely need to place new binaries in locations to be executed through this weakness. Identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate.</span><a href="https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[20]</span></a><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[21]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[22]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.012</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">COR_PROFILER</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious unmanaged COR_PROFILER profiling DLLs by using application control solutions like AppLocker that are capable of auditing and/or blocking unapproved DLLs.</span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1562</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Impair Defenses</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate, especially regarding the execution of tools outside of the organization's security policies (such as rootkit removal tools) that have been abused to impair system defenses. Ensure that only approved security applications are used and running on enterprise systems.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Disable or Modify Tools</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate, especially regarding the execution of tools outside of the organization's security policies (such as rootkit removal tools) that have been abused to impair system defenses. Ensure that only approved security applications are used and running on enterprise systems.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.011</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Spoof Security Alerting</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application controls to mitigate installation and use of payloads that may be utilized to spoof security alerting.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1490"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1490</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1490"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Inhibit System Recovery</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control configured to block execution of utilities such as diskshadow.exe that may not be required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1674"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1674</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1674"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Input Injection</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist scripting and use application control where appropriate. For example, PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1036</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Masquerading</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use tools that restrict program execution via application control by attributes other than file name for common operating system utilities that are needed.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Match Legitimate Resource Name or Location</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use tools that restrict program execution via application control by attributes other than file name for common operating system utilities that are needed.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Masquerade File Type</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure that input sanitization is performed and that files are validated properly before execution; furthermore, implement a strict allow list to ensure that only authorized file types are processed.</span><a href="https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[23]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> Restrict and/or block execution of files where headers and extensions do not match.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1106"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1106</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1106"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Native API</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software executed that may be executed through this technique by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1219</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Access Tools</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to mitigate installation and use of unapproved software that can be used for remote access.</span></p></td></tr><tr style="height:84pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">IDE Tunneling</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use Group Policies to require user authentication by disabling anonymous tunnel access, preventing any unauthenticated tunnel creation or usage. Disable the Visual Studio Dev Tunnels feature to block tunnel-related commands, allowing only minimal exceptions for utility functions (unset, echo, ping, and user). Restrict tunnel access to approved Microsoft Entra tenant IDs by specifying allowed tenants; all other users are denied access by default.</span><a href="https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/policies"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[24]</span></a><a href="https://techcommunity.microsoft.com/blog/azuredevcommunityblog/manage-dev-tunnels-with-group-policies/4149472"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[25]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Desktop Software</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to mitigate installation and use of unapproved software that can be used for remote access.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1505</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Server Software Component</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1505/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">IIS Components</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Restrict unallowed ISAPI extensions and filters from running by specifying a list of ISAPI extensions and filters that can run on IIS.</span><a href="https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/isapicgirestriction/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[26]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1129"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1129</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1129"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Shared Modules</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software executed through this technique by using application control tools capable of preventing unknown modules from being loaded.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1176</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Software Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Set an extension allow or deny list as appropriate for your security policy.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Browser Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Set a browser extension allow or deny list as appropriate for your security policy.</span><a href="http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[27]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">IDE Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Set an IDE extension allow or deny list as appropriate for your security policy.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1553</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Subvert Trust Controls</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded through the Apple Store (or other legitimate repositories) which can help mitigate some of these issues. Also enable application control solutions such as AppLocker and/or Device Guard to block the loading of malicious content.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Gatekeeper Bypass</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded through the Apple Store which can help mitigate some of these issues.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SIP and Trust Provider Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enable application control solutions such as AppLocker and/or Device Guard to block the loading of malicious SIP DLLs.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Mark-of-the-Web Bypass</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider blocking container file types at web and/or email gateways. Consider unregistering container file extensions in Windows File Explorer.</span><a href="https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[28]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1218</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Binary Proxy Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control to prevent execution of binaries that are susceptible to abuse and not required for a given system or network.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Compiled HTML File</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control to prevent execution of hh.