Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-11 02:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed techniques that can't be queried on

Browse Source
This commit is contained in:
@
2020-09-18 16:47:59 -05:00
parent 37fdd37ff2
commit d373a6c56c
1 changed files with 0 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Persistence.md
-8
View File
@@ -214,14 +214,6 @@ Detection of changes to Security Support Provider through Registry modification.
RegistryKeyPath ContainsCIS "\Control\Lsa\Security Packages" AND (SrcProcName Not In ("services.exe","SetupHost.exe","svchost.exe") AND SrcProcCmdLine Does Not ContainCIS "system32\wsauth.dll") RegistryKeyPath ContainsCIS "\Control\Lsa\Security Packages" AND (SrcProcName Not In ("services.exe","SetupHost.exe","svchost.exe") AND SrcProcCmdLine Does Not ContainCIS "system32\wsauth.dll")
``` ```
### T1574.010 Services File Permissions Weakness
Atomics: [T1574.010](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.010/T1574.010.md)
### T1574.011 Services Registry Permissions Weakness
Atomics: [T1574.011](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md)
### T1547.009 Startup Shortcuts ### T1547.009 Startup Shortcuts
Atomics: [T1547.009](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md) Atomics: [T1547.009](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md)