UAC Bypass Using Event Viewer RecentViews

Rule Info

Name
UAC Bypass Using Event Viewer RecentViews
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the pattern of UAC Bypass using Event Viewer RecentViews
Reference
https://twitter.com/orange_8361/status/1518970259868626944
Date
2022-11-22 00:00:00
Modified
None
Id
30fc8de7-d833-40c4-96b6-28319fbc4f6c
Tags
attack.defense_evasion attack.privilege_escalation DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=30fc8de7-d833-40c4-96b6-28319fbc4f6c

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
feat: updates and enhancements
2023-02-14
27aac9763
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
feat: general fixes
2022-11-22
b6dce4b6a
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022