open-menu
closeme
HackTool - WinPwn Execution
calendar
Dec 4, 2023
·
attack.credential_access
attack.defense_evasion
attack.discovery
attack.execution
attack.privilege_escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Dec 4, 2023
·
attack.credential_access
attack.defense_evasion
attack.discovery
attack.execution
attack.privilege_escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Function Call From Undocumented COM Interface EditionUpgradeManager
calendar
Dec 4, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - winPEAS Execution
calendar
Dec 4, 2023
·
attack.privilege_escalation
attack.t1082
attack.t1087
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Malware Shellcode in Verclsid Target Process
calendar
Dec 4, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Hollowing Activity
calendar
Dec 4, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055.012
·
Share on:
twitter
facebook
linkedin
copy
Potential Shellcode Injection
calendar
Dec 4, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Dec 1, 2023
·
attack.impact
attack.discovery
attack.collection
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEOP Execution
calendar
Dec 1, 2023
·
cve.2022.41120
attack.t1068
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Nimbuspwn Exploitation
calendar
Dec 1, 2023
·
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
PwnKit Local Privilege Escalation
calendar
Dec 1, 2023
·
attack.privilege_escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed Mavinject.EXE Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shells Spawn by Java Utility Keytool
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
VsCode Powershell Profile Modification
calendar
Dec 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL
calendar
Nov 28, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.007
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Nov 28, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Patterns
calendar
Nov 27, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
stp.1k
·
Share on:
twitter
facebook
linkedin
copy
Potential Access Token Abuse
calendar
Nov 27, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1134.001
stp.4u
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation
calendar
Nov 27, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Nov 27, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation By Uncommon Source Image
calendar
Nov 15, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Installation via Sdbinst.EXE
calendar
Nov 15, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Shell Process Spawned by Java.EXE
calendar
Nov 10, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Nov 10, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Nov 2, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Nov 2, 2023
·
attack.discovery
attack.persistence
attack.defense_evasion
attack.credential_access
attack.privilege_escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - Security
calendar
Nov 2, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - System
calendar
Nov 2, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SQL Query
calendar
Nov 2, 2023
·
attack.exfiltration
attack.initial_access
attack.privilege_escalation
attack.t1190
attack.t1505.001
·
Share on:
twitter
facebook
linkedin
copy
Win Susp Computer Name Containing Samtheadmin
calendar
Nov 2, 2023
·
cve.2021.42278
cve.2021.42287
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
App Role Added
calendar
Oct 28, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Oct 28, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
WMI ActiveScriptEventConsumers Activity Via Scrcons.EXE DLL Load
calendar
Oct 28, 2023
·
attack.lateral_movement
attack.privilege_escalation
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection
calendar
Oct 28, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Profile Modification
calendar
Oct 28, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Sysmon as Execution Parent
calendar
Oct 28, 2023
·
attack.privilege_escalation
attack.t1068
cve.2022.41120
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Oct 28, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential System DLL Sideloading From Non System Locations
calendar
Oct 28, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Oct 26, 2023
·
attack.execution
attack.privilege_escalation
attack.resource_development
attack.t1587
cve.2021.1675
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-24527 Microsoft Connected Cache LPE
calendar
Oct 26, 2023
·
attack.privilege_escalation
attack.t1059.001
cve.2022.24527
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicators Of CVE-2023-20198
calendar
Oct 26, 2023
·
attack.privilege_escalation
attack.initial_access
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
InstallerFileTakeOver LPE CVE-2021-41379 File Create Event
calendar
Oct 26, 2023
·
attack.privilege_escalation
attack.t1068
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation In Uncommon Target Image
calendar
Oct 23, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
Abused Debug Privilege by Arbitrary Parent Processes
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated MSI Spawned Cmd And Powershell
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
AWS Glue Development Endpoint Activity
calendar
Oct 18, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Oct 18, 2023
·
attack.persistence
attack.t1053.003
attack.privilege_escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DotNet CLR DLL Loaded By Scripting Applications
calendar
Oct 18, 2023
·
attack.execution
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpImpersonation Execution
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpUp PrivEsc Tool Execution
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1615
attack.t1569.002
attack.t1574.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - UACMe Akagi Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Malicious Named Pipe Created
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation - Security
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation - System
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
New PDQDeploy Service - Server Side
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD HTTP No Authentication RCE
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.lateral_movement
attack.t1068
attack.t1190
attack.t1203
attack.t1021.006
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.lateral_movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Potential Azure Browser SSO Abuse
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-41379 Exploitation Attempt
