Dark Mode

Settings

Capec-579 Detail

Replace Winlogon Helper DLL

Detailed Software

Parents: 542

Threats: T79 T284 T287 T337 T389 T391 T403 T406

Description

Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.

Not present

External ID Source Link Description
CAPEC-579 capec https://capec.mitre.org/data/definitions/579.html
CWE-15 cwe http://cwe.mitre.org/data/definitions/15.html
T1547.004 ATTACK https://attack.mitre.org/wiki/Technique/T1547/004 Boot or Logon Autostart Execution: Winlogon helper DLL

Not present

Not present

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.