#uacbypass — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #uacbypass, aggregated by home.social.
-
Happy Friday everyone!
I don't know how I missed the beginning of this series by Elastic and their security researchers but I did, I jumped straight into part three without realizing it! So, I had to stop and backpedal. So if you are like me, here is the first installment of their series on the #REMCOS #RAT. They take you through the process of analyzing it and provide #TTPs and behaviors. One that really sticks out is the #UACBypass and the COM objects that are involved.
To leave you empty handed would be an insult to the researchers work and to you as a threat hunter! So, take this with you in the face of danger! It is a Cyborg Security Community Edition (free for you) Hunt Packaged designed to identify when COM Objects that have a higher integrity level are abused and called for malicious purposes, in this case, to bypass the user account control mechanism in Windows! Enjoy and Happy Hunting!
UAC Bypass Attempt via Elevated COM Abuse
https://hunter.cyborgsecurity.io/research/hunt-package/03036b01-dc04-4cd1-9388-bd62e1b0ff2dArticle Source:
https://www.elastic.co/security-labs/dissecting-remcos-rat-part-one#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting