attack.s0108 | Detection.FYI

Firewall Disabled via Netsh.EXE

Aug 12, 2024 · attack.defense-evasion attack.t1562.004 attack.s0108 ·
Share on:

Detects netsh commands that turns off the Windows firewall

Read More
Potential Persistence Via Netsh Helper DLL

Aug 12, 2024 · attack.privilege-escalation attack.persistence attack.t1546.007 attack.s0108 ·
Share on:

Detects the execution of netsh with "add helper" flag in order to add a custom helper DLL. This technique can be abused to add a malicious helper DLL that can be used as a persistence proxy that gets called when netsh.exe is executed.

Read More