From d506b2f5fbdcc0978c5c3f7530cedb6faed9d515 Mon Sep 17 00:00:00 2001 From: Wietze Date: Wed, 25 Sep 2024 23:21:55 +0100 Subject: [PATCH] Update ComputerDefaults.yml --- yml/OSBinaries/ComputerDefaults.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yml/OSBinaries/ComputerDefaults.yml b/yml/OSBinaries/ComputerDefaults.yml index 216093e..0b1098b 100644 --- a/yml/OSBinaries/ComputerDefaults.yml +++ b/yml/OSBinaries/ComputerDefaults.yml @@ -7,7 +7,7 @@ Commands: - Command: ComputerDefaults.exe Description: Upon execution, ComputerDefaults.exe checks two registry values at HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\open\command; if these are set by an attacker, the set command will be executed as a high-integrity process without a UAC prompt being displayed to the user. See 'resources' for which registry keys/values to set. Usecase: Execute a binary or script as a high-integrity process without a UAC prompt. - Category: UAC bypass + Category: UAC Bypass Privileges: User MitreID: T1548.002 OperatingSystem: Windows 10, Windows 11