Mirrors/keyboardcrunch-sentinelone-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/sentinelone-queries synced 2026-06-11 02:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed tactic from titles

Browse Source
This commit is contained in:
keyboardcrunch
2020-12-06 00:34:46 -06:00
parent 4d6ac236bc
commit bc3557a4ea
5 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
queries/windows/bypass_user_access_control.yml
+2 -2
View File
@@ -1,4 +1,4 @@
title: T1548.002 Bypass User Access Control
title: Bypass User Access Control
description: Detection of UAC bypass through tampering with Shell Open for .ms-settings
or .msc file types. Also includes detection for CMSTPLUA COM interface abuse by GUID.
author: keyboardcrunch
@@ -7,7 +7,7 @@ modified: 05/12/2020
mitre:
tactic: Defense Evasion, Privilege Escalation
technique: T1548
subtechnique: 008
subtechnique: 002
operating_system: windows
query: (SrcProcCmdLine ContainsCIS "ms-settings\shell\open\command" OR SrcProcCmdLine
ContainsCIS "mscfile\shell\open\command") OR (TgtProcDisplayName = "COM Surrogate"