For example, security products may load their own modules and/or modify those loaded by processes to facilitate data collection. Security tools may make dynamic changes to system components in order to maintain visibility into specific events. This may take the many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information.Īdversaries may also tamper with artifacts deployed and utilized by security tools.
T1562.001 - Impair Defenses: Disable or Modify Tools Description from ATT&CK Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities.
0 kommentar(er)
