mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-27 07:18:05 +01:00
Update Auditpol.yml
This commit is contained in:
M-khalifa1
GitHub
parent
bbb3ec045d
commit
4f1e368b90
@ -1,10 +1,10 @@
|
|||||||
---
|
---
|
||||||
Name: Auditpol.exe
|
Name: Auditpol.exe
|
||||||
Description: a command-line tool that allows users to query and set audit policies on Windows systems.
|
Description: a command-line tool that allows users to query and set audit policies on Windows systems.
|
||||||
Author: Mahmoud Khalifa
|
Author: 'Mahmoud Khalifa'
|
||||||
Created: 2024-2-24
|
Created: 2024-2-24
|
||||||
Commands:
|
Commands:
|
||||||
Command: auditpol /set /subcategory:"System Integrity" /success:disable /failure:disable
|
- Command: auditpol /set /subcategory:"System Integrity" /success:disable /failure:disable
|
||||||
Description: Disables auditing for system integrity, which is crucial for monitoring and ensuring the integrity of security features and the operating system.
|
Description: Disables auditing for system integrity, which is crucial for monitoring and ensuring the integrity of security features and the operating system.
|
||||||
Usecase: modify the audit configuration silently and disable or alter important parameters, preventing the creation or recording of Event Logs.
|
Usecase: modify the audit configuration silently and disable or alter important parameters, preventing the creation or recording of Event Logs.
|
||||||
Category: Execute
|
Category: Execute
|
||||||
@ -34,5 +34,4 @@ Resources:
|
|||||||
- Link: https://help.fortinet.com/fsiem/Public_Resource_Access/7_1_1/rules/PH_RULE_Suspicious_Auditpol_Usage.htm
|
- Link: https://help.fortinet.com/fsiem/Public_Resource_Access/7_1_1/rules/PH_RULE_Suspicious_Auditpol_Usage.htm
|
||||||
Acknowledgement:
|
Acknowledgement:
|
||||||
- Person: Mahmoud Khalifa
|
- Person: Mahmoud Khalifa
|
||||||
Handle: N/A
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user