Rule Info
Name
Group Policy Abuse for Privilege Addition
Author
Elastic, Josh Nickels, Marius Rothenbücher
Description
Detects the first occurrence of a modification to Group Policy Object Attributes to add privileges to user accounts or use them to add users as local admins.
Date
2024-09-04 00:00:00
Modified
None
Id
1c480e10-7ee1-46d4-8ed2-85f9789e3ce4
Tags
attack.privilege-escalation attack.t1484.001
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Josh
Merge PR #4999 from @joshnck - Add `Group Policy Abuse for Privilege Addition`
2024-09-06