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1068
cve.2021.41379
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential ShellDispatch.DLL Sideloading
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential WWlib.DLL Sideloading
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Powershell WMI Persistence
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Suspicious Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.discovery
attack.persistence
attack.privilege_escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Oct 18, 2023
·
attack.persistence
attack.privilege_escalation
attack.discovery
attack.defense_evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
RottenPotato Like Attack Pattern
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.credential_access
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Suspect Svchost Activity
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Oct 18, 2023
·
attack.credential_access
attack.defense_evasion
attack.privilege_escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Third Party Software DLL Sideloading
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Event Viewer
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Dscl
calendar
Oct 18, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via DseditGroup
calendar
Oct 18, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Couldn't Call a Privileged Service 'LsaRegisterLogonProcess'
calendar
Oct 18, 2023
·
attack.lateral_movement
attack.privilege_escalation
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable HackSys Extreme Vulnerable Driver Load
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence
calendar
Oct 18, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Oct 17, 2023
·
attack.persistence
attack.credential_access
attack.privilege_escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Oct 17, 2023
·
attack.t1528
attack.t1078.004
attack.persistence
attack.credential_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Oct 17, 2023
·
attack.t1078
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Oct 17, 2023
·
attack.t1078
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Oct 17, 2023
·
attack.execution
attack.t1203
attack.privilege_escalation
attack.t1068
attack.defense_evasion
attack.t1211
attack.credential_access
attack.t1212
attack.lateral_movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Changes to Device Registration Policy
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1484
·
Share on:
twitter
facebook
linkedin
copy
Changes To PIM Settings
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
DiagTrackEoP Default Login Username
calendar
Oct 17, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
KDC RC4-HMAC Downgrade CVE-2022-37966
calendar
Oct 17, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
KrbRelayUp Attack Pattern
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
KrbRelayUp Service Installation
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Mavinject Inject DLL Into Running Process
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings - ScriptBlockLogging
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit - System
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Kernel Driver Via SC.EXE
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New PDQDeploy Service - Client Side
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand - Auditd
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
PIM Alert Setting Changes To Disabled
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
PIM Approvals And Deny Elevation
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via ClassicExplorer32.dll
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via comctl32.dll
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via JsSchHlp
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Using Symlink Between Osk and Cmd
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Privileged Account Creation
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Service DACL Abuse To Hide Services Via Sc.EXE
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Installation in Suspicious Folder
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sliver C2 Default Service Installation
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Usage - Registry
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
Sudo Privilege Escalation CVE-2019-14287
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1068
attack.t1548.003
cve.2019.14287
·
Share on:
twitter
facebook
linkedin
copy
Sudo Privilege Escalation CVE-2019-14287 - Builtin
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1068
attack.t1548.003
cve.2019.14287
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GetTypeFromCLSID ShellExecute
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Service Creation
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by WinRM
calendar
Oct 17, 2023
·
attack.t1190
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RunAs-Like Flag Combination
calendar
Oct 17, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ScreenSave Change by Reg.exe
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet - PS
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation Script
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Execve Hijack
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using EventVwr
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile - File
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Iscsicpl - ImageLoad
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via ICMLuaUtil
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Windows Firewall Snap-In Hijack
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
User Added To Privilege Role
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
User Added To Root/Sudoers Group Using Usermod
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
User State Changed From Guest To Member
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.initial_access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Users Added to Global or Device Admin Roles
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
VMGuestLib DLL Sideload
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable WinRing0 Driver Load
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574
cve.2021.1675
cve.2021.34527
·
Share on:
twitter
facebook
linkedin
copy
App Granted Privileged Delegated Or App Permissions
calendar
Oct 12, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
AWS Attached Malicious Lambda Layer
calendar
Oct 12, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Root Credentials
calendar
Oct 12, 2023
·
