Drivers

Jump to bottom

Tony Phipps edited this page May 7, 2018 · 2 revisions

Input Capture

Collection, Credential Access

Monitor the Registry and file system for suspicious driver installs

SELECT Class, DriverSigned, OriginalFileName, Provider
GROUP BY Class, DriverSigned, OriginalFileName, Provider

Mitre - Input Capture