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Control Panel</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious and unknown .cpl files by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">CMSTP</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control configured to block execution of CMSTP.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">InstallUtil</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of InstallUtil.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Mshta</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of mshta.exe if it is not required for a given system or network to prevent potential misuse by adversaries. For example, in Windows 10 and Windows Server 2016 and above, Windows Defender Application Control (WDAC) policy rules may be applied to block the mshta.exe application and to prevent abuse.</span><a href="https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[29]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Odbcconf</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of Odbcconf.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Regsvcs/Regasm</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Block execution of Regsvcs.exe and Regasm.exe if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.012</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Verclsid</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of verclsid.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.013</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Mavinject</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of mavinject.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/014"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.014</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/014"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">MMC</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of MMC if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:149.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/015"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.015</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/015"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Electron Applications</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Where possible, enforce binary and application integrity with digital signature verification to prevent untrusted code from executing. For example, do not use shell.openExternal with untrusted content.</span></p><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Where possible, set nodeIntegration to false, which disables access to the Node.js function.</span><a href="https://medium.com/certik/vulnerability-in-electron-based-application-unintentionally-giving-malicious-code-room-to-run-e2e1447d01b8"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[30]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> By disabling access to the Node.js function, this may limit the ability to execute malicious commands by injecting JavaScript code.</span></p><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Do not disable webSecurity, which may allow for users of the application to invoke malicious content from online sources.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1216</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Script Proxy Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain signed scripts that can be used to execute other programs may not be necessary within a given environment. Use application control configured to block execution of these scripts if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">PubPrn</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain signed scripts that can be used to execute other programs may not be necessary within a given environment. Use application control configured to block execution of these scripts if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SyncAppvPublishingServer</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain signed scripts that can be used to execute other programs may not be necessary within a given environment. Use application control configured to block execution of these scripts if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1080"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1080</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1080"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Taint Shared Content</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify potentially malicious software that may be used to taint content or may result from it and audit and/or block the unknown programs by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1127</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Trusted Developer Utilities Proxy Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain developer utilities should be blocked or restricted if not required.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">MSBuild</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of msbuild.exe if it is not required for a given system or network to prevent potential misuse by adversaries. For example, in Windows 10 and Windows Server 2016 and above, Windows Defender Application Control (WDAC) policy rules may be applied to block the msbuild.exe application and to prevent abuse.</span><a href="https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[29]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">JamPlus</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider blocking or restricting JamPlus if not required.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1204</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">User Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application control may be able to prevent the running of executables masquerading as other files.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Malicious File</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application control may be able to prevent the running of executables masquerading as other files.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Malicious Copy and Paste</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1047"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1047</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1047"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Windows Management Instrumentation</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of wmic.exe if it is not required for a given system or network to prevent potential misuse by adversaries. For example, in Windows 10 and Windows Server 2016 and above, Windows Defender Application Control (WDAC) policy rules may be applied to block the wmic.exe application and to prevent abuse.</span><a href="https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[29]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1220"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1220</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1220"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">XSL Script Processing</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">If msxsl.exe is unnecessary, then block its execution to prevent abuse by adversaries.</span></p></td></tr></tbody></table></div><br><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1038 Execution Prevention</span></p><br><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col><col><col></colgroup><tbody><tr style="height:37.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domai</span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">n</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1548</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Abuse Elevation Control Mechanism</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded from legitimate repositories which may help mitigate some of these issues. Not allowing unsigned applications from being run may also mitigate some risk.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Elevated Execution with Prompt</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded through the Apple Store which may help mitigate some of these issues. Not allowing unsigned applications from being run may also mitigate some risk.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1547</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1547/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Winlogon Helper DLL</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software that may be executed through the Winlogon helper process by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools like AppLocker </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> that are capable of auditing and/or blocking unknown DLLs.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1547/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Kernel Modules and Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application control and software restriction tools, such as SELinux, KSPP, grsecurity MODHARDEN, and Linux kernel tuning can aid in restricting kernel module loading.</span><a href="https://patchwork.kernel.org/patch/8754821/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[4]</span></a><a href="https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[5]</span></a><a href="https://www.kernel.org/doc/html/latest/security/self-protection.