<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1531

          術語表: /attack/glossary

          帳戶訪問權限刪除

          攻擊者可能會禁止訪問合法用戶使用的帳戶,從而中斷系統和網絡資源的可用性??梢詣h除,鎖定或操縱帳戶(例如更改憑據)以刪除對帳戶的訪問。

          攻擊者還可能隨后注銷和/或重新啟動框以將惡意更改設置到位

          Account Access Removal

          Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts.

          Adversaries may also subsequently log off and/or reboot boxes to set malicious changes into place

          標簽

          策略: 影響( Impact )

          平臺: Linux,macOS,Windows

          所需權限: user,administrator,root,SYSTEM

          數據源: Windows事件日志,進程命令行參數,進程監視

          影響類型: 可用性( Availability )

          程序示例

          名稱 描述
          LockerGoga 發現LockerGoga會更改帳戶密碼并注銷當前用戶(LockerGoga has been observed changing account passwords and logging off current users.)

          緩解措施

          這種攻擊技術無法通過預防性控制輕松緩解,因為它基于濫用系統功能。

          This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

          檢測

          使用過程監視來監視與刪除帳戶或更改密碼有關的二進制文件的執行和命令行參數,例如使用Net。Windows事件日志還可以指定與對手試圖刪除對帳戶的訪問權相關的活動:

          • 事件ID 4723-試圖更改帳戶密碼
          • 事件ID 4724-嘗試重置帳戶密碼
          • 事件ID 4726-用戶帳戶已刪除
          • 事件ID 4740-用戶帳戶被鎖定

          網絡警報和這些事件ID可能會產生很高的誤報率,因此請與有關系統通常使用方式的基準知識進行比較,并在可能的情況下將修改事件與其他惡意活動指示相關聯。

          Use process monitoring to monitor the execution and command line parameters of binaries involved in deleting accounts or changing passwords, such as use of Net. Windows event logs may also designate activity associated with an adversary's attempt to remove access to an account:

          • Event ID 4723 - An attempt was made to change an account's password
          • Event ID 4724 - An attempt was made to reset an account's password
          • Event ID 4726 - A user account was deleted
          • Event ID 4740 - A user account was locked out

          Alerting on Net and these Event IDs may generate a high degree of false positives, so compare against baseline knowledge for how systems are typically used and correlate modification events with other indications of malicious activity where possible.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看