Coverage
MAAD-AF provides testing coverage for nearly 50% of all MITRE techniques across O365, Azure AD and SaaS matrices combined.
Coverage MAP
Techniques List
| Tactic | Technique ID | Technique |
|---|---|---|
| Collection | T1114 | Email Collection |
| Collection | T1213 | Data from Information Repositories |
| Collection | T1119 | Automated Collection |
| Collection | T1530 | Data from Cloud Storage |
| Credential Access | T1528 | Steal Application Access Token |
| Credential Access | T1110 | Brute Force |
| Credential Access | T1556 | Modify Authentication Process |
| Defense Evasion | T1564 | Hide Artifacts |
| Defense Evasion | T1562 | Impair Defenses |
| Defense Evasion | T1078 | Valid Accounts |
| Defense Evasion | T1484 | Domain Policy Modification |
| Defense Evasion | T1556 | Modify Authentication Process |
| Discovery | T1069 | Permission Groups Discovery |
| Discovery | T1087 | Account Discovery |
| Impact | T1531 | Account Access Removal |
| Initial Access | T1078 | Valid Accounts |
| Persistence | T1098 | Account Manipulation |
| Persistence | T1078 | Valid Accounts |
| Persistence | T1136 | Create Account |
| Persistence | T1556 | Modify Authentication Process |
| Privilege Escalation | T1078 | Valid Accounts |
Open in MITRE Navigator
Download the MITRE layer file provided below to load & review MAAD-AF associated techniques in MITRE ATT&CK Navigator.