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[6]</span></a><a href="https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[7]</span></a><a href="https://xorl.wordpress.com/2018/02/17/lkm-loading-kernel-restrictions/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[8]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1547/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Shortcut Modification</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Prevents malicious shortcuts or LNK files from executing unwanted code by ensuring only authorized applications and scripts are allowed to run.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1059</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Command and Scripting Interpreter</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. For example, PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">PowerShell</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AppleScript</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Windows Command Shell</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Unix Shell</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. On ESXi hosts, the execInstalledOnly feature prevents binaries from being run unless they have been packaged and signed as part of a vSphere installation bundle (VIB).</span><a href="https://cloud.google.com/blog/topics/threat-intelligence/vmware-detection-containment-hardening"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[10]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Visual Basic</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. VBA macros obtained from the Internet, based on the file's Mark of the Web (MOTW) attribute, may be blocked from executing in Office applications (ex: Access, Excel, PowerPoint, Visio, and Word) by default starting in Windows Version 2203.</span><a href="https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[11]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Python</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist Python where not required.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.007</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">JavaScript</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist scripting where appropriate.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Device CLI</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TACACS+ can keep control over which commands administrators are permitted to use through the configuration of authentication and command authorization. </span><a href="https://tools.cisco.com/security/center/resources/integrity_assurance.html#39"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[12]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Cloud API</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate to block use of PowerShell CmdLets or other host based resources to access cloud API resources.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.010</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AutoHotKey &amp; AutoIT</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to prevent execution of AutoIt3.exe, AutoHotkey.exe, and other related features that may not be required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.011</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Lua</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist Lua interpreters where appropriate.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.013</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Container CLI/API</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny scripting where appropriate. Tools such as Python or Go can utilize Kubernetes and Docker within a client library and execute commands within their application.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1609"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1609</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1609"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Container Administration Command</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use read-only containers, read-only file systems, and minimal images when possible to prevent the execution of commands.</span><a href="https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[13]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> Where possible, also consider using application control and software restriction tools (such as those provided by SELinux) to restrict access to files, processes, and system calls in containers.</span><a href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[14]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1611"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1611</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1611"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Escape to Host</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use read-only containers, read-only file systems, and minimal images when possible to prevent the running of commands.</span><a href="https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[13]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> Where possible, also consider using application control and software restriction tools (such as those provided by SELinux) to restrict access to files, processes, and system calls in containers.</span><a href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[14]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1546</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Screensaver</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Block .scr files from being executed from non-standard locations.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">LC_LOAD_DYLIB Addition</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Allow applications via known hashes.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Accessibility Features</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries can replace accessibility features binaries with alternate binaries to execute this technique. Identify and block potentially malicious software executed through accessibility features functionality by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AppCert DLLs</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries install new AppCertDLL binaries to execute this technique. Identify and block potentially malicious software executed through AppCertDLLs functionality by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.010</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1546"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Event Triggered Execution</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1546/010"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">AppInit DLLs</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries can install new AppInit DLLs binaries to execute this technique. Identify and block potentially malicious software executed through AppInit DLLs functionality by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1068"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1068</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1068"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exploitation for Privilege Escalation</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider blocking the execution of known vulnerable drivers that adversaries may exploit to execute code in kernel mode. Validate driver block rules in audit mode to ensure stability prior to production deployment.</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[18]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1564</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hide Artifacts</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1564/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hidden Window</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit or restrict program execution using anti-virus software. On MacOS, allowlist programs that are allowed to have the plist tag. All other programs should be considered suspicious.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hide Artifacts</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1564/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Run Virtual Instance</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to mitigate installation and use of unapproved virtualization software.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1574</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hijack Execution Flow</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries may use new payloads to execute this technique. Identify and block potentially malicious software executed through hijacking by using application control solutions also capable of blocking libraries loaded by legitimate software.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">DLL</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software executed through DLL hijacking by using application control solutions capable of blocking DLLs loaded by legitimate software.