SOC Incident Toolkit
Back to Campaigns
Operation CrackArmor

Operation CrackArmor

AppArmorPrivilege EscalationLinux

Operation CrackArmor involves critical vulnerabilities in AppArmor that allow local privilege escalation to root. The campaign targets Linux systems, exploiting flaws to gain unauthorized access and control.

Indicators of Compromise

Hashes (2)

5b02ee8934f5d6ad2630dad759b5826b89c266e5d2f2d2574c36ebec5a37a711e61c9f4d5c11ecdba5c831a044a2d242c6631236201bdcb59b97e049457c23da

Notes

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">CONCLUSION<br></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">The Operation CrackArmor campaign highlights the critical need for patch management and monitoring of Linux systems to prevent privilege escalation attacks. Organizations should prioritize updating AppArmor and implementing robust detection mechanisms.</span></div><div><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span></div>

Mitigation

<div style="line-height: 1.38; margin-top: 8pt; margin-bottom: 2pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITIGATION<br></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1026 - Privileged Account Management, Mitigation M1026 - Enterprise | MITRE ATT&amp;CK®</span></div><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse; table-layout: fixed; width: 468pt;"><colgroup><col><col><col><col></colgroup><tbody><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1548</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Abuse Elevation Control Mechanism</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Remove users from the local administrator group on systems. By requiring a password, even if an adversary can get terminal access, they must know the password to run anything in the sudoers file. Setting the timestamp_timeout to 0 will require the user to input their password every time sudo is executed.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Bypass User Account Control</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Sudo and Sudo Caching</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.006</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TCC Manipulation</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1134</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Access Token Manipulation</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit permissions so that users and user groups cannot create tokens. This setting should be defined for the local system account only. GPO: Computer Configuration &gt; [Policies] &gt; Windows Settings &gt; Security Settings &gt; Local Policies &gt; User Rights Assignment: Create a token object. [[1]](https://docs.microsoft.com/windows/device-security/security-policy-settings/create-a-token-object) Also define who can create a process level token to only the local and network service through GPO: Computer C...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.001</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Token Impersonation/Theft</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Create Process with Token</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Make and Impersonate Token</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1098</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Account Manipulation</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Do not allow domain administrator accounts to be used for day-to-day operations that may expose them to potential adversaries on unprivileged systems.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.001</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Additional Cloud Credentials</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Additional Email Delegate Permissions</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Additional Cloud Roles</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1547</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.006</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Boot or Logon Autostart Execution: Kernel Modules and Extensions</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1612</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Build Image on Host</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure containers are not running as root by default. In Kubernetes environments, consider defining Pod Security Standards that prevent pods from running privileged containers.[[5]](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF)</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1651</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Cloud Administration Command</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit the number of cloud accounts with permissions to remotely execute commands on virtual machines, and ensure that these are not used for day-to-day operations. In Azure, limit the number of accounts with the roles Azure Virtual Machine Contributer and above, and consider using temporary Just-in-Time (JIT) roles to avoid permanently assigning privileged access to virtual machines.[[6]](https://www.mandiant.com/resources/blog/azure-run-command-dummies)</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1059</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Command and Scripting Interpreter</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">When PowerShell is necessary, consider restricting PowerShell execution policy to administrators. Be aware that there are methods of bypassing the PowerShell execution policy, depending on environment configuration.[[7]](https://www.netspi.com/blog/technical-blog/network-penetration-testing/15-ways-to-bypass-the-powershell-execution-policy/) PowerShell JEA (Just Enough Administration) may also be used to sandbox administration and limit what commands admins/users can execute through remote Po...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.001</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">PowerShell</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.008</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Network Device CLI</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.009</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Cloud API</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.013</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Container CLI/API</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1609</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Container Administration Command</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure containers are not running as root by default. In Kubernetes environments, consider defining Pod Security Standards that prevent pods from running privileged containers and using the NodeRestriction admission controller to deny the kublet access to nodes and pods outside of the node it belongs to.[[5]](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF)[[11]](https://kubernetes.io/docs/reference/access-authn-authz/admission-contr...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1136</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Create Account</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit the number of accounts with permissions to create other accounts. Do not allow domain administrator accounts to be used for day-to-day operations that may expose them to potential adversaries on unprivileged systems.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.001</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Local Account</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain Account</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Cloud Account</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1543</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Create or Modify System Process</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Systemd Service</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1555</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Credentials from Password Stores</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit the number of accounts and services with permission to query information from password stores to only those required. Ensure that accounts and services with permissions to query password stores only have access to the secrets they require.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.006</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Cloud Secrets Management Stores</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1484</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain or Tenant Policy Modification</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use least privilege and protect administrative access to the Domain Controller and Active Directory Federation Services (AD FS) server. Do not create service accounts with administrative privileges.</span></p></td></tr></tbody></table></div><h3 style="line-height: 1.38; margin-top: 8pt; margin-bottom: 2pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1050 - Exploit Protection, Mitigation M1050 - Enterprise | MITRE ATT&amp;CK®</span></h3><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse; table-layout: fixed; width: 468pt;"><colgroup><col><col><col><col></colgroup><tbody><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1189</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Drive-by Compromise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior.[[1]](https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring.[[2]](https://en.wikipedia.org/wiki/Control-flow_i...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1190</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploit Public-Facing Application</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Web Application Firewalls may be used to limit exposure of applications to prevent exploit traffic from reaching the application.