← Back to Explore
T1211
Exploitation for Stealth
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components. Adversaries may exploit a system or application vulnerability to avoid detection while maintaining access within an environment. Exploitation occurs when an adversary leverages a programming flaw to execute code in a manner that minimizes visibility or blends in with legitimate activity. Rather than directly disabling defenses, adversaries...
LinuxWindowsmacOSSaaSIaaS
6
Detections
2
Sources
2
Threat Actors
BY SOURCE
4sigma2elastic
PROCEDURES (4)
Suspicious2 detections
Auto-extracted: 2 detections for suspicious
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring
THREAT ACTORS (2)
DETECTIONS (6)
Audit CVE Event
sigmacritical
Microsoft Malware Protection Engine Crash
sigmahigh
Microsoft Malware Protection Engine Crash - WER
sigmahigh
Potential Defense Evasion via PRoot
elastichigh
Unusual Executable File Creation by a System Critical Process
elastichigh
Writing Of Malicious Files To The Fonts Folder
sigmamedium