UAC Bypass Using Event Viewer RecentViews

Rule Info

Id
30fc8de7-d833-40c4-96b6-28319fbc4f6c
Author
Nasreddine Bencherchali
Reference
https://twitter.com/orange_8361/status/1518970259868626944
Name
UAC Bypass Using Event Viewer RecentViews
Tags
attack.defense_evasion DEMO attack.privilege_escalation
Date
2022-11-22 00:00:00
Modified
None
Description
Detects the pattern of UAC Bypass using Event Viewer RecentViews
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=30fc8de7-d833-40c4-96b6-28319fbc4f6c

Rule History

Author
Date
Commit
Title
Nasreddine Bencherchali
2022-11-22
b6dce4b6a
feat: general fixes
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022