T1548.002-poc

posted on : 6/23/2024

i started to make a little fun poc for the T1548.002 on mitre att&ck using the

 eventvwr.exe

to uac bypass using it's regkey at HKCU/Software/Classes/mscfile/shell/open/command, which will run whatever you point it at with elvated perms! load ur own malicious file until i finish mine.

link here!!