public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-10-22 16:49:11 +02:00
Code Issues Projects Releases Wiki Activity

Adding USN deletion that @bohops mentioned in #148 notes

Browse Source
This commit is contained in:
Conor Richard 2022-09-17 08:01:53 -04:00 committed by GitHub
parent e878c66e6f
commit 2759dd0565
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
yml/OSBinaries/fsutil.yml
View File

@ -11,6 +11,13 @@ Commands:
Privileges: User
MitreID: T1485
OperatingSystem: Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: fsutil.exe usn deletejournal /d c:
Description: Delete the USN journal volume to hide file creation activity
Usecase: Can be used to hide file creation activity
Category: Tamper
Privileges: User
MitreID: T1485
OperatingSystem: Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path:
- Path: C:\Windows\System32\fsutil.exe
- Path: C:\Windows\SysWOW64\fsutil.exe
@ -20,3 +27,5 @@ Detection:
Acknowledgement:
- Person: Elliot Killick
Handle: '@elliotkillick'
- Person: Jimmy
Handle: '@bohops'