MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Defense Evasion/ T1222.001

T1222.001Windows Permissions

T1222.001 — Windows Permissions is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 18 detection use cases covering it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

18Use cases

0Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1222 · File and Directory Permissions Modification

Use cases covering this technique (18)

Hiding Files And Directories With Attrib exe ESCU actions · alerting P Windows AD Dangerous Deny ACL Modification ESCU actions · alerting P Windows AD Dangerous Group ACL Modification ESCU actions · alerting P Windows AD Dangerous User ACL Modification ESCU actions · alerting P Windows AD DCShadow Privileges ACL Addition ESCU actions · alerting P Windows AD Domain Root ACL Deletion ESCU actions · alerting P Windows AD Domain Root ACL Modification ESCU actions · alerting P Windows AD GPO New CSE Addition ESCU actions · alerting P Windows AD Hidden OU Creation ESCU actions · alerting P Windows AD Object Owner Updated ESCU actions · alerting P Windows AD Suspicious Attribute Modification ESCU actions · alerting P Windows File and Directory Enable ReadOnly Permissions ESCU actions · alerting P Windows File and Directory Permissions Enable Inheritance ESCU actions · hunting P Windows File and Directory Permissions Remove Inheritance ESCU actions · hunting P Windows Files and Dirs Access Rights Modification Via Icacls ESCU actions · hunting P Windows SubInAcl Execution ESCU actions · hunting P Windows Symlink Evaluation Change via Fsutil ESCU actions · hunting P Windows AD Suspicious GPO Modification ESCU actions · alerting P