Detects potential use of an SSH utility to establish RDP over a reverse SSH Tunnel. This can be used by attackers to enable routing of network packets that would otherwise not reach their intended destination.

Detects a remote file copy attempt to a hidden network share. This may indicate lateral movement or data staging activity.

Detects user accept agreement execution in psexec commandline