Skip to content

Hide Navigation Hide TOC

Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462)

Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.

Cluster A Galaxy A Cluster B Galaxy B Level
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Active Directory Configuration - M1015 (e3388c78-2a8d-47c2-8422-c1398b324462) Course of Action 1
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern 2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2