18 lines
594 B
Markdown
18 lines
594 B
Markdown
# Component Object Model Hijacking
|
|
|
|
MITRE ATT&CK Technique: [T1122](https://attack.mitre.org/wiki/Technique/T1122)
|
|
|
|
## The search order for locating COM Objects can be hijacked, causing unauthorized code to execute.
|
|
|
|
#### The presence of objects within
|
|
|
|
HKEY_CURRENT_USER\Software\Classes\CLSID\
|
|
|
|
#### May be anomalous and should be investigated since user objects will be loaded prior to machine objects in
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
|
|
|
|
## Test Script
|
|
|
|
[COM Hijack Scripts](https://github.com/redcanaryco/atomic-red-team/tree/master/Windows/Payloads/COMHijackScripts)
|