public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-25 22:39:27 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1 from wokis/wsreset-defender-detection

Browse Source 
Update Wsreset.yml
This commit is contained in:
wokis 2021-01-20 14:47:52 +01:00 committed by GitHub
commit 93ced0b798
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
yml/OSBinaries/Wsreset.yml
View File

@ -19,6 +19,7 @@ Code Sample:
Detection:
- IOC: wsreset.exe launching child process other than mmc.exe
- IOC: Creation or modification of the registry value HKCU\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command
- IOC: Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
Resources:
- Link: https://www.activecyber.us/activelabs/windows-uac-bypass
- Link: https://twitter.com/ihack4falafel/status/1106644790114947073