public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 02:29:34 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1 from wokis/wsreset-defender-detection

Browse Source 
Update Wsreset.yml
This commit is contained in:
wokis
2021-01-20 14:47:52 +01:00
committed by GitHub
parent d15172284a 00935f154e
commit 93ced0b798
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
yml/OSBinaries/Wsreset.yml
View File

@@ -19,6 +19,7 @@ Code Sample:
Detection:
- IOC: wsreset.exe launching child process other than mmc.exe
- IOC: Creation or modification of the registry value HKCU\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command
- IOC: Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
Resources:
- Link: https://www.activecyber.us/activelabs/windows-uac-bypass
- Link: https://twitter.com/ihack4falafel/status/1106644790114947073