</span><a href="https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[19]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Dynamic Linker Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries may use new payloads to execute this technique. Identify and block potentially malicious software executed through hijacking by using application control solutions also capable of blocking libraries loaded by legitimate software.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.007</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Path Interception by PATH Environment Variable</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries will likely need to place new binaries in locations to be executed through this weakness. Identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate.</span><a href="https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[20]</span></a><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[21]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[22]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Path Interception by Search Order Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries will likely need to place new binaries in locations to be executed through this weakness. Identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate.</span><a href="https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[20]</span></a><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[21]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[22]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Path Interception by Unquoted Path</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries will likely need to place new binaries in locations to be executed through this weakness. Identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate.</span><a href="https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[20]</span></a><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[21]</span></a><a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[22]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.012</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">COR_PROFILER</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious unmanaged COR_PROFILER profiling DLLs by using application control solutions like AppLocker that are capable of auditing and/or blocking unapproved DLLs.</span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1562</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Impair Defenses</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate, especially regarding the execution of tools outside of the organization's security policies (such as rootkit removal tools) that have been abused to impair system defenses. Ensure that only approved security applications are used and running on enterprise systems.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Disable or Modify Tools</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate, especially regarding the execution of tools outside of the organization's security policies (such as rootkit removal tools) that have been abused to impair system defenses. Ensure that only approved security applications are used and running on enterprise systems.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.011</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1562/011"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Spoof Security Alerting</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application controls to mitigate installation and use of payloads that may be utilized to spoof security alerting.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1490"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1490</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1490"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Inhibit System Recovery</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control configured to block execution of utilities such as diskshadow.exe that may not be required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1674"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1674</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1674"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Input Injection</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Denylist scripting and use application control where appropriate. For example, PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1036</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Masquerading</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use tools that restrict program execution via application control by attributes other than file name for common operating system utilities that are needed.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Match Legitimate Resource Name or Location</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use tools that restrict program execution via application control by attributes other than file name for common operating system utilities that are needed.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Masquerade File Type</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure that input sanitization is performed and that files are validated properly before execution; furthermore, implement a strict allow list to ensure that only authorized file types are processed.</span><a href="https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[23]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> Restrict and/or block execution of files where headers and extensions do not match.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1106"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1106</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1106"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Native API</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software executed that may be executed through this technique by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1219</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Access Tools</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to mitigate installation and use of unapproved software that can be used for remote access.</span></p></td></tr><tr style="height:84pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">IDE Tunneling</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use Group Policies to require user authentication by disabling anonymous tunnel access, preventing any unauthenticated tunnel creation or usage. Disable the Visual Studio Dev Tunnels feature to block tunnel-related commands, allowing only minimal exceptions for utility functions (unset, echo, ping, and user). Restrict tunnel access to approved Microsoft Entra tenant IDs by specifying allowed tenants; all other users are denied access by default.</span><a href="https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/policies"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[24]</span></a><a href="https://techcommunity.microsoft.com/blog/azuredevcommunityblog/manage-dev-tunnels-with-group-policies/4149472"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[25]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1219/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Desktop Software</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control to mitigate installation and use of unapproved software that can be used for remote access.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1505</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Server Software Component</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1505/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">IIS Components</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Restrict unallowed ISAPI extensions and filters from running by specifying a list of ISAPI extensions and filters that can run on IIS.</span><a href="https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/isapicgirestriction/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[26]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1129"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1129</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1129"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Shared Modules</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious software executed through this technique by using application control tools capable of preventing unknown modules from being loaded.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1176</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Software Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Set an extension allow or deny list as appropriate for your security policy.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Browser Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Set a browser extension allow or deny list as appropriate for your security policy.</span><a href="http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[27]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1176/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">IDE Extensions</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Set an IDE extension allow or deny list as appropriate for your security policy.