CAPEC 579 Replace Winlogon Helper DLL

Name: VulnX Platform
Author: Studio Consi

Draft Detailed Unknown Risk

Description

Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.

CAPEC 579 Replace Winlogon Helper DLL

Description

Mitigations

Changes To Registry Entries In "Hklm\Software\Microsoft\Windows Nt\Winlogon\Notify" That Do Not Correlate With Known Software, Patch Cycles, Etc Are Suspicious. New Dlls Written To System32 Which Do Not Correlate With Known Good Software Or Patching May Be Suspicious.

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Winlogon Helper DLL

CAPEC 579 Replace Winlogon Helper DLL

Description

Mitigations

Changes To Registry Entries In "Hklm\Software\Microsoft\Windows Nt\Winlogon\Notify" That Do Not Correlate With Known Software, Patch Cycles, Etc Are Suspicious. New Dlls Written To System32 Which Do Not Correlate With Known Good Software Or Patching May Be Suspicious.

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Winlogon Helper DLL

Iscriviti alla newsletter