Skip to content

Hide Navigation Hide TOC

Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c)

Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.

Cluster A Galaxy A Cluster B Galaxy B Level
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 1
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Build Image on Host - T1612 (800f9819-7007-4540-a520-40e655876800) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern 1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern 1
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) Attack Pattern 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 1
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action 1
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) Course of Action Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 1
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 2
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) Attack Pattern Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern 2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 2
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) Attack Pattern 2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 2