Skip to content

Hide Navigation Hide TOC

Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3)

Make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques.

Cluster A Galaxy A Cluster B Galaxy B Level
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Exfiltration Over Other Network Medium - T1011 (51ea26b1-ff1e-4faa-b1a0-1114cd298c87) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 1
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 1
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 1
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 1
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 1
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Exfiltration Over Bluetooth - T1011.001 (613d08bc-e8f4-4791-80b0-c8b974340dfd) Attack Pattern 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) Course of Action Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 2
Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern 2
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2
Exfiltration Over Bluetooth - T1011.001 (613d08bc-e8f4-4791-80b0-c8b974340dfd) Attack Pattern Exfiltration Over Other Network Medium - T1011 (51ea26b1-ff1e-4faa-b1a0-1114cd298c87) Attack Pattern 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 2
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2