Skip to main content

ATT&CK

Your company heavily relies on cloud services like Azure AD, and Office 365 publicly. What technique should you focus on mitigating, to prevent an attacker performing Discovery activities if they have obtained valid credentials? (Hint: Not using an API to interact with the cloud environment!)

Answer

T1538

 

You were analyzing a log and found uncommon data flow on port 4050. What APT group might this be?

Answer

G0099

 

The framework has a list of 9 techniques that falls under the tactic to try to get into your network. What is the tactic ID?

Answer

TA0001

 

A software prohibits users from accessing their account by deleting, locking the user account, changing password etc. What such software has been documented by the framework?

Answer

S0372

 

Using ‘Pass the Hash’ technique to enter and control remote systems on a network is common. How would you detect it in your company?

Answer

Monitor newly created logons and credentials used in events and review for discrepancies