MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Privilege Escalation/ T1548.002

T1548.002Bypass User Account Control

T1548.002 — Bypass User Account Control is a MITRE ATT&CK technique in the Privilege Escalation tactic. Clankerusecase tracks 17 detection use cases covering it.

Privilege Escalation

View on the matrix → Filter Detection Library MITRE official spec ↗

17Use cases

0Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1548 · Abuse Elevation Control Mechanism

Use cases covering this technique (17)

Disable UAC Remote Restriction ESCU actions · alerting P Disabling Remote User Account Control ESCU actions · alerting P Eventvwr UAC Bypass ESCU actions · alerting P FodHelper UAC Bypass ESCU actions · alerting P NET Profiler UAC bypass ESCU actions · alerting P Sdclt UAC Bypass ESCU actions · alerting P SilentCleanup UAC Bypass ESCU actions · alerting P SLUI RunAs Elevated ESCU actions · alerting P SLUI Spawning a Process ESCU actions · alerting P UAC Bypass MMC Load Unsigned Dll ESCU actions · alerting P Windows Bypass UAC via Pkgmgr Tool ESCU actions · hunting P Windows ComputerDefaults Spawning a Process ESCU actions · alerting P Windows DISM Install PowerShell Web Access ESCU actions · alerting P Windows Mock Trusted Directory MSC File Creation ESCU actions · alerting P Windows UAC Bypass Suspicious Child Process ESCU actions · alerting P Windows UAC Bypass Suspicious Escalation Behavior ESCU actions · alerting P WSReset UAC Bypass ESCU actions · alerting P