<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1489

          術語表: /attack/glossary

          服務停止

          對手可能會停止或禁用系統上的服務,以使合法用戶無法使用這些服務。停止關鍵服務可能會抑制或停止對事件的響應,或者有助于對手的總體目標,從而對環境造成破壞。

          攻擊者可以通過禁用對組織非常重要的單個服務來實現此目的,例如MSExchangeIS,這將使Exchange內容不可訪問。在某些情況下,對手可能會停止或禁用許多或所有服務,從而使系統無法使用。服務可能不允許在運行時對其數據存儲進行修改。對手可能會停止服務,以便對Exchange和SQL Server等服務的數據存儲區進行數據銷毀或加密處理,以對數據存儲產生影響。

          Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.

          Adversaries may accomplish this by disabling individual services of high importance to an organization, such as MSExchangeIS, which will make Exchange content inaccessible . In some cases, adversaries may stop or disable many or all services to render systems unusable. Services may not allow for modification of their data stores while running. Adversaries may stop services in order to conduct Data Destruction or Data Encrypted for Impact on the data stores of services like Exchange and SQL Server.

          標簽

          ID編號: T1489

          策略: 影響

          平臺: Windows

          所需權限: 管理員,SYSTEM,用戶

          數據源: 進程命令行參數,進程監視,Windows注冊表,API監視

          影響類型: 可用性

          緩解措施

          緩解 描述
          網絡細分(M1030) 在與生產環境不同的網絡上操作入侵檢測,分析和響應系統,以減少對手看到和干擾關鍵響應功能的機會。
          限制文件和目錄權限(M1022) 確保適當的流程和文件許可權已到位,以禁止對手禁用或干擾關鍵服務。
          限制注冊表權限(M1024) 確保適當的注冊表權限到位,以阻止對手禁用或干擾關鍵服務。
          用戶帳號管理(M1018) 限制用戶帳戶和組的特權,以便只有授權的管理員才能與服務更改和服務配置進行交互。
          Mitigation Description
          Network Segmentation(M1030) Operate intrusion detection, analysis, and response systems on a separate network from the production environment to lessen the chances that an adversary can see and interfere with critical response functions.
          Restrict File and Directory Permissions (M1022) Ensure proper process and file permissions are in place to inhibit adversaries from disabling or interfering with critical services.
          Restrict Registry Permissions(M1024) Ensure proper registry permissions are in place to inhibit adversaries from disabling or interfering with critical services.
          User Account Management(M1018) Limit privileges of user accounts and groups so that only authorized administrators can interact with service changes and service configurations.

          檢測

          監視進程和命令行參數以查看關鍵進程是終止還是停止運行。

          監視注冊表編輯器,以對與非常重要的服務相對應的服務和啟動程序進行修改。查找與已知軟件,補丁程序周期等不相關的服務注冊表項更改。服務信息存儲在注冊表中的HKLM\SYSTEM\CurrentControlSet\Services。

          服務二進制路徑的更改或服務啟動類型更改為“禁用”可能是可疑的。

          具有內置功能的遠程訪問工具可以直接與Windows API交互,以在典型的系統實用程序之外執行這些功能。例如,ChangeServiceConfigW可能被對手用來阻止服務啟動。

          Monitor processes and command-line arguments to see if critical processes are terminated or stop running.

          Monitor Registry edits for modifications to services and startup programs that correspond to services of high importance. Look for changes to service Registry entries that do not correlate with known software, patch cycles, etc. Service information is stored in the Registry at HKLM\SYSTEM\CurrentControlSet\Services.

          Alterations to the service binary path or the service startup type changed to disabled may be suspicious.

          Remote access tools with built-in features may interact directly with the Windows API to perform these functions outside of typical system utilities. For example, ChangeServiceConfigW may be used by an adversary to prevent services from starting.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看