<<< Hide Navigation Hide TOC >>>
PowerShell Web Access Feature Enabled Via DISM (7e8f2d3b-9c1a-4f67-b9e8-8d9006e0e51f)
Detects the use of DISM to enable the PowerShell Web Access feature, which could be used for remote access and potential abuse
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
PowerShell Web Access Feature Enabled Via DISM (7e8f2d3b-9c1a-4f67-b9e8-8d9006e0e51f) | Sigma-Rules | Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) | Attack Pattern | 1 |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) | Attack Pattern | Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) | Attack Pattern | 2 |