У нас вы можете посмотреть бесплатно Threat Hunt Deep Dives Ep. 7 - User Account Control Bypass via Registry Modification или скачать в максимальном доступном качестве, которое было загружено на ютуб. Для скачивания выберите вариант из формы ниже:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса savevideohd.ru
Welcome to Threat Hunt Deep Dives, Episode 7! Today we are looking at the Registry Key Modification method, one that abuses registry keys by creating or modifying values that some trusted Windows executables look for during their process execution. Join us as we put this method under the microscope. Cyborg Security is changing the Threat Hunting game, check us out at: https://www.cyborgsecurity.com/ / cyborgsecinc / cyborg-security *Resources: Technical Blogs: https://pentestlab.blog/2017/06/09/ua... https://www.fireeye.com/blog/threat-r... https://www.fortinet.com/blog/threat-... Blogs: https://www.bleepingcomputer.com/news... https://cqureacademy.com/cqure-labs/c... *Information: https://attack.mitre.org/techniques/T... https://docs.microsoft.com/en-us/wind... https://www.maketecheasier.com/enable... https://www.neuber.com/taskmanager/pr... https://docs.microsoft.com/en-us/sysi... *Sample Queries: Process Create: (EventCode=4688 (WineventLog) OR EventCode=1 (Sysmon)) AND (RegistryKeyPath="Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command" OR RegistryKeyPath="Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe") Registry Key Modification: EventCode=4657 (WineventLog) OR EventCode=13 (Sysmon) AND (RegistryKeyPath="Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command" OR RegistryKeyPath="Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe") Powershell Script Logging: EventCode=4104 (Powershell Logging) AND (RegistryKeyPath="Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command" OR RegistryKeyPath="Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe") Chapters: Intro: 0:00 Overview: 0:33 Emulation: 7:44 Hunt: 19:53