Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-11 02:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update and rename queries.md to PrivilegeEscalation.md

Browse Source
This commit is contained in:
keyboardcrunch
2020-09-15 22:09:46 -05:00
committed by GitHub
parent 289e26e94d
commit 30a46908af
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
queries.md → PrivilegeEscalation.md
-6
View File
@@ -1,4 +1,3 @@
# Windows Atomic Tests by ATT&CK Tactic & Technique
## Privilege Escalation ## Privilege Escalation
### T1053.002 AT Scheduled Task ### T1053.002 AT Scheduled Task
@@ -222,8 +221,3 @@ Detects Winlogon Helper Dll changes through Registry MetadataIndicator item, as
IndicatorMetadata In Contains Anycase ("Microsoft\Windows NT\CurrentVersion\Winlogon","Microsoft\Windows NT\CurrentVersion\Winlogon\Notify") AND IndicatorMetadata In Contains Anycase ("logon","Userinit","Shell") AND IndicatorMetadata Does Not ContainCIS "WINDOWS\system32\userinit.exe" IndicatorMetadata In Contains Anycase ("Microsoft\Windows NT\CurrentVersion\Winlogon","Microsoft\Windows NT\CurrentVersion\Winlogon\Notify") AND IndicatorMetadata In Contains Anycase ("logon","Userinit","Shell") AND IndicatorMetadata Does Not ContainCIS "WINDOWS\system32\userinit.exe"
``` ```
## Defense Evasion
### T1055.004 Asynchronous Procedure Call
Atomics: [T1055.004]()