Closed 0xhido closed 3 years ago
References: https://attack.mitre.org/techniques/T1548/
I've wrought 3 scope for detections base on the articles: https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/ https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/
References: https://attack.mitre.org/techniques/T1548/
I've wrought 3 scope for detections base on the articles: https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/ https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/