T1526 | ||
PurposeAn adversary may attempt to enumerate the cloud services running on a system after gaining access, which can be platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS), or software-as-a-service (SaaS). Many services exist throughout the various cloud providers and can include Continuous Integration and Continuous Delivery (CI/CD), Lambda Functions, Azure AD, etc. Azure tools and APIs (Azure AD Graph API and Azure Resource Manager API) can enumerate resources and services, including applications, management groups, resources and policy definitions, and their relationships that are accessible by an identity. Stormspotter is an open source tool for enumerating and constructing a graph for Azure resources and services. Pacu is an open source AWS exploitation framework that supports several methods for discovering cloud services. | Included alerts
| PrerequisitesDATA SOURCES
LOOKUPS |
T1531 | ||
PurposeAdversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users (delete, lock or manipulate) to subsequently log off and/or perform a System Shutdown/Reboot to set malicious changes into place. In Windows, Net utility ( Adversaries who use ransomware or similar attacks may first perform this and other Impact behaviors, such as Data Destruction and Defacement, in order to impede incident response/recovery before completing the Data Encrypted for Impact objective. | Included alerts
| PrerequisitesDATA SOURCES
LOOKUPS |
General
Content
Integrations