Info
ID: AT-001
Tactic: Initial Access
MITRE technique: TA0001
Payload Delivery\Gain Access
Payload Delivery, or Gaining Access, consists of techniques adversaries use to place malicious content into a target application environment in order to establish an initial foothold. Examples include compromising software supply chains, injecting payloads via API or file uploads, bypassing authentication controls, leveraging valid credentials, or using trusted external repositories. Successful delivery creates the conditions needed for later execution and persistence within modern application platforms.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| AM-M0001 | Network Segmentation | Implement robust network segmentation to limit an attacker's ability to move laterally after gaining initial access. |
| AM-M0002 | Multi-Factor Authentication | Deploy MFA across all user accounts, especially for external-facing services and VPNs, to mitigate the risk of credential-based attacks. |
| AM-M0003 | Regular Patching | Maintain a rigorous patching schedule for all systems, prioritizing external-facing assets to reduce the attack surface. |
| AM-M0004 | Email Filtering | Implement advanced email filtering solutions to detect and block phishing attempts and malicious attachments. |
| AM-M0005 | User Awareness Training | Conduct regular security awareness training to educate users about social engineering tactics and safe browsing practices. |