* [Windows Logons](/learn/opensearch-tutorial)
Welcome to this module on UAC Bypasses. User Account Control (UAC) is a security feature introduced in Windows Vista and continued in subsequent versions of Windows, including Windows 7, 8, 10, and 11. Its primary purpose is to improve security by limiting application software to standard user privileges until an administrator authorizes elevation by physically interacting with a prompt.
UAC aims to protect the system from unauthorized changes by requiring user confirmation before performing actions that may potentially modify the system or impact its security. When a process requests administrative privileges, the system will display a UAC prompt asking the user for permission to continue. This prompt helps to prevent malware or other unwanted software from making system changes without the user's knowledge.
UAC can be thought of as a layer that impedes automated malware and prevents administrators from making unintended changes. There are quite a few ways to bypass it, some of which are required for the system to operate effectively. These methods usually include one or more of the following:
* DLL hijacking
* Use of elevated COM interfaces
* File/registry modifications
* Scheduled tasks
In this module, we'll take a look at several examples of UAC bypasses that use these techniques and discuss notable artifacts as candidates for hunting/detection.
The events in your SIEM can be found in the following timespan: 2 May 2023 - 3 May 2023.](https://assets.aceresponder.com/meta/caefd00d-b6f1-4d4a-8646-acfa60d69284.png)
UAC Bypasses
Prerequisites:
Welcome to this module on UAC Bypasses. User Account Control (UAC) is a security feature introduced in Windows Vista and continued in subsequent versions of Windows, including Windows 7, 8, 10, and 11. Its primary purpose is to improve security by limiting application software to standard user privileges until an administrator authorizes elevation by physically interacting with a prompt.
UAC aims to protect the system from unauthorized changes by requiring user confirmation before performing actions that may potentially modify the system or impact its security. When a process requests administrative privileges, the system will display a UAC prompt asking the user for permission to continue. This prompt helps to prevent malware or other unwanted software from making system changes without the user's knowledge.
UAC can be thought of as a layer that impedes automated malware and prevents administrators from making unintended changes. There are quite a few ways to bypass it, some of which are required for the system to operate effectively. These methods usually include one or more of the following:
- DLL hijacking
- Use of elevated COM interfaces
- File/registry modifications
- Scheduled tasks
In this module, we'll take a look at several examples of UAC bypasses that use these techniques and discuss notable artifacts as candidates for hunting/detection.
The events in your SIEM can be found in the following timespan: 2 May 2023 - 3 May 2023.
Analyst
$17.49
/mo
Explore realistic pre-recorded attacks
Master full-featured defensive platforms
Browser-based challenges and modules
Extended attack videos
Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.
Defender
$44.49
/mo
Instant fully interactive labs
Hands-on prevention and detection
Master offensive techniques
Security engineering exercises
Highly realistic and dynamic scenarios
Access to all Analyst-level content
Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.