MITRE ATT&CK:
Audio Capture
| Technique ID | Title | Technique |
|---|---|---|
| T1123 | Collection | An adversary can leverage a computer's peripheral devices (e.g., |
| microphones and webcams) or applications (e.g., voice and video call | ||
| services) to capture audio recordings for the purpose of listening into | ||
| sensitive conversations to gather information.[1] |
PS commands for Test#1:
Similar results from the Sysmon data set:
Saved PS Search:
Reg Events:
~Audo Capture - T1123 - WindowsAudioDevice Powershell Reg Activity - Endpoint.events.process
Queries used to analyze generated logs:
event.dataset