ATT&CK
Your company heavily relies on cloud services like Azure AD, and Office 365 publicly. What technique should you focus on mitigating, to prevent an attacker performing Discovery activities if they have obtained valid credentials? (Hint: Not using an API to interact with the cloud environment!)
Answer
T1538
You were analyzing a log and found uncommon data flow on port 4050. What APT group might this be?
Answer
G0099
The framework has a list of 9 techniques that falls under the tactic to try to get into your network. What is the tactic ID?
Answer
TA0001
A software prohibits users from accessing their account by deleting, locking the user account, changing password etc. What such software has been documented by the framework?
Answer
S0372
Using ‘Pass the Hash’ technique to enter and control remote systems on a network is common. How would you detect it in your company?
Answer
Monitor newly created logons and credentials used in events and review for discrepancies