open-menu
closeme
WPAD Service Exploit
calendar
Apr 16, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Assume Role Policy Update
calendar
Apr 16, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS STS
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Root Login Without MFA
calendar
Apr 16, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Route53
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Security Token Service (STS) AssumeRole Usage
calendar
Apr 16, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS STS
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetSessionToken Abuse
calendar
Apr 16, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS STS
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of an Unquoted Service Path Vulnerability
calendar
Apr 16, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
New or Modified Federation Domain
calendar
Apr 2, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Account Discovery Command via SYSTEM Account
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via Event Viewer
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Component Object Model Hijacking
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Defense Evasion
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Suspicious Parent Process
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Tactic: Defense Evasion
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Creation or Modification of a new GPO Scheduled Task or Service
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Disabling User Account Control via Registry Modification
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Expired or Revoked Driver Loaded
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Driver Loaded
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Parent Process PID Spoofing
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via PowerShell profile
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Persistence via TelemetryController Scheduled Task Hijack
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Update Orchestrator Service Hijack
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Use Case: Vulnerability
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential LSA Authentication Package Abuse
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence via Time Provider Modification
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Potential Port Monitor or Print Processor Registration Abuse
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via InstallerFileTakeOver
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Named Pipe Impersonation
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Windir Environment Variable
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Privileges Elevation via Parent Process PID Spoofing
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Created with a Duplicated Token
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Created with an Elevated Token
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via AppCert DLL
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Service Control Spawned via Script Interpreter
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Tactic: Execution
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DLL Loaded for Persistence or Privilege Escalation
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Print Spooler File Deletion
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Print Spooler Point and Print DLL
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Print Spooler SPL File Created
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrintSpooler Service Executable File Creation
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WerFault Child Process
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Attempt via Elevated COM Internet Explorer Add-On Installer
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Attempt via Privileged IFileOperation COM Interface
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Attempt via Windows Directory Masquerading
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Attempt with IEditionUpgradeManager Elevated COM Interface
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via DiskCleanup Scheduled Task Hijack
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via ICMLuaUtil Elevated COM Interface
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Windows Firewall Snap-In Hijack
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent-Child Relationship
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Unusual Print Spooler Child Process
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Unusual Service Host Child Process - Childless Service
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script with Token Impersonation Capabilities
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Rogue Named Pipe Impersonation
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Process Injection by the Microsoft Build Engine
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Privilege Escalation
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Kernel Load or Unload via Kexec Detected
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Defend
Data Source: Elastic Endgame
Data Source: Auditd Manager
·
Share on:
twitter
facebook
linkedin
copy
Potential Chroot Container Escape via Mount
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Domain: Container
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Container Misconfiguration
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Domain: Container
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via CVE-2023-4911
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Enlightenment
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via OverlayFS
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Python cap_setuid
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Recently Compiled Executable
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via UID INT_MAX Bug Detected
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
Data Source: Elastic Endgame
·
Share on:
twitter
facebook
linkedin
copy
Potential Shell via Wildcard Injection Detected
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Sudo Privilege Escalation via CVE-2019-14287
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
Use Case: Vulnerability
Data Source: Elastic Endgame
Data Source: Auditd Manager
·
Share on:
twitter
facebook
linkedin
copy
Potential Sudo Token Manipulation via Process Injection
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious DebugFS Root Device Access
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Unauthorized Access via Wildcard Injection Detected
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Auditd Manager
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via CAP_CHOWN/CAP_FOWNER Capabilities
calendar
Mar 13, 2024
·
Data Source: Auditd Manager
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via CAP_SETUID/SETGID Capabilities
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via GDB CAP_SYS_PTRACE
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Root Network Connection via GDB CAP_SYS_PTRACE
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Execution
Tactic: Command and Control
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection via Sudo Binary
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
Data Source: Elastic Endgame
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Symbolic Link Created
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Access to a Sensitive LDAP Attribute
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Privilege Escalation
Use Case: Active Directory Monitoring
Data Source: Active Directory
·
Share on:
twitter
facebook
linkedin
copy
Apple Scripting Execution with Administrator Privileges
