mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-26 06:49:09 +01:00
minor changes to Eventvwr
This commit is contained in:
parent
d827dfba1f
commit
aba9538581
@ -12,7 +12,7 @@ Commands:
|
|||||||
MitreID: T1088
|
MitreID: T1088
|
||||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1088
|
MitreLink: https://attack.mitre.org/wiki/Technique/T1088
|
||||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||||
Full Path:
|
Full_Path:
|
||||||
- Path: C:\Windows\System32\eventvwr.exe
|
- Path: C:\Windows\System32\eventvwr.exe
|
||||||
- Path: C:\Windows\SysWOW64\eventvwr.exe
|
- Path: C:\Windows\SysWOW64\eventvwr.exe
|
||||||
Code Sample:
|
Code Sample:
|
||||||
@ -22,6 +22,7 @@ Detection:
|
|||||||
- IOC: Creation or modification of the registry value HKCU\Software\Classes\mscfile\shell\open\command
|
- IOC: Creation or modification of the registry value HKCU\Software\Classes\mscfile\shell\open\command
|
||||||
Resources:
|
Resources:
|
||||||
- Link: https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
|
- Link: https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
|
||||||
|
- Link: https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-EventVwrBypass.ps1
|
||||||
Acknowledgement:
|
Acknowledgement:
|
||||||
- Person: Matt Nelson
|
- Person: Matt Nelson
|
||||||
Handle: '@enigma0x3'
|
Handle: '@enigma0x3'
|
||||||
|
Loading…
Reference in New Issue
Block a user