Bypass User Access Control - T1548.002

graph LR; T1548002["Bypass User Access Control"] --> |invokes| CreateProcess["Create Process"]; class T1548002 OffensiveTechniqueNode; class CreateProcess ArtifactNode; click CreateProcess href "/dao/artifact/d3f:CreateProcess"; click T1548002 href "/offensive-technique/attack/T1548.002/"; click CreateProcess href "/dao/artifact/d3f:CreateProcess"; T1548002["Bypass User Access Control"] --> |may-modify| SystemConfigurationDatabaseRecord["System Configuration Database Record"]; class T1548002 OffensiveTechniqueNode; class SystemConfigurationDatabaseRecord ArtifactNode; click SystemConfigurationDatabaseRecord href "/dao/artifact/d3f:SystemConfigurationDatabaseRecord"; click T1548002 href "/offensive-technique/attack/T1548.002/"; click SystemConfigurationDatabaseRecord href "/dao/artifact/d3f:SystemConfigurationDatabaseRecord"; T1548002["Bypass User Access Control"] --> |executes| ExecutableFile["Executable File"]; class T1548002 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile"; click T1548002 href "/offensive-technique/attack/T1548.002/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile"; DecoyFile["Decoy File"] --> | spoofs | ExecutableFile["Executable File"]; DecoyFile["Decoy File"] -.-> | May Deceive | T1548002["Bypass User Access Control"] ; class DecoyFile DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; FileAnalysis["File Analysis"] --> | analyzes | ExecutableFile["Executable File"]; FileAnalysis["File Analysis"] -.-> | May Detect | T1548002["Bypass User Access Control"] ; class FileAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; DynamicAnalysis["Dynamic Analysis"] --> | analyzes | ExecutableFile["Executable File"]; DynamicAnalysis["Dynamic Analysis"] -.-> | May Detect | T1548002["Bypass User Access Control"] ; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | ExecutableFile["Executable File"]; EmulatedFileAnalysis["Emulated File Analysis"] -.-> | May Detect | T1548002["Bypass User Access Control"] ; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; SystemCallAnalysis["System Call Analysis"] --> | analyzes | CreateProcess["Create Process"]; SystemCallAnalysis["System Call Analysis"] -.-> | May Detect | T1548002["Bypass User Access Control"] ; class SystemCallAnalysis DefensiveTechniqueNode; class CreateProcess ArtifactNode; click SystemCallAnalysis href "/technique/d3f:SystemCallAnalysis"; FileEncryption["File Encryption"] --> | encrypts | ExecutableFile["Executable File"]; FileEncryption["File Encryption"] -.-> | May Harden | T1548002["Bypass User Access Control"] ; class FileEncryption DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; LocalFilePermissions["Local File Permissions"] --> | restricts | ExecutableFile["Executable File"]; LocalFilePermissions["Local File Permissions"] -.-> | May Harden | T1548002["Bypass User Access Control"] ; class LocalFilePermissions DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; ExecutableAllowlisting["Executable Allowlisting"] --> | blocks | ExecutableFile["Executable File"]; ExecutableAllowlisting["Executable Allowlisting"] -.-> | May Isolate | T1548002["Bypass User Access Control"] ; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; ProcessSpawnAnalysis["Process Spawn Analysis"] --> | analyzes | CreateProcess["Create Process"]; ProcessSpawnAnalysis["Process Spawn Analysis"] -.-> | May Detect | T1548002["Bypass User Access Control"] ; class ProcessSpawnAnalysis DefensiveTechniqueNode; class CreateProcess ArtifactNode; click ProcessSpawnAnalysis href "/technique/d3f:ProcessSpawnAnalysis"; SystemCallFiltering["System Call Filtering"] --> | filters | CreateProcess["Create Process"]; SystemCallFiltering["System Call Filtering"] -.-> | May Isolate | T1548002["Bypass User Access Control"] ; class SystemCallFiltering DefensiveTechniqueNode; class CreateProcess ArtifactNode; click SystemCallFiltering href "/technique/d3f:SystemCallFiltering"; ExecutableDenylisting["Executable Denylisting"] --> | blocks | ExecutableFile["Executable File"]; ExecutableDenylisting["Executable Denylisting"] -.-> | May Isolate | T1548002["Bypass User Access Control"] ; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting";