gregclermont
mgraeber-rc
/ MITRE_Attack_WindowsAppControl.csv
Created
February 8, 2021 18:58
Windows-specific MITRE ATT&CK techniques application control prevention assessment. This is a first attempt to assess the extent to which application control solutions would mitigate/prevent attack techniques. Note: this highly subjective assessment assumes a system that enforces an application control solution that at a minimum allows all Windo…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID | Name | MitigatedByAppControl | Notes | |
|---|---|---|---|---|
| T1001 | Data Obfuscation | Not Applicable | Relevant sub-techniques addressed below | |
| T1001.001 | Junk Data | No | Technique is not necessarily related to the execution of arbitrary code on an endpoint. | |
| T1001.002 | Steganography | Limited | If custom attacker code were necessary to perform this technique, it would be prevented. | |
| T1001.003 | Protocol Impersonation | Limited | If custom attacker code were necessary to perform this technique, it would be prevented. | |
| T1003 | OS Credential Dumping | Not Applicable | Relevant sub-techniques addressed below | |
| T1003.001 | LSASS Memory | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.002 | Security Account Manager | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.003 | NTDS | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.004 | LSA Secrets | Limited | Built-in utilities exist to perform this technique. |