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1203</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploitation for Client Execution</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. [[1]](https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. [[2]](https://en.wikipedia.org/wiki/Control-flow...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1212</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploitation for Credential Access</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior.[[1]](https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring.[[2]](https://en.wikipedia.org/wiki/Control-flow_i...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1211</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploitation for Defense Evasion</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. [[1]](https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. [[2]](https://en.wikipedia.org/wiki/Control-flow...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1068</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploitation for Privilege Escalation</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. [[1]](https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. [[2]](https://en.wikipedia.org/wiki/Control-flow...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1210</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exploitation of Remote Services</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. [[1]](https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. [[2]](https://en.wikipedia.org/wiki/Control-flow...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1218</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System Binary Proxy Execution</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Microsoft's Enhanced Mitigation Experience Toolkit (EMET) Attack Surface Reduction (ASR) feature can be used to block methods of using using trusted binaries to bypass application control.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.010</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Regsvr32</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.011</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Rundll32</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.015</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Electron Applications</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1080</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Taint Shared Content</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use utilities that detect or mitigate common features used in exploitation, such as the Microsoft Enhanced Mitigation Experience Toolkit (EMET).</span></p></td></tr></tbody></table></div><h3 style="line-height: 1.38; margin-top: 8pt; margin-bottom: 2pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1017 - User Training, Mitigation M1017 - Enterprise | MITRE ATT&amp;CK®</span></h3><br><div align="left" style="margin-left: 0pt;"><table style="border: none; border-collapse: collapse;"><colgroup><col><col><col><col></colgroup><tbody><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(61, 96, 144); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1557</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversary-in-the-Middle</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train users to be suspicious about certificate errors. Adversaries may use their own certificates in an attempt to intercept HTTPS traffic. Certificate errors may arise when the application’s certificate does not match the one expected by the host.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ARP Cache Poisoning</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.004</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Evil Twin</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1547</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.007</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Boot or Logon Autostart Execution: Re-opened Applications</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1185</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Browser Session Hijacking</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Close all browser sessions regularly and when they are no longer needed.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1555</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Credentials from Password Stores: Credentials from Web Browsers</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.005</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Credentials from Password Stores: Password Managers</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1213</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Data from Information Repositories</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Develop and publish policies that define acceptable information to be stored in repositories.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.001</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Confluence</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Sharepoint</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Code Repositories</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.004</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Customer Relationship Management Software</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.005</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Messaging Applications</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.006</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Databases</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1189</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Drive-by Compromise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1667</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Email Bombing</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful social engineering via e-mail bombing.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1657</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Financial Theft</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train and encourage users to identify social engineering techniques used to enable financial theft. Also consider training users on procedures to prevent and respond to swatting and doxing, acts increasingly deployed by financially motivated groups to further coerce victims into satisfying ransom/extortion demands.[[2]](https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf)[[3]](https://www.beckershospitalreview.com/cybersecurity/hackers-threaten-to-send-swat-teams-to-fred-...</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1656</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Impersonation</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train users to be aware of impersonation tricks and how to counter them, for example confirming incoming requests through an independent platform like a phone call or in-person, to reduce risk.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1056</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Input Capture: GUI Input Capture</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1036</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Masquerading</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train users not to open email attachments or click unknown links (URLs). Such training fosters more secure habits within your organization and will limit many of the risks.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.007</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Double File Extension</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1556</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.001</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Modify Authentication Process: Domain Controller Authentication</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1111</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Multi-Factor Authentication Interception</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Remove smart cards when not in use.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1621</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Multi-Factor Authentication Request Generation</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train users to only accept 2FA/MFA requests from login attempts they initiated, to review source location of the login attempt prompting the 2FA/MFA requests, and to report suspicious/unsolicited prompts.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1027</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Obfuscated Files or Information</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ensure that a finite amount of ingress points to a software deployment system exist with restricted access for those required to allow and enable newly deployed software.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Enterprise</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">OS Credential Dumping</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit credential overlap across accounts and systems by training users and administrators not to use the same password for multiple accounts.</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.001</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">LSASS Memory</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.002</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Security Account Manager</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.003</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">NTDS</span></p></td></tr><tr style="height: 0pt;"><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><br></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">.004</span></p></td><td style="border-width: 1pt; border-style: solid; border-color: rgb(0, 0, 0); vertical-align: top; background-color: rgb(238, 241, 248); padding: 5pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="margin-top: 0pt; margin-bottom: 0pt; line-height: 1.2;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">LSA Secrets</span></p></td></tr></tbody></table></div>