MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive knowledge base of tactics, techniques and procedures that adversaries use to conduct cyber-attacks. The MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

User Account Control (UAC) is a security feature in Windows that helps prevent unauthorized changes to a computer by prompting the user for permission before allowing certain actions to take place.

Audit Policy: Object Access: SAM is a setting in the Windows operating system that controls the auditing of security events related to access to the Security Accounts Manager (SAM) database. The SAM database is used to store user account information, including login credentials, on a Windows system. When the setting is enabled, the system will generate an audit event in the security log of the event viewer every time an attempt is made to access the SAM database.

Network security: LAN Manager authentication level setting in Windows controls the level of authentication used by the LAN Manager (NTLM) protocol. LAN Manager (LM) and NTLM are the Microsoft Windows implementations of the challenge-response protocols used for authentication.

Audit Policy: Object Access: Certification Services” is a setting in the Windows operating system that controls whether or not the system generates audit events when a certificate is requested or used for authentication purposes.

Audit Policy: Object Access: File System is a setting in the Microsoft Windows operating system that determines whether the system generates audit events when certain actions are taken on files and directories stored on the file system. When this setting is enabled, the system will log events such as when a file or directory is read, written to, or deleted. This can be useful for tracking changes to sensitive files or for troubleshooting issues with file access.

A list of 18 procedures (reduced from 20), or “controls,” recommended by the Center for Internet Security (CIS), must be followed to build an IT infrastructure resistant to cyberattacks. The CIS 4th Control advises to establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications) (4.1).

To give system managers a number of advantages over traditional interfaces for streamlining and automating administrative chores, Microsoft created PowerShell, a built-in scripting language and command-line executor. The strength of PowerShell renders it a handy instrument for attackers to conduct file-less exploits, which are challenging to block and identify. Essentially, the PowerShell script is a simple text file with an a.ps1 extension. When you execute the file on the prompt, it will begin to run.

Linux servers have been in use for specific uses for a long time. One ought to be conscious that a new Linux server’s degree of protection is exceptionally low by default configuration. This is in order to permit as much functionality and competency as feasible while installing it. Consequently, it’s essential to carry out fundamental hardening procedures prior to installing the server in a production environment.

Microsoft Windows 10 tops the list in terms of users around the world. Among those users, some belong to IT backgrounds but a majority of those users are not acquainted with IT, which means that they have limited knowledge about cybersecurity and its importance. Companies like Microsoft are prone to multiple attacks by bounty hunters or even black hat hackers intending to disturb the company’s operations.