ATT&CK

Please read this part and look it up, I’m too lazy to cite evidence TT

Your company heavily relies on cloud services like Azure AD, and Office 365 publicly. What technique should you focus on mitigating, to prevent an attacker performing Discovery activities if they have obtained valid credentials? (Hint: Not using an API to interact with the cloud environment!) (2 points)

T1538

You were analyzing a log and found uncommon data flow on port 4050. What APT group might this be? (2 points)

G0099

The framework has a list of 9 techniques that falls under the tactic to try to get into your network. What is the tactic ID? (2 points)

TA001

A software prohibits users from accessing their account by deleting, locking the user account, changing password etc. What such software has been documented by the framework? (2 points)

S0372

Using ‘Pass the Hash’ technique to enter and control remote systems on a network is common. How would you detect it in your company? (2 points)

Monitor newly created logons and credentials used in events and review for discrepancies

goodbye, thank you for reading until now //~//