T1548

https://attack.mitre.org/techniques/T1548/

sigma:
builtin/security/account_management/win_security_susp_privesc_kerberos_relay_over_ldap.yml:    - attack.t1548
builtin/security/win_security_scm_database_privileged_operation.yml:    - attack.t1548
builtin/system/netlogon/win_system_vul_cve_2020_1472.yml:    - attack.t1548
file/file_event/file_event_win_uac_bypass_consent_comctl32.yml:    - attack.t1548.002
file/file_event/file_event_win_uac_bypass_dotnet_profiler.yml:    - attack.t1548.002
file/file_event/file_event_win_uac_bypass_idiagnostic_profile.yml:    - attack.t1548.002
file/file_event/file_event_win_uac_bypass_ieinstal.yml:    - attack.t1548.002
file/file_event/file_event_win_uac_bypass_msconfig_gui.yml:    - attack.t1548.002
file/file_event/file_event_win_uac_bypass_ntfs_reparse_point.yml:    - attack.t1548.002
file/file_event/file_event_win_uac_bypass_winsat.yml:    - attack.t1548.002
file/file_event/file_event_win_uac_bypass_wmp.yml:    - attack.t1548.002
image_load/image_load_uac_bypass_iscsicpl.yml:    - attack.t1548.002
image_load/image_load_uac_bypass_via_dism.yml:    - attack.t1548.002
image_load/image_load_win_trusted_path_bypass.yml:    - attack.t1548.002
powershell/powershell_script/posh_ps_hktl_winpwn.yml:    - attack.t1548.002
process_access/proc_access_win_svchost_credential_dumping.yml:    - attack.t1548
process_access/proc_access_win_uac_bypass_editionupgrademanagerobj.yml:    - attack.t1548.002
process_access/proc_access_win_uac_bypass_wow64_logger.yml:    - attack.t1548.002
process_creation/proc_creation_win_dism_enable_powershell_web_access_feature.yml:    - attack.t1548.002
process_creation/proc_creation_win_eventvwr_susp_child_process.yml:    - attack.t1548.002
process_creation/proc_creation_win_explorer_nouaccheck.yml:    - attack.t1548.002
process_creation/proc_creation_win_hktl_empire_powershell_uac_bypass.yml:    - attack.t1548.002
process_creation/proc_creation_win_hktl_uacme.yml:    - attack.t1548.002
process_creation/proc_creation_win_hktl_winpwn.yml:    - attack.t1548.002
process_creation/proc_creation_win_regedit_trustedinstaller.yml:    - attack.t1548
process_creation/proc_creation_win_sdclt_child_process.yml:    - attack.t1548.002
process_creation/proc_creation_win_susp_abusing_debug_privilege.yml:    - attack.t1548
process_creation/proc_creation_win_susp_always_install_elevated_windows_installer.yml:    - attack.t1548.002
process_creation/proc_creation_win_susp_elavated_msi_spawned_shell.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_changepk_slui.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_cleanmgr.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_cmstp.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_cmstp_com_object_access.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_computerdefaults.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_consent_comctl32.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_dismhost.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_fodhelper.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_hijacking_firwall_snap_in.yml:    - attack.t1548
process_creation/proc_creation_win_uac_bypass_icmluautil.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_idiagnostic_profile.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_ieinstal.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_msconfig_gui.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_ntfs_reparse_point.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_pkgmgr_dism.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_sdclt.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_trustedpath.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_winsat.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_wmp.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_wsreset.yml:    - attack.t1548.002
process_creation/proc_creation_win_uac_bypass_wsreset_integrity_level.yml:    - attack.t1548.002
registry/registry_event/registry_event_bypass_via_wsreset.yml:    - attack.t1548.002
registry/registry_event/registry_event_shell_open_keys_manipulation.yml:    - attack.t1548.002
registry/registry_set/registry_set_bypass_uac_using_delegateexecute.yml:    - attack.t1548.002
registry/registry_set/registry_set_bypass_uac_using_silentcleanup_task.yml:    - attack.t1548.002
registry/registry_set/registry_set_comhijack_sdclt.yml:    - attack.t1548
registry/registry_set/registry_set_uac_bypass_eventvwr.yml:    - attack.t1548.002
registry/registry_set/registry_set_uac_bypass_sdclt.yml:    - attack.t1548.002
registry/registry_set/registry_set_uac_bypass_winsat.yml:    - attack.t1548.002
registry/registry_set/registry_set_uac_bypass_wmp.yml:    - attack.t1548.002
registry/registry_set/registry_set_uac_disable.yml:    - attack.t1548.002
registry/registry_set/registry_set_uac_disable_notification.yml:    - attack.t1548.002
registry/registry_set/registry_set_uac_disable_secure_desktop_prompt.yml:    - attack.t1548.002


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

T1548 #153

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

T1548 #153

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions