← Back to ATT&CK index
T1553
Subvert Trust Controls
View on attack.mitre.org →3 syscalls implement this technique
- NtGetCachedSigningLevel
Reads the Code Integrity cached signing-level result stored as an NTFS extended attribute on a file.
- NtCompareSigningLevels
Compares two SE_SIGNING_LEVEL values using Code Integrity's policy ordering and returns whether the first dominates the second.
- NtSetCachedSigningLevel
Writes a Code Integrity cached signing-level result into an NTFS extended attribute on the target file.