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1553</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Subvert Trust Controls</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded through the Apple Store (or other legitimate repositories) which can help mitigate some of these issues. Also enable application control solutions such as AppLocker and/or Device Guard to block the loading of malicious content.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Gatekeeper Bypass</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System settings can prevent applications from running that haven't been downloaded through the Apple Store which can help mitigate some of these issues.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SIP and Trust Provider Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enable application control solutions such as AppLocker and/or Device Guard to block the loading of malicious SIP DLLs.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1553/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Mark-of-the-Web Bypass</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider blocking container file types at web and/or email gateways. Consider unregistering container file extensions in Windows File Explorer.</span><a href="https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[28]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1218</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Binary Proxy Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control to prevent execution of binaries that are susceptible to abuse and not required for a given system or network.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Compiled HTML File</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control to prevent execution of hh.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Control Panel</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify and block potentially malicious and unknown .cpl files by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like Windows Defender Application Control</span><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[15]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">CMSTP</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider using application control configured to block execution of CMSTP.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">InstallUtil</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of InstallUtil.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.005</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/005"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Mshta</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of mshta.exe if it is not required for a given system or network to prevent potential misuse by adversaries. For example, in Windows 10 and Windows Server 2016 and above, Windows Defender Application Control (WDAC) policy rules may be applied to block the mshta.exe application and to prevent abuse.</span><a href="https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[29]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.008</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/008"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Odbcconf</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of Odbcconf.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.009</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/009"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Regsvcs/Regasm</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Block execution of Regsvcs.exe and Regasm.exe if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.012</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/012"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Verclsid</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of verclsid.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.013</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/013"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Mavinject</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of mavinject.exe if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/014"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.014</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/014"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">MMC</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of MMC if it is not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:149.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/015"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.015</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1218/015"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Electron Applications</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Where possible, enforce binary and application integrity with digital signature verification to prevent untrusted code from executing. For example, do not use shell.openExternal with untrusted content.</span></p><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Where possible, set nodeIntegration to false, which disables access to the Node.js function.</span><a href="https://medium.com/certik/vulnerability-in-electron-based-application-unintentionally-giving-malicious-code-room-to-run-e2e1447d01b8"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[30]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> By disabling access to the Node.js function, this may limit the ability to execute malicious commands by injecting JavaScript code.</span></p><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Do not disable webSecurity, which may allow for users of the application to invoke malicious content from online sources.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1216</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Script Proxy Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain signed scripts that can be used to execute other programs may not be necessary within a given environment. Use application control configured to block execution of these scripts if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">PubPrn</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain signed scripts that can be used to execute other programs may not be necessary within a given environment. Use application control configured to block execution of these scripts if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1216/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SyncAppvPublishingServer</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain signed scripts that can be used to execute other programs may not be necessary within a given environment. Use application control configured to block execution of these scripts if they are not required for a given system or network to prevent potential misuse by adversaries.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1080"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1080</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1080"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Taint Shared Content</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify potentially malicious software that may be used to taint content or may result from it and audit and/or block the unknown programs by using application control </span><a href="http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> tools, like AppLocker, </span><a href="https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> or Software Restriction Policies </span><a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[16]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> where appropriate. </span><a href="https://technet.microsoft.com/en-us/library/ee791851.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[17]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1127</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Trusted Developer Utilities Proxy Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Certain developer utilities should be blocked or restricted if not required.</span></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">MSBuild</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of msbuild.exe if it is not required for a given system or network to prevent potential misuse by adversaries. For example, in Windows 10 and Windows Server 2016 and above, Windows Defender Application Control (WDAC) policy rules may be applied to block the msbuild.exe application and to prevent abuse.</span><a href="https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[29]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1127/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">JamPlus</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Consider blocking or restricting JamPlus if not required.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1204</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">User Execution</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application control may be able to prevent the running of executables masquerading as other files.