Detections
Analytics
Path Interception by Unquoted Path
Description
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references. Adversaries can take advantage of paths that lack surrounding quotations by placing an executable in a higher level directory within the path, so that Windows will choose the adversary's executable to launch.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | SMB | Windows Services ACL | Plugin ID: 44401 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Persistence, Privilege Escalation, Defense Evasion
Technique: Hijack Execution Flow
Sub-Technique: Hijack Execution Flow: Path Interception by Unquoted Path
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q2