public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-10-23 00:58:42 +02:00
Code Issues Projects Releases Wiki Activity

Update Eventvwr.yml

Browse Source 
Category change
This commit is contained in:
Oddvar Moe 2018-12-12 12:45:05 +01:00 committed by GitHub
parent fd44373927
commit 7addc14d7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSBinaries/Eventvwr.yml
View File

@ -7,7 +7,7 @@ Commands:
- Command: eventvwr.exe - Command: eventvwr.exe
Description: During startup, eventvwr.exe checks the registry value HKCU\Software\Classes\mscfile\shell\open\command for the location of mmc.exe, which is used to open the eventvwr.msc saved console file. If the location of another binary or script is added to this registry value, it will be executed as a high-integrity process without a UAC prompt being displayed to the user. Description: During startup, eventvwr.exe checks the registry value HKCU\Software\Classes\mscfile\shell\open\command for the location of mmc.exe, which is used to open the eventvwr.msc saved console file. If the location of another binary or script is added to this registry value, it will be executed as a high-integrity process without a UAC prompt being displayed to the user.
Usecase: Execute a binary or script as a high-integrity process without a UAC prompt. Usecase: Execute a binary or script as a high-integrity process without a UAC prompt.
Category: Bypass User Account Control Category: UAC bypass
Privileges: User Privileges: User
MitreID: T1088 MitreID: T1088
MitreLink: https://attack.mitre.org/wiki/Technique/T1088 MitreLink: https://attack.mitre.org/wiki/Technique/T1088