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Malicious File</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application control may be able to prevent the running of executables masquerading as other files.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204/004"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Malicious Copy and Paste</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control where appropriate. PowerShell Constrained Language mode can be used to restrict access to sensitive or otherwise dangerous language elements such as those used to execute arbitrary Windows APIs or files (e.g., Add-Type).</span><a href="https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[9]</span></a></p></td></tr><tr style="height:70.5pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1047"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1047</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1047"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Windows Management Instrumentation</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control configured to block execution of wmic.exe if it is not required for a given system or network to prevent potential misuse by adversaries. For example, in Windows 10 and Windows Server 2016 and above, Windows Defender Application Control (WDAC) policy rules may be applied to block the wmic.exe application and to prevent abuse.</span><a href="https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[29]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1220"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1220</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1220"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">XSL Script Processing</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">If msxsl.exe is unnecessary, then block its execution to prevent abuse by adversaries.</span></p></td></tr></tbody></table></div><br><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1030 Network Segmentation</span></p><br><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col><col><col></colgroup><tbody><tr style="height:37.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dee2e6 1.2500025000000001pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:bottom;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1098"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1098</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1098"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Account Manipulation</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dee2e6 1.2500025000000001pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Configure access controls and firewalls to limit access to critical systems and domain controllers. Most cloud environments support separate virtual private cloud (VPC) instances that enable further segmentation of cloud systems.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1098/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1098/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Additional Cloud Credentials</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Configure access controls and firewalls to limit access to critical systems and domain controllers. Most cloud environments support separate virtual private cloud (VPC) instances that enable further segmentation of cloud systems.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1557"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1557</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1557"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Adversary-in-the-Middle</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Network segmentation can be used to isolate infrastructure components that do not require broad network access. This may mitigate, or at least alleviate, the scope of AiTM activity.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1557/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1557/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">LLMNR/NBT-NS Poisoning and SMB Relay</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Network segmentation can be used to isolate infrastructure components that do not require broad network access. This may mitigate, or at least alleviate, the scope of AiTM activity.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1612"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1612</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1612"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Build Image on Host</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1613"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1613</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1613"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Container and Resource Discovery</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1136"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1136</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1136"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Create Account</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Configure access controls and firewalls to limit access to domain controllers and systems used to create and manage accounts.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1136/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1136/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Domain Account</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Configure access controls and firewalls to limit access to domain controllers and systems used to create and manage accounts.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1136/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1136/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Cloud Account</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Configure access controls and firewalls to limit access to critical systems and domain controllers. Most cloud environments support separate virtual private cloud (VPC) instances that enable further segmentation of cloud systems.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1602"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1602</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1602"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Data from Configuration Repository</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Segregate SNMP traffic on a separate management network.</span><a href="https://us-cert.cisa.gov/ncas/alerts/TA17-156A"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1602/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1602/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SNMP (MIB Dump)</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Segregate SNMP traffic on a separate management network.</span><a href="https://us-cert.cisa.gov/ncas/alerts/TA17-156A"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1602/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1602/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Device Configuration Dump</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Segregate SNMP traffic on a separate management network.</span><a href="https://us-cert.cisa.gov/ncas/alerts/TA17-156A"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[1]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1565"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1565</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1565"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Data Manipulation</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify critical business and system processes that may be targeted by adversaries and work to isolate and secure those systems against unauthorized access and tampering.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1565/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1565/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Runtime Data Manipulation</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Identify critical business and system processes that may be targeted by adversaries and work to isolate and secure those systems against unauthorized access and tampering.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1610"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1610</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1610"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Deploy Container</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1482"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1482</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1482"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Domain Trust Discovery</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Employ network segmentation for sensitive domains.</span><a href="https://posts.specterops.io/a-guide-to-attacking-domain-trusts-971e52cb2944"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[2]</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1048</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exfiltration Over Alternative Protocol</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.</span><a href="https://technet.microsoft.com/en-us/library/cc700828.