Skip to content

Hide Navigation Hide TOC

Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f)

Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.

Cluster A Galaxy A Cluster B Galaxy B Level
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Build Image on Host - T1612 (800f9819-7007-4540-a520-40e655876800) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Hardware Additions - T1200 (d40239b3-05ff-46d8-9bdd-b46d13463ef9) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern Limit Access to Resource Over Network - M1035 (1dcaeb21-9348-42ea-950a-f842aaf1ae1f) Course of Action 1
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 2
TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) Attack Pattern Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2