Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence.<\/p>\n\n\n\n
T1218.010 \u2013 Signed Binary Proxy Execution: Regsvr32<\/code><\/pre>\n\n\n\n
Regsvr32.exe is a Microsoft signed command-line program, which is used to register and unregister object linking and embedding controls, such as dynamic link libraries (DLLs), on Windows machines.<\/p>\n\n\n\n
This technique aims to get a list of installed security software or defensive programs, available on a system or in a cloud environment. The results obtained can be used to shape subsequent attacks.<\/p>\n\n\n\n
T1548.002 \u2013 Abuse Elevation Control Mechanism: Bypass User Account Control<\/code><\/pre>\n\n\n\n
An attacker may bypass User Access Control (UAC) mechanisms to escalate privileges on the system.<\/p>\n\n\n\n
Adversaries may execute their own malicious payloads by side-loading DLLs. This technique involves hijacking a DLL that a legitimate application loads.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Example of SIEM Dashboard MITRE ATT&CK<\/strong><\/p>\n\n\n\n
MITRE ATT&CK techniques The following MITRE attack techniques are describes how this is done. Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. Regsvr32.exe is a Microsoft signed command-line program, which is used to register and unregister object linking and embedding controls, such as dynamic link<\/p><\/div>\n
![\"\"](\"https:\/\/ictmatrix.com\/wp-content\/uploads\/2024\/12\/Mitre-1024x470.jpg\")
<\/figure>\n\n\n\n