attack.t1546.007

New Netsh Helper DLL Registered From A Suspicious Location

Nov 28, 2023 · attack.persistence attack.t1546.007 ·
Share on:

Detects changes to the Netsh registry key to add a new DLL value that is located on a suspicious location. This change might be an indication of a potential persistence attempt by adding a malicious Netsh helper

Read More
Potential Persistence Via Netsh Helper DLL

Nov 28, 2023 · attack.privilege_escalation attack.persistence attack.t1546.007 attack.s0108 ·
Share on:

Detects the execution of netsh with "add helper" flag in order to add a custom helper DLL. This technique can be abused to add a malicious helper DLL that can be used as a persistence proxy that gets called when netsh.exe is executed.

Read More
Potential Persistence Via Netsh Helper DLL - Registry

Nov 28, 2023 · attack.persistence attack.t1546.007 ·
Share on:

Detects changes to the Netsh registry key to add a new DLL value. This change might be an indication of a potential persistence attempt by adding a malicious Netsh helper

Read More
Potential Suspicious Activity Using SeCEdit

Nov 2, 2023 · attack.discovery attack.persistence attack.defense_evasion attack.credential_access attack.privilege_escalation attack.t1562.002 attack.t1547.001 attack.t1505.005 attack.t1556.002 attack.t1562 attack.t1574.007 attack.t1564.002 attack.t1546.008 attack.t1546.007 attack.t1547.014 attack.t1547.010 attack.t1547.002 attack.t1557 attack.t1082 ·
Share on:

Detects potential suspicious behaviour using secedit.exe. Such as exporting or modifying the security policy

Read More

New Netsh Helper DLL Registered From A Suspicious Location

Potential Persistence Via Netsh Helper DLL

Potential Persistence Via Netsh Helper DLL - Registry

Potential Suspicious Activity Using SeCEdit