Tag
medium
advisory
Abuse of Microsoft Sysinternals PsSuspend Utility
1 rule 4 TTPsUnidentified threat actors may leverage the legitimate Microsoft Sysinternals PsSuspend utility to suspend critical processes on Windows systems, enabling evasion of security controls or disruption of operations.
Sysinternals PsSuspend
sysinternals
living-off-the-land
process-manipulation
windows
tool-abuse
1r
4t
medium
advisory
Permission Check Via Accesschk.EXE
1 rule 1 TTPAttackers are abusing the legitimate Sysinternals `Accesschk.exe` utility to perform permission discovery on Windows systems, a common step in privilege escalation attacks, allowing them to identify misconfigurations for gaining higher privileges.
Accesschk
sysinternals
privilege-escalation
tool-abuse
discovery
windows
1r
1t