1
Security Architecture and Engineering
hard
Refer to the exhibit. A security analyst detects unusual process creation. Which attack technique is most likely being observed?
Exhibit
// Windows Security Event Log excerpt Log Name: Security Event ID: 4672 (Special Logon) Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeTcbPrivilege Event ID: 4688 (Process Creation) Process Name: C:\Windows\System32\cmd.exe Command Line: cmd.exe /c whoami Parent Process: C:\Windows\System32\lsass.exe Event ID: 4672 (Special Logon) Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeDebugPrivilege, SeTcbPrivilege