mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-27 07:18:05 +01:00
Update Eventvwr.yml
Category change
This commit is contained in:
parent
fd44373927
commit
7addc14d7f
@ -7,7 +7,7 @@ Commands:
|
|||||||
- Command: eventvwr.exe
|
- Command: eventvwr.exe
|
||||||
Description: During startup, eventvwr.exe checks the registry value HKCU\Software\Classes\mscfile\shell\open\command for the location of mmc.exe, which is used to open the eventvwr.msc saved console file. If the location of another binary or script is added to this registry value, it will be executed as a high-integrity process without a UAC prompt being displayed to the user.
|
Description: During startup, eventvwr.exe checks the registry value HKCU\Software\Classes\mscfile\shell\open\command for the location of mmc.exe, which is used to open the eventvwr.msc saved console file. If the location of another binary or script is added to this registry value, it will be executed as a high-integrity process without a UAC prompt being displayed to the user.
|
||||||
Usecase: Execute a binary or script as a high-integrity process without a UAC prompt.
|
Usecase: Execute a binary or script as a high-integrity process without a UAC prompt.
|
||||||
Category: Bypass User Account Control
|
Category: UAC bypass
|
||||||
Privileges: User
|
Privileges: User
|
||||||
MitreID: T1088
|
MitreID: T1088
|
||||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1088
|
MitreLink: https://attack.mitre.org/wiki/Technique/T1088
|
||||||
|
Loading…
Reference in New Issue
Block a user