GitHub

uac_bypass_with_colorui_com_object.yml

description: The following analytic detects a potential UAC bypass using the colorui.dll COM Object. It leverages Sysmon EventCode 7 to identify instances where colorui.dll is loaded by a process ...
GitHub

disable_uac_remote_restriction.yml

description: The following analytic detects the modification of the registry to disable UAC remote restriction by setting the "LocalAccountTokenFilterPolicy" value to "0x00000001". It leverages data ...