l

Standard Users – UB Software

Standard Users
Privileged Users

Email
Devices
Users
Network
Software
Authentication
Content


UB – User Behaviour Rp -Related Page K -KQL Queries W– WebSites M – MITRE ATT&CK Reference

SCKIPT User Behaviour Matrix (Standard Users)
Source (UB)
Case Scenario (C)
Known Interactions (K)
Protection (P)
Threats (T)
UB5. Software
UB5.C1 Software updates
UB5.C2 Install software plugin and add-ons
UB5.C3 Software configurations
UB5.C1.K1 Install third-party software
UB5.C1.K2 Software with malicious DLL
UB5.C3.K1 – Users can add exclusions
UB5.C1.K1.P1 Restrict allowed software and requires approval for new programs
UB5.C1.K2.P1 Monitor DLL changes or/and updates
UB5.C2.P1 – Monitor/Restrict allowed software plugins and add-ons
UB5.C3.K1.P1 – Monitor/Restrict allowed exclusions actions
UB5.C1.K1.T1 Install malicious or non-allowed software
UB5.C1.K2.T1 DLL Hijacking
UB5.C2.T1 Malicious plugins or add-ons added into browsers
UB5.C2.T2 Plugins and add-ons added into software programs establishing connections or exchanging data to non-allowed countries
UB5.C3.K1.T1 Users could add exceptions in antivirus, anitmalware or other threat monitoring tools which would let the excluded folders or files vulnerable.

You Missed

1 Case / 1 Protection / 1 Threat / 1 KQL

(UB3.C4.K1) Threat Hunting via Autonomous System Numbers (ASN)

1 Case / 1 Protection / 1 Threat / 1 KQL

(UB3.C4.K1) How non-secure ISPs Aid Attackers in Evading Detection