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exfiltration Over Symmetric Encrypted Non-C2 Protocol</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.</span><a href="https://technet.microsoft.com/en-us/library/cc700828.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exfiltration Over Asymmetric Encrypted Non-C2 Protocol</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.</span><a href="https://technet.microsoft.com/en-us/library/cc700828.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1048/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exfiltration Over Unencrypted Non-C2 Protocol</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Follow best practices for network firewall configurations to allow only necessary ports and traffic to enter and exit the network.</span><a href="https://technet.microsoft.com/en-us/library/cc700828.aspx"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[3]</span></a></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1190"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1190</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1190"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exploit Public-Facing Application</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1210"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1210</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1210"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exploitation of Remote Services</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Segment networks and systems appropriately to reduce access to critical systems and services to controlled methods.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1133"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1133</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1133"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">External Remote Services</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1046"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1046</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1046"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Service Discovery</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure proper network segmentation is followed to protect critical servers and devices.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1040"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1040</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1040"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Sniffing</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny direct access of broadcasts and multicast sniffing, and prevent attacks such as </span><a href="https://attack.mitre.org/techniques/T1557/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">LLMNR/NBT-NS Poisoning and SMB Relay</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1095"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1095</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1095"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Non-Application Layer Protocol</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Properly configure firewalls and proxies to limit outgoing traffic to only necessary ports and through proper network gateway systems. Also ensure hosts are only provisioned to communicate over authorized interfaces.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1571"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1571</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1571"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Non-Standard Port</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Properly configure firewalls and proxies to limit outgoing traffic to only necessary ports for that particular network segment.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1563"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1563</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1563"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Service Session Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enable firewall rules to block unnecessary traffic between network security zones within a network.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1563/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1563/002"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">RDP Hijacking</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enable firewall rules to block RDP traffic between network security zones within a network.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1021"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1021</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1021/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1021"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Services</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1021/001"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Desktop Protocol</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Do not leave RDP accessible from the internet. Enable firewall rules to block RDP traffic between network security zones within a network.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1021/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1021"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Services</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1021/003"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Distributed Component Object Model</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enable Windows firewall, which prevents DCOM instantiation by default.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1021/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.006</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1021"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Remote Services</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1021/006"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Windows Remote Management</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">If the service is necessary, lock down critical enclaves with separate WinRM infrastructure and follow WinRM best practices on use of host firewalls to restrict WinRM access to allow communication only to/from specific devices.</span><a href="https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">[4]</span></a></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1489"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1489</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1489"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Service Stop</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Operate intrusion detection, analysis, and response systems on a separate network from the production environment to lessen the chances that an adversary can see and interfere with critical response functions.</span></p></td></tr><tr style="height:29.25pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1072"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1072</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1072"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Software Deployment Tools</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure proper system isolation for critical network systems through use of firewalls.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1199"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1199</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1199"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Trusted Relationship</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Network segmentation can be used to isolate infrastructure components that do not require broad network access.</span></p></td></tr><tr style="height:42.75pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1552"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1552</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1552/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">.007</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1552"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Unsecured Credentials</span></a><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: </span><a href="https://attack.mitre.org/techniques/T1552/007"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Container API</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td colspan="2" style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1669"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">T1669</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1669"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Wi-Fi Networks</span></a></p></td><td style="border-left:solid #dfdfdf 0.416667pt;border-right:solid #dfdfdf 0.416667pt;border-bottom:solid #dfdfdf 0.416667pt;border-top:solid #dfdfdf 0.416667pt;vertical-align:top;background-color:#efefef;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Network segmentation can be used to isolate infrastructure components that do not require broad network access. Separate networking environments for Wi-Fi and Ethernet-wired networks, particularly where Ethernet-based networks allow for access to sensitive resour</span></p></td></tr></tbody></table></div></span>