← Back to Explore
T1211
Exploitation for Defense Evasion
Adversaries may exploit a system or application vulnerability to bypass security features. Exploitation of a vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Vulnerabilities may exist in defensive security software that can be used to disable or circumvent them. Adversaries may have prior knowledge through reconnaissance that security software exists...
LinuxWindowsmacOSSaaSIaaS
6
Detections
2
Sources
2
Threat Actors
BY SOURCE
4sigma2elastic
PROCEDURES (4)
Suspicious2 detections
Auto-extracted: 2 detections for suspicious
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring
THREAT ACTORS (2)
DETECTIONS (6)
Audit CVE Event
sigmacritical
Microsoft Malware Protection Engine Crash
sigmahigh
Microsoft Malware Protection Engine Crash - WER
sigmahigh
Potential Defense Evasion via PRoot
elastichigh
Unusual Executable File Creation by a System Critical Process
elastichigh
Writing Of Malicious Files To The Fonts Folder
sigmamedium