Sideloading Link.EXE (6e968eb1-5f05-4dac-94e9-fd0c5cb49fd6)
Detects the execution utitilies often found in Visual Studio tools that hardcode the call to the binary "link.exe". They can be abused to sideload any binary with the same name
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Sideloading Link.EXE (6e968eb1-5f05-4dac-94e9-fd0c5cb49fd6) | Sigma-Rules | System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | 1 |