Windows File Permissions Modification¶
File permissions are commonly managed by discretionary access control lists (DACLs) specified by the file owner. Adversaries may modify file permissions/attributes to evade intended DACLs.
MITRE ATT&CK™ Mapping¶
|techniques:||T1222 File Permissions Modification|
process where subtype.create and ( process_name == "attrib.exe" and command_line == "* +h*" or process_name == "takeown.exe" or process_name == "icacls.exe" and command_line == "*grant*" )