Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query looks for persistence or priviledge escalation done using Windows Accessibility features. It covers some of the techniques that could be used to utilize these features for malicious purposes,. Including attaching a debugger using a registry config or overwriting these files. Note: some developers might use such hacks for all sort of troubleshooting and testing purposes,. But this better be prohibited, as it allows any account with access to the machine to run processes as SYSTEM. Read
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | a5649d8b-e54b-4e2b-925a-106bf838d69c |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceFileEvents |
✓ | ✗ | ? |
DeviceProcessEvents |
✓ | ✗ | ? |
DeviceRegistryEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