ATT&CK 기법 · Stealth
Direct Volume Access T1006
이 기법을 다룬 REVELARE 한국어 위협 분석 0편 · Stealth
아직 이 기법을 직접 다룬 분석이 없습니다.
MITRE 공식 정의
Adversaries may directly access a volume to bypass file access controls and file system monitoring. Windows allows programs to have direct access to logical volumes. Programs with direct access may read and write files directly from the drive by analyzing file system data structures. This technique may bypass Windows file access controls as well as file system monitoring tools.(Citation: Hakobyan 2009) Utilities, such as `NinjaCopy`, exist to perform these actions in PowerSh…
플랫폼: Network Devices, Windows