Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 17:17:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update and rename queries.md to PrivilegeEscalation.md

Browse Source
This commit is contained in:
keyboardcrunch
2020-09-15 22:09:46 -05:00
committed by GitHub
parent 289e26e94d
commit 30a46908af
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
queries.md → PrivilegeEscalation.md
-6
View File
@@ -1,4 +1,3 @@
# Windows Atomic Tests by ATT&CK Tactic & Technique
## Privilege Escalation
### T1053.002 AT Scheduled Task
@@ -222,8 +221,3 @@ Detects Winlogon Helper Dll changes through Registry MetadataIndicator item, as
IndicatorMetadata In Contains Anycase ("Microsoft\Windows NT\CurrentVersion\Winlogon","Microsoft\Windows NT\CurrentVersion\Winlogon\Notify") AND IndicatorMetadata In Contains Anycase ("logon","Userinit","Shell") AND IndicatorMetadata Does Not ContainCIS "WINDOWS\system32\userinit.exe"
```
## Defense Evasion
### T1055.004 Asynchronous Procedure Call
Atomics: [T1055.004]()