attack.privilege_escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS STS AssumeRole Misuse
calendar
Oct 12, 2023
·
attack.lateral_movement
attack.privilege_escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetSessionToken Misuse
calendar
Oct 12, 2023
·
attack.lateral_movement
attack.privilege_escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Suspicious SAML Activity
calendar
Oct 12, 2023
·
attack.initial_access
attack.t1078
attack.lateral_movement
attack.t1548
attack.privilege_escalation
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Oct 12, 2023
·
attack.persistence
attack.privilege_escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
User Added to an Administrator's Azure AD Role
calendar
Oct 12, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1098.003
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Named Pipe Creation
calendar
Oct 12, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EfsPotato Named Pipe Creation
calendar
Oct 12, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Certificate Use With No Strong Mapping
calendar
Oct 11, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
COM Hijack via Sdclt
calendar
Oct 4, 2023
·
attack.privilege_escalation
attack.t1546
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load
calendar
Oct 4, 2023
·
attack.privilege_escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load By Name
calendar
Oct 4, 2023
·
attack.privilege_escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Event Viewer Child Process
calendar
Oct 4, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load
calendar
Oct 4, 2023
·
attack.privilege_escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load By Name
calendar
Oct 4, 2023
·
attack.privilege_escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Read Access Request
calendar
Sep 29, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Invalid PIM License
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activated Too Frequently
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activation Doesn't Require MFA
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Are Not Being Used
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Assigned Outside PIM
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Stale Accounts In A Privileged Role
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Too Many Global Admins
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Sep 11, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
VMMap Signed Dbghelp.DLL Potential Sideloading
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Unsigned Dbghelp.DLL Potential Sideloading
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Activity
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Unfamiliar Sign-In Properties
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Network Connections Where There Should Not Be (Notepad)
calendar
Sep 1, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious 'Admin' Local User Creation with Net Command
calendar
Sep 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1136.001
attack.t1136
attack.t1078
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 28, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.credential_access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Sysadminctl
calendar
Aug 22, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-21554 QueueJumper Exploitation
calendar
Aug 18, 2023
·
attack.privilege_escalation
attack.execution
cve.2023.21554
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Mfdetours.DLL Sideloading
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using DelegateExecute
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using SilentCleanup Task
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations in Registry
calendar
Aug 17, 2023
·
attack.execution
attack.privilege_escalation
attack.lateral_movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Disable UAC Using Registry
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
ServiceDll Hijack
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Set TimeProviders DllName
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1547.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Printer Driver Empty Manufacturer
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.t1574
cve.2021.1675
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Sdclt
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe
calendar
Aug 7, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Pattern Regex
calendar
Aug 7, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DiagTrackEoP Default Named Pipe
calendar
Aug 7, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koh Default Named Pipe
calendar
Aug 7, 2023
·
attack.privilege_escalation
attack.credential_access
attack.t1528
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
Potential AVKkid.DLL Sideloading
calendar
Aug 3, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential EACore.DLL Sideloading
calendar
Aug 3, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mfdetours.DLL Sideloading
calendar
Aug 3, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Vivaldi_elf.DLL Sideloading
calendar
Aug 3, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Shim Database Persistence via Sdbinst.EXE
calendar
Aug 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerDU.DLL Sideloading
calendar
Jul 24, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerReactivator.DLL Sideloading
calendar
Jul 20, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Explorer UAC Bypass Via /NOUACCHECK Parameter
calendar
Jul 17, 2023
·
attack.privilege_escalation
attack.T1548.002
·
Share on:
twitter
facebook
linkedin
copy
Potential appverifUI.DLL Sideloading
calendar
Jul 13, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Via Wsreset
calendar
Jun 21, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
APT PRIVATELOG Image Load Pattern
calendar
Jun 20, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting CVE-2019-1388
calendar
Jun 20, 2023
·
attack.privilege_escalation
attack.t1068
cve.2019.1388
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting SetupComplete.cmd CVE-2019-1378
calendar
Jun 20, 2023
·
attack.privilege_escalation
attack.t1068
attack.execution
attack.t1059.003
attack.t1574
cve.2019.1378
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit File Created
calendar
Jun 20, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential BearLPE Exploitation
calendar
Jun 20, 2023
·
attack.privilege_escalation
attack.t1053.005
car.2013-08-001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Dridex Activity
calendar
Jun 20, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
attack.discovery
attack.t1135
attack.t1033
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SystemNightmare Exploitation Attempt
calendar
Jun 20, 2023
·
attack.privilege_escalation
attack.t1068
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
SOURGUM Actor Behaviours
calendar
Jun 20, 2023
·
attack.t1546
attack.t1546.015
attack.persistence
attack.privilege_escalation
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RazerInstaller Explorer Subprocess
calendar
Jun 20, 2023
·
attack.privilege_escalation
attack.t1553
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Waveedit.DLL Sideloading
calendar
Jun 15, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unmet WHQL Requirements For Loaded Kernel Module
calendar
Jun 14, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Driver Load With Revoked Certificate
calendar
Jun 13, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Image Load With Revoked Certificate
calendar
Jun 13, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Disallowed File For Protected Processes Has Been Blocked
calendar
Jun 13, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Revoked Image Loaded
calendar
Jun 13, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Revoked Kernel Driver Loaded
calendar
Jun 13, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unsigned Image Loaded
calendar
Jun 13, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unsigned Kernel Module Loaded
calendar
Jun 13, 2023
·
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Edputil.DLL Sideloading
calendar
Jun 11, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential 7za.DLL Sideloading
calendar
Jun 11, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Default Location
calendar
Jun 11, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Non-Default Location
calendar
Jun 11, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Image/Driver Load For Policy Violation
calendar
Jun 9, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Jun 5, 2023
·
attack.privilege_escalation
attack.persistence
attack.defense_evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Potential SmadHook.DLL Sideloading
calendar
Jun 2, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Goopdate.DLL Sideloading
calendar
May 20, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation
calendar
May 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation By Uncommon Process
calendar
May 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Kernel Memory Dump File Created
calendar
May 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Windows Kernel Debugger Execution
calendar
May 17, 2023
·
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential RoboForm.DLL Sideloading
calendar
May 15, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Chrome Frame Helper DLL Sideloading
calendar
May 15, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Wazuh Security Platform DLL Sideloading
calendar
May 15, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Remote Execution File Artefact
calendar
May 15, 2023
·
attack.lateral_movement
attack.privilege_escalation
attack.execution
attack.persistence
attack.t1136.002
attack.t1543.003
attack.t1570
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Driver Load
calendar
May 15, 2023
·
attack.privilege_escalation
cve.2021.21551
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Driver Load
calendar
May 15, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Find Binary Searching for Executables with Setuid or Setguid Bit (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Gamarue DLL Filename (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Injecting Into Anything (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Process Executing Sans Command Line (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connections (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Libcurl.DLL Via GUP.EXE
calendar
May 9, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PowerShell User Profile Using Add-Content
calendar
May 9, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of SQL Server
calendar
May 9, 2023
·
attack.t1505.003
attack.t1190
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Veeam Dabatase
calendar
May 9, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential SolidPDFCreator.DLL Sideloading
calendar
May 8, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Process Explorer Driver Creation By Non-Sysinternals Binary
calendar
May 5, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Process Monitor Driver Creation By Non-Sysinternals Binary
calendar
May 5, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGCORE.DLL
calendar
May 5, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGHELP.DLL
calendar
May 5, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Standard User In High Privileged Group
calendar
May 5, 2023
·
attack.credential_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Remote WMI ActiveScriptEventConsumers
calendar
May 2, 2023
·
attack.lateral_movement
attack.privilege_escalation
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-3156 Exploitation Attempt
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1068
cve.2021.3156
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-3156 Exploitation Attempt Bruteforcing
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1068
cve.2021.3156
·
Share on:
twitter
facebook
linkedin
copy
Detection of Possible Rotten Potato
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1134
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Disabled Users Failing To Authenticate From Source Using Kerberos
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Failed Logins with Different Accounts from Single Source System
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Failed NTLM Logins with Different Accounts from Single Source System
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Invalid Users Failing To Authenticate From Single Source Using NTLM
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Invalid Users Failing To Authenticate From Source Using Kerberos
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Malicious Service Installations
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1003
attack.t1035
attack.t1050
car.2013-09-005
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
MSI Spawned Cmd and Powershell Spawned Processes
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Multiple Users Failing to Authenticate from Single Process
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Multiple Users Remotely Failing To Authenticate From Single Source
