Impair Defenses

Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify malicious behavior. This may also span both native defenses as well as supplemental capabilities installed by users and administrators.

ID: T2032
Sub-techniques:  T2032.001, T2032.002, T2032.003
Tactic: Defense Evasion
Version: 1.0
Created: 03 December 2023
Last Modified: 03 December 2023
ATT&CK Reference:  T1562

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.