← Back to Explore
T1574.009
Path Interception by Unquoted Path
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references. Adversaries can take advantage of paths that lack surrounding quotations by placing an executable in a higher level directory within the path, so that Windows will choose the adversary's executable to launch. Service paths (Citation: Microsoft CurrentControlSet Services) and shortcut paths may also be vulnerable to path interception if the path has one or more spaces and is not surrounded by quota...
Windows
2
Detections
2
Sources
0
Threat Actors
BY SOURCE
1elastic1splunk_escu
PROCEDURES (2)
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring