Product
medium
advisory
Persistence via Visual Studio Tools for Office (VSTO) Add-ins
2 rules 1 TTPThe Visual Studio Tools for Office (VSTO) add-ins can be abused by attackers to establish persistence in Microsoft Office applications by modifying registry keys.
Microsoft Office +1
persistence
office
vsto
2r
1t
medium
advisory
Detecting Suspicious Scheduled Task Creation in Windows
2 rules 1 TTPThis rule detects the creation of scheduled tasks in Windows using event logs, which adversaries may use for persistence, lateral movement, or privilege escalation by creating malicious tasks.
Windows Security Event Logs +8
persistence
scheduled_task
windows
2r
1t