Skip to content

Hide Navigation Hide TOC

Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1)

Protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures.

Cluster A Galaxy A Cluster B Galaxy B Level
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1) Course of Action 1
Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1) Course of Action OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1
Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1) Course of Action Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern 1
Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1) Course of Action Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 1
Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1) Course of Action LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1) Course of Action 1
Privileged Process Integrity - M1025 (72dade3e-1cba-4182-b3b3-a77ca52f02a1) Course of Action Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) Attack Pattern 1
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) Attack Pattern 2