<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1536

          術語表: /attack/glossary

          還原云實例

          攻擊者在執行惡意活動后可能會撤回對云實例所做的更改,以逃避檢測并刪除其存在的證據。在高度虛擬化的環境(如基于云的基礎架構)中,可以通過云管理儀表板使用VM或數據存儲快照的還原來輕松實現此目的。該技術的另一個變體是利用附加到計算實例的臨時存儲。大多數云提供商都提供各種類型的存儲,包括持久性存儲,本地存儲和/或臨時存儲,后者通常在VM停止/重新啟動時重置。

          Revert Cloud Instance

          An adversary may revert changes made to a cloud instance after they have performed malicious activities in attempt to evade detection and remove evidence of their presence. In highly virtualized environments, such as cloud-based infrastructure, this may be easily facilitated using restoration from VM or data storage snapshots through the cloud management dashboard. Another variation of this technique is to utilize temporary storage attached to the compute instance. Most cloud providers provide various types of storage including persistent, local, and/or ephemeral, with the latter types often reset upon stop/restart of the VM

          標簽

          ID編號: T1536

          策略:繞過防御

          平臺: AWS,GCP,Azure

          所需權限: user,administrator

          數據源: Azure OS日志,AWS CloudTrail日志,Azure活動日志,Stackdriver日志,AWS OS日志

          緩解措施

          這種攻擊技術無法通過預防性控制輕松緩解,因為它基于濫用系統功能。

          This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

          檢測

          建立實例活動的集中日志記錄,即使恢復到快照,回滾更改或更改存儲的持久性/類型后,也可以用于監視和查看系統事件。專門監視與快照和回滾以及VM配置更改相關的事件,這些事件是在正?;顒又獍l生的。為了減少誤報,有效的變更管理過程可以引入已知的標識符,該標識符隨變更一起記錄(例如,標簽或標頭),如果云提供商支持的話,以幫助區分有效的預期行為和惡意行為。

          Establish centralized logging of instance activity, which can be used to monitor and review system events even after reverting to a snapshot, rolling back changes, or changing persistence/type of storage. Monitor specifically for events related to snapshots and rollbacks and VM configuration changes, that are occurring outside of normal activity. To reduce false positives, valid change management procedures could introduce a known identifier that is logged with the change (e.g. tag or header) if supported by the cloud provider, to help distinguish valid, expected actions from malicious ones.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看