EXPLORE
Sign In

EXPLORE DETECTIONS

🔍
All SourcesSigmaSplunk ESCUElasticKQLSublimeCrowdStrike
3,270 detections found

UAC Bypass Using Disk Cleanup

Detects the pattern of UAC Bypass using scheduled tasks and variable expansion of cleanmgr.exe (UACMe 34)

T1548.002
Sigmahigh

UAC Bypass Using DismHost

Detects the pattern of UAC Bypass using DismHost DLL hijacking (UACMe 63)

T1548.002
Sigmahigh

UAC Bypass Using Event Viewer RecentViews

Detects the pattern of UAC Bypass using Event Viewer RecentViews

Sigmahigh

UAC Bypass Using EventVwr

Detects the pattern of a UAC bypass using Windows Event Viewer

Sigmahigh

UAC Bypass Using IDiagnostic Profile

Detects the "IDiagnosticProfileUAC" UAC bypass technique

T1548.002
Sigmahigh

UAC Bypass Using IDiagnostic Profile - File

Detects the creation of a file by "dllhost.exe" in System32 directory part of "IDiagnosticProfileUAC" UAC bypass technique

T1548.002
Sigmahigh

UAC Bypass Using IEInstal - File

Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64)

T1548.002
Sigmahigh

UAC Bypass Using IEInstal - Process

Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64)

T1548.002
Sigmahigh

UAC Bypass Using Iscsicpl - ImageLoad

Detects the "iscsicpl.exe" UAC bypass technique that leverages a DLL Search Order hijacking technique to load a custom DLL's from temp or a any user controlled location in the users %PATH%

T1548.002
Sigmahigh

UAC Bypass Using MSConfig Token Modification - File

Detects the pattern of UAC Bypass using a msconfig GUI hack (UACMe 55)

T1548.002
Sigmahigh

UAC Bypass Using MSConfig Token Modification - Process

Detects the pattern of UAC Bypass using a msconfig GUI hack (UACMe 55)

T1548.002
Sigmahigh

UAC Bypass Using NTFS Reparse Point - File

Detects the pattern of UAC Bypass using NTFS reparse point and wusa.exe DLL hijacking (UACMe 36)

T1548.002
Sigmahigh

UAC Bypass Using NTFS Reparse Point - Process

Detects the pattern of UAC Bypass using NTFS reparse point and wusa.exe DLL hijacking (UACMe 36)

T1548.002
Sigmahigh

UAC Bypass Using PkgMgr and DISM

Detects the pattern of UAC Bypass using pkgmgr.exe and dism.exe (UACMe 23)

T1548.002
Sigmahigh

UAC Bypass Using Windows Media Player - File

Detects the pattern of UAC Bypass using Windows Media Player osksupport.dll (UACMe 32)

T1548.002
Sigmahigh

UAC Bypass Using Windows Media Player - Process

Detects the pattern of UAC Bypass using Windows Media Player osksupport.dll (UACMe 32)

T1548.002
Sigmahigh

UAC Bypass Using Windows Media Player - Registry

Detects the pattern of UAC Bypass using Windows Media Player osksupport.dll (UACMe 32)

T1548.002
Sigmahigh

UAC Bypass Using WOW64 Logger DLL Hijack

Detects the pattern of UAC Bypass using a WoW64 logger DLL hijack (UACMe 30)

T1548.002
Sigmahigh

UAC Bypass via Event Viewer

Detects UAC bypass method using Windows event viewer

T1548.002
Sigmahigh

UAC Bypass via ICMLuaUtil

Detects the pattern of UAC Bypass using ICMLuaUtil Elevated COM interface

T1548.002
Sigmahigh

UAC Bypass via Sdclt

Detects the pattern of UAC Bypass using registry key manipulation of sdclt.exe (e.g. UACMe 53)

T1548.002
Sigmahigh

UAC Bypass via Windows Firewall Snap-In Hijack

Detects attempts to bypass User Account Control (UAC) by hijacking the Microsoft Management Console (MMC) Windows Firewall snap-in

T1548
Sigmamedium

UAC Bypass Via Wsreset

Unfixed method for UAC bypass from Windows 10. WSReset.exe file associated with the Windows Store. It will run a binary file contained in a low-privilege registry.

T1548.002
Sigmahigh

UAC Bypass With Fake DLL

Attempts to load dismcore.dll after dropping it

T1548.002T1574.001
Sigmahigh
PreviousPage 124 of 137Next