Tag

Remotemonologue

1 brief RSS

Potential RemoteMonologue Attack via Registry Modification

This rule detects potential RemoteMonologue attacks by identifying attempts to perform session hijacking via COM object registry modification, specifically when the RunAs value is set to Interactive User.

MsMpEng.exe +4 remotemonologue defense-evasion persistence windows

2r 4t Jan 3, 2024