risks / Defense destruction


Allows an attacker to disable or remove defense mechanism, such as IDS, antivirus, and the like. Note that other mechanisms may serve as defense mechanisms but are explicitly separate (see `destruction:logs` and `destruction:policy`)


This risk allows an attacker to evade detection, allowing the attacker to exploit additional risks without detection, and prevent exploit remediation.


  1. Monitor defense system metrics


  1. https:/​/​attack.mitre.org/​techniques/​T1562/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

© 2023–present P0 Security and contributors to the IAM Privilege Catalog