Skip to content

Commit

Permalink
Merge pull request #864 from nterl0k/nterl0k-T1548.002-uac-behaviors
Browse files Browse the repository at this point in the history 
Nterl0k - T1548.002 UAC Behaviors Data
  • Loading branch information
@patel-bhavin
patel-bhavin committed Dec 21, 2023
2 parents 738ef10 + 1a786d2 commit bb0f516
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
14 changes: 14 additions & 0 deletions datasets/attack_techniques/T1548.002/uac_behavior/uac_behavior.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
author: Steven Dick
id: 0fe95fd6-68cf-41de-9e05-26547ce1e08a
date: '2023-11-20'
description: 'Detection of common User Account Control bypass techniques, generated using Atomic Tests for T1548.002'
environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1548.002/uac_behavior/uac_behavior_sysmon.log
sourcetypes:
- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
references:
- https://attack.mitre.org/techniques/T1548/002/
- https://atomicredteam.io/defense-evasion/T1548.002/
- https://hadess.io/user-account-control-uncontrol-mastering-the-art-of-bypassing-windows-uac/
- https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1548.002/uac_behavior/uac_behavior_sysmon.log
View file
Git LFS file not shown

0 comments on commit bb0f516

Please sign in to comment.