UAC Bypass Using Event Viewer RecentViews

Rule Info

Id
30fc8de7-d833-40c4-96b6-28319fbc4f6c
Author
Nasreddine Bencherchali
Name
UAC Bypass Using Event Viewer RecentViews
Tags
attack.defense_evasion DEMO attack.privilege_escalation
Date
2022-11-22 00:00:00
Modified
None
Description
Detects the pattern of UAC Bypass using Event Viewer RecentViews
Type
Community Rule

Rule History

Author
Date
Commit
Title
Nasreddine Bencherchali
2022-11-22
feat: general fixes