Skip to content

Hide Navigation Hide TOC

UAC Bypass Abusing Winsat Path Parsing - Process (7a01183d-71a2-46ad-ad5c-acd989ac1793)

Detects the pattern of UAC Bypass using a path parsing issue in winsat.exe (UACMe 52)

Cluster A Galaxy A Cluster B Galaxy B Level
UAC Bypass Abusing Winsat Path Parsing - Process (7a01183d-71a2-46ad-ad5c-acd989ac1793) Sigma-Rules Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2