Scenario

You are hired as a Blue Team member for a company. You are assigned to perform threat intelligence for the company. See how you can operationalize the MITRE ATT&CK framework to solve these scenario-based problems.

https://blueteamlabs.online/home/challenge/attck-0e4914db5d

1- Your company heavily relies on cloud services like Azure AD, and Office 365 publicly. What technique should you focus on mitigating, to prevent an attacker performing Discovery activities if they have obtained valid credentials? (Hint: Not using an API to interact with the cloud environment!)

T1538

from what we know its a technique let the attacker with stolen credentials to login into cloud provider dashboard and we know dashboard because it say not using api

2- You were analyzing a log and found uncommon data flow on port 4050. What APT group might this be?

G0099

3- The framework has a list of 9 techniques that falls under the tactic to try to get into your network. What is the tactic ID?

TA001

try to get into your network aligns with Initial Access but if you take a look at Initial Access now it have 11 techniques this shows how the framework evolves over time as new techniques are observed and documented

4- A software prohibits users from accessing their account by deleting, locking the user account, changing password etc. What such software has been documented by the framework?