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Cron Job Created or Changed by Previously Unknown Process
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution with Explicit Credentials via Scripting
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
FirstTime Seen Account Performing DCSync
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Privilege Escalation
Use Case: Active Directory Monitoring
Data Source: Active Directory
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Group Policy Abuse for Privilege Addition
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
Interactive Logon by an Unusual Process
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Pre-authentication Disabled for User
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Defense Evasion
Tactic: Privilege Escalation
Resources: Investigation Guide
Use Case: Active Directory Monitoring
Data Source: Active Directory
·
Share on:
twitter
facebook
linkedin
copy
Modification of Dynamic Linker Preload Shared Object
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of the msPKIAccountCredentials
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Data Source: Active Directory
Tactic: Privilege Escalation
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
Namespace Manipulation Using Unshare
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
New Systemd Service Created by Previously Unknown Process
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Admin Group Account Addition
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Buffer Overflow Attack Detected
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Initial Access
Use Case: Vulnerability
Rule Type: Higher-Order Rule
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via DCSync
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Privilege Escalation
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
Potential Privacy Control Bypass via Localhost Secure Copy
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation through Writable Docker Socket
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Domain: Container
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Linux DAC permissions
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via PKEXEC
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privileged Escalation via SamAccountName Spoofing
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Use Case: Active Directory Monitoring
Data Source: Active Directory
Use Case: Vulnerability
·
Share on:
twitter
facebook
linkedin
copy
Potential Shadow File Read via Command Line Utilities
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Sudo Hijacking Detected
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Root Crontab File Modification
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Creation via Secondary Logon
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Execution at Scale via GPO
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Lateral Movement
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
SeDebugPrivilege Enabled by a Suspicious Process
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Startup/Logon Script added to Group Policy Object
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
SUID/SGUID Enumeration Detected
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process of Adobe Acrobat Reader Update Service
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Kworker UID Elevation
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Defend
Data Source: Elastic Endgame
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Passwd File Event Action
calendar
Mar 11, 2024
·
Data Source: Auditd Manager
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Windows Service Installed via an Unusual Client
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
UID Elevation from Previously Unknown Executable
calendar
Mar 7, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious File Edit
calendar
Mar 6, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen NewCredentials Logon Process
calendar
Feb 20, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Credential Manipulation - Detected - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Credential Manipulation - Prevented - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Exploit - Detected - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Exploit - Prevented - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Permission Theft - Detected - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Permission Theft - Prevented - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Process Injection - Detected - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Process Injection - Prevented - Elastic Endgame
calendar
Jan 17, 2024
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Sudo Heap-Based Buffer Overflow Attempt
calendar
Jan 17, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Sudoers File Modification
calendar
Jan 8, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
File System Debugger Launched Inside a Privileged Container
calendar
Jan 5, 2024
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Mount Launched Inside a Privileged Container
calendar
Jan 5, 2024
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Container Escape via Modified notify_on_release File
calendar
Jan 5, 2024
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Container Escape via Modified release_agent File
calendar
Jan 5, 2024
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Potential Process Injection via LD_PRELOAD Environment Variable
calendar
Oct 23, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Sudoers File Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Setuid / Setgid Bit Set via chmod
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Unusual Sudo Activity
calendar
Aug 22, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Unusual Windows User Privilege Elevation Activity
calendar
Aug 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Remote Computer Account DnsHostName Update
calendar
Aug 21, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Active Directory Monitoring
Data Source: Active Directory
Use Case: Vulnerability
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Rolebindings Created
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
CyberArk Privileged Access Security Error
calendar
Jun 22, 2023
·
Data Source: CyberArk PAS
Use Case: Log Auditing
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
CyberArk Privileged Access Security Recommended Monitor
calendar
Jun 22, 2023
·
Data Source: CyberArk PAS
Use Case: Log Auditing
Use Case: Threat Detection
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Container Created with Excessive Linux Capabilities
calendar
Jun 22, 2023
·
Data Source: Kubernetes
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Pod created with a Sensitive hostPath Volume
calendar
Jun 22, 2023
·
Data Source: Kubernetes
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Pod Created With HostIPC
calendar
Jun 22, 2023
·
Data Source: Kubernetes
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Pod Created With HostNetwork
calendar
Jun 22, 2023
·
Data Source: Kubernetes
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Pod Created With HostPID
calendar
Jun 22, 2023
·
Data Source: Kubernetes
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Privileged Pod Created
calendar
Jun 22, 2023
·
Data Source: Kubernetes
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Suspicious Assignment of Controller Service Account
calendar
Jun 22, 2023
·
Data Source: Kubernetes
Tactic: Execution
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Service Creation via Local Kerberos Authentication
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Use Case: Active Directory Monitoring
Data Source: Active Directory
·
Share on:
twitter
facebook
linkedin
copy
to-top