<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1514

          術語表: /attack/glossary

          Elevated Execution with Prompt

          攻擊者可以通過提示用戶輸入憑據來利用AuthorizationExecuteWithPrivileges API升級特權。此API的目的是為應用程序開發人員提供一種使用root特權執行操作的簡便方法,例如用于應用程序安裝或更新。此API不會驗證請求root特權的程序是否來自信譽良好的源或已被惡意修改。盡管不推薦使用此API,但它仍可在最新版本的macOS中完全發揮作用。調用此API時,將提示用戶輸入其憑據,但不檢查程序的來源或完整性。調用API的程序還可以加載可寫的世界文件,可以將其修改為以提升的特權執行惡意行為。

          攻擊者可能濫用AuthorizationExecuteWithPrivileges以獲得root特權,以便在受害者上安裝惡意軟件并安裝持久性機制。該技術可以與偽裝(T1036)結合使用,以欺騙用戶向惡意代碼授予逐步升級的特權。通過修改使用此API的計算機上存在的合法程序,該技術也已顯示出有效

          Elevated Execution with Prompt

          Adversaries may leverage the AuthorizationExecuteWithPrivileges API to escalate privileges by prompting the user for credentials.[1] The purpose of this API is to give application developers an easy way to perform operations with root privileges, such as for application installation or updating. This API does not validate that the program requesting root privileges comes from a reputable source or has been maliciously modified. Although this API is deprecated, it still fully functions in the latest releases of macOS. When calling this API, the user will be prompted to enter their credentials but no checks on the origin or integrity of the program are made. The program calling the API may also load world writable files which can be modified to perform malicious behavior with elevated privileges.

          Adversaries may abuse AuthorizationExecuteWithPrivileges to obtain root privileges in order to install malicious software on victims and install persistence mechanisms. This technique may be combined with Masquerading to trick the user into granting escalated privileges to malicious code.[2][3] This technique has also been shown to work by modifying legitimate programs present on the machine that make use of this API.[2]

          標簽

          ID編號: T1514

          策略: 特權升級

          平臺: macOS

          所需權限: 管理員,user

          有效權限: root

          數據源: 文件監視,過程監視,API監視

          程序示例

          名稱 描述
          OSX/Shlayer (S0402) OSX/Shlayer (S0402)可以通過詢問用戶憑據來將特權升級為root用戶。
          Name Description
          OSX/Shlayer(S0402) OSX/Shlayer (S0402) can escalate privileges to root by asking the user for credentials.

          緩解措施

          緩解 描述
          執行預防(M1038) 系統設置可以阻止尚未通過Apple Store下載的應用程序運行,這可能有助于緩解其中的一些問題。不允許運行未簽名的應用程序也可以減輕一些風險。
          Mitigation Description
          Execution Prevention(M1038) System settings can prevent applications from running that haven't been downloaded through the Apple Store which may help mitigate some of these issues. Not allowing unsigned applications from being run may also mitigate some risk.

          檢測

          考慮監視/usr/libexec/security_authtrampoline可能表明正在執行AuthorizationExecuteWithPrivileges的執行。MacOS系統日志還可以指示何時調用AuthorizationExecuteWithPrivileges。監視OS API回調的執行也可以是檢測此行為的一種方式,但需要專門的安全工具。

          Consider monitoring for /usr/libexec/security_authtrampoline executions which may indicate that AuthorizationExecuteWithPrivileges is being executed. MacOS system logs may also indicate when AuthorizationExecuteWithPrivileges is being called. Monitoring OS API callbacks for the execution can also be a way to detect this behavior but requires specialized security tooling.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看