LeeArchinal,
@LeeArchinal@ioc.exchange avatar

Happy Monday!

Ending the mini-series that covers the Cisco Talos Intelligence Group's Year In Review report, we will be diving into the MITRE ATT&CK Technique T1068, Exploitation for Privilege Escalation. This technique falls under the Tactic of Privilege Escalation (TA0004) and has no sub-techniques. This technique can be seen when adversaries "exploit software vulnerabilities in an attempt to elevate privileges" (https://attack.mitre.org/techniques/T1068/) and has been used by groups like and seen in the malware.

LeeArchinal,
@LeeArchinal@ioc.exchange avatar

IN another example, the ransomware-as-a-service group used this technique when they targeted the Microsoft Windows Malware Protection Engine and abused it by side-loading a DLL that executed the ransomware. Of course, I can't leave you empty handed, so here is the Community Hunt Package that you can use to hunt for that activity!

Package: Microsoft Malware Protection Engine Abnormal Child Process
Link: https://hunter.cyborgsecurity.io/research/hunt-package/d220e189-4350-41e7-b98e-402c851a5d7b

I hope this helps you get your hunting started or furthers you down the path! Enjoy and Happy Hunting!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • Cybersecurity
  • ngwrru68w68
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • anitta
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • provamag3
  • tester
  • Leos
  • megavids
  • JUstTest
  • All magazines
    •