{"description": "ICS techniques mitigated by Exploit Protection, ATT&CK mitigation M0950 (v1.0)", "name": "Exploit Protection (M0950)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0817", "comment": "Utilize exploit protection to prevent activities which may be exploited through malicious web sites.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0819", "comment": "Web Application Firewalls may be used to limit exposure of applications to prevent exploit traffic from reaching the application. (Citation: Karen Scarfone; Paul Hoffman September 2009)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0820", "comment": "Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. (Citation: Microsoft Security Response Center August 2017) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. (Citation: Wikipedia) Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0890", "comment": "Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. (Citation: Microsoft Security Response Center August 2017) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. (Citation: Wikipedia) Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0866", "comment": "Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. (Citation: Microsoft Security Response Center August 2017) Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. (Citation: Wikipedia) Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Exploit Protection", "color": "#66b1ff"}]}