public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity

minor changes to Eventvwr

Browse Source
This commit is contained in:
Oddvar Moe 2018-12-12 12:50:27 +01:00
parent d827dfba1f
commit aba9538581
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
yml/OSBinaries/Eventvwr.yml
View File

@ -12,7 +12,7 @@ Commands:
MitreID: T1088 MitreID: T1088
MitreLink: https://attack.mitre.org/wiki/Technique/T1088 MitreLink: https://attack.mitre.org/wiki/Technique/T1088
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full Path: Full_Path:
- Path: C:\Windows\System32\eventvwr.exe - Path: C:\Windows\System32\eventvwr.exe
- Path: C:\Windows\SysWOW64\eventvwr.exe - Path: C:\Windows\SysWOW64\eventvwr.exe
Code Sample: Code Sample:
@ -22,6 +22,7 @@ Detection:
- IOC: Creation or modification of the registry value HKCU\Software\Classes\mscfile\shell\open\command - IOC: Creation or modification of the registry value HKCU\Software\Classes\mscfile\shell\open\command
Resources: Resources:
- Link: https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ - Link: https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
- Link: https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-EventVwrBypass.ps1
Acknowledgement: Acknowledgement:
- Person: Matt Nelson - Person: Matt Nelson
Handle: '@enigma0x3' Handle: '@enigma0x3'