Potential Persistence Via Netsh Helper DLLFeb 16, 2023 · attack.privilege_escalation attack.persistence attack.t1546.007 attack.s0108 ·
Detects the execution of netsh with "add helper" flag in order to add a custom helper DLL. This technique can be abused to add a malicious helper DLL that can be used as a persistence proxy that gets called when netsh.exe is executed.
Firewall Disabled via Netsh.EXEFeb 13, 2023 · attack.defense_evasion attack.t1562.004 attack.s0108 ·
Detects netsh commands that turns off the Windows firewall