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Password Spraying via Explicit Credentials
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Valid Users Failing to Authenticate From Single Source Using Kerberos
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Valid Users Failing to Authenticate from Single Source Using NTLM
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Windows Kernel and 3rd-Party Drivers Exploits Token Stealing
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Potential Libvlc.DLL Sideloading
calendar
Apr 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - System
calendar
Apr 14, 2023
·
attack.execution
attack.privilege_escalation
attack.lateral_movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
ProcessHacker Privilege Elevation
calendar
Apr 14, 2023
·
attack.execution
attack.privilege_escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Service Installation with Suspicious Folder Pattern
calendar
Apr 14, 2023
·
attack.persistence
attack.privilege_escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Netlogon Secure Channel Connection Allowed
calendar
Apr 14, 2023
·
attack.privilege_escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Potential Iviewers.DLL Sideloading
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Rcdll.DLL Sideloading
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Apr 11, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated Windows Installer
calendar
Apr 3, 2023
·
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Aruba Network Service Potential DLL Sideloading
calendar
Mar 15, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office DLL Sideload
calendar
Mar 15, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted/Disabled
calendar
Mar 14, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Antivirus Software DLL Sideloading
calendar
Mar 13, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Interactive AT Job
calendar
Mar 10, 2023
·
attack.privilege_escalation
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Execution
calendar
Mar 7, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Default PowerSploit/Empire Scheduled Task Creation
calendar
Mar 7, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.s0111
attack.g0022
attack.g0060
car.2013-08-001
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sticky Key Backdoor
calendar
Mar 7, 2023
·
attack.t1546.008
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Meterpreter/CobaltStrike Activity
calendar
Mar 5, 2023
·
attack.privilege_escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Service Permissions Weakness
calendar
Mar 5, 2023
·
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Created as System
calendar
Mar 5, 2023
·
attack.privilege_escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Debugger Registration Cmdline
calendar
Mar 5, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious NTLM Authentication on the Printer Spooler Service
calendar
Mar 2, 2023
·
attack.privilege_escalation
attack.credential_access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Security Privileges Enumeration Via Whoami.EXE
calendar
Feb 28, 2023
·
attack.privilege_escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Service Security Descriptor Tampering Via Sc.EXE
calendar
Feb 28, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Whoami.EXE Execution From Privileged Process
calendar
Feb 28, 2023
·
attack.privilege_escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
User Added to Local Administrators
calendar
Feb 27, 2023
·
attack.privilege_escalation
attack.t1078
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire PowerShell UAC Bypass
calendar
Feb 21, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using PowerShell
calendar
Feb 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using Sc.EXE
calendar
Feb 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Regedit as Trusted Installer
calendar
Feb 21, 2023
·
attack.privilege_escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Path Modification
calendar
Feb 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Feb 20, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574
cve.2021.1675
·
Share on:
twitter
facebook
linkedin
copy
Powerup Write Hijack DLL
calendar
Feb 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LocalPotato Execution
calendar
Feb 14, 2023
·
attack.defense_evasion
attack.privilege_escalation
cve.2023.21746
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Feb 14, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential UAC Bypass Via Sdclt.EXE
calendar
Feb 14, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Wsudo Suspicious Execution
calendar
Feb 13, 2023
·
attack.execution
attack.privilege_escalation
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Tools Using ComputerDefaults
calendar
Feb 13, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Event Viewer RecentViews
calendar
Feb 13, 2023
·
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Registered COM Objects
calendar
Feb 9, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impersonate Execution
calendar
Feb 8, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
SCM Database Privileged Operation
calendar
Feb 7, 2023
·
attack.privilege_escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Sdclt Child Processes
calendar
Feb 7, 2023
·
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Buffer Overflow Attempts
calendar
Feb 1, 2023
·
attack.t1068
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - Security
calendar
Feb 1, 2023
·
attack.execution
attack.privilege_escalation
attack.lateral_movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Code Injection by ld.so Preload
calendar
Feb 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1574.006
·
Share on:
twitter
facebook
linkedin
copy
Malicious Service Installations
calendar
Feb 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1003
car.2013-09-005
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Possible Coin Miner CPU Priority Param
calendar
Feb 1, 2023
·
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ShellCode
calendar
Feb 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Shell Open Registry Keys Manipulation
calendar
Feb 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Driver Load from Temp
calendar
Feb 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - File
calendar
Feb 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Process
calendar
Feb 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using .NET Code Profiler on MMC
calendar
Feb 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using ChangePK and SLUI
calendar
Feb 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy