Adversaries may search public code repositories for information about victims that can be used during targeting. Victims may store code in repositories on various third-party websites such as GitHub, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git.
Adversaries may search various public code repositories for various information about a victim. Public code repositories can often be a source of various general information about victims, such as commonly used programming languages and libraries as well as the names of employees. Adversaries may also identify more sensitive data, including accidentally leaked credentials or API keys.(Citation: GitHub Cloud Service Credentials) Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information), establishing operational resources (ex: Compromise Accounts or Compromise Infrastructure), and/or initial access (ex: Valid Accounts or Phishing).
Note: This is distinct from Code Repositories, which focuses on Collection from private and internally hosted code repositories.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.PS-06.01 | Secure SDLC process | Mitigates | T1593.003 | Code Repositories |
Comments
This diagnostic statement provides for the use of secure development processes and procedures. This includes avoiding publishing sensitive information such as credentials and API keys when uploading to public code repositories.
References
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1593.003 | Code Repositories |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
References
|
| PR.PS-06.07 | Development and operational process alignment | Mitigates | T1593.003 | Code Repositories |
Comments
This diagnostic statement protects against Code Repositories through the use of DevSecOps, secure development lifecycle, and application developer guidance. Exploitable weaknesses can be mitigated through secure code, reduced vulnerabilities, and secure design principles.
References
|
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CM-08 | System Component Inventory | mitigates | T1593.003 | Code Repositories |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| devops_security | Microsoft Defender for Cloud: DevOps Security | technique_scores | T1593.003 | Code Repositories |
Comments
This control can protect code repositories by employing DevSecOps best practices.
References
|