Abuse Elevation Control Mechanism
Adversaries may circumvent mechanisms designed to control privilege elevation to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk.(Citation: TechNet How UAC Works)(Citation: sudo man page 2018) An adversary can perform several methods to take advantage of built-in...
BY SOURCE
PROCEDURES (49)
Auto-extracted: 12 detections for privilege
Auto-extracted: 9 detections for bypass
Auto-extracted: 6 detections for general monitoring
Auto-extracted: 5 detections for privilege
Auto-extracted: 4 detections for lateral
Auto-extracted: 3 detections for suspicious
Auto-extracted: 3 detections for persist
Auto-extracted: 3 detections for api
Auto-extracted: 3 detections for container
Auto-extracted: 3 detections for unusual
Auto-extracted: 3 detections for unusual
Auto-extracted: 2 detections for registry
Auto-extracted: 2 detections for privilege
Auto-extracted: 2 detections for privilege
Auto-extracted: 2 detections for suspicious
Auto-extracted: 2 detections for service
Auto-extracted: 2 detections for inject
Auto-extracted: 2 detections for exfiltrat
Auto-extracted: 2 detections for cloud
Auto-extracted: 2 detections for network connection monitoring
Auto-extracted: 2 detections for aws
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for authentication monitoring
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for container
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for file monitoring
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for c2
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for child process
Auto-extracted: 1 detections for registry monitoring
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for child process
Auto-extracted: 1 detections for cloud monitoring
Auto-extracted: 1 detections for process creation monitoring
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for c2
Auto-extracted: 1 detections for parent process
Auto-extracted: 1 detections for authentication monitoring