Mirrors/keyboardcrunch-sentinelone-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/sentinelone-queries synced 2026-06-08 17:07:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e4aae047651c10e6123463ca18906ed61b93736a
keyboardcrunch-sentinelone-…/queries/windows/image_file_execution_options_injection.yml
T

17 lines
582 B
YAML
Raw Blame History

title: Image File Execution Options Injection
description: Detection of Image File Execution Options tampering for persistence through
Registry monitoring.
author: keyboardcrunch
date: 10/10/2020
modified: null
mitre:
tactic: Privilege Escalation, Persistence
technique: T1546
subtechnique: 012
operating_system: windows
query: RegistryKeyPath In Contains Anycase ("CurrentVersion\Image File Execution Options","CurrentVersion\SilentProcessExit")
AND RegistryKeyPath In Contains Anycase ("GlobalFlag","ReportingMode","MonitorProcess")
false_positives: null
tags: null
Reference in New Issue View Git Blame Copy Permalink