Restricted Software Access By SRPApr 14, 2023 · attack.defense_evasion attack.t1072 ·
Detects restricted access to applications by the Software Restriction Policies (SRP) policy
Suspicious Csi.exe UsageMar 5, 2023 · attack.execution attack.t1072 attack.defense_evasion attack.t1218 ·
Csi.exe is a signed binary from Microsoft that comes with Visual Studio and provides C# interactive capabilities. It can be used to run C# code from a file passed as a parameter in command line. Early version of this utility provided with Microsoft “Roslyn” Community Technology Preview was named 'rcsi.exe'
PUA - Radmin Viewer Utility ExecutionFeb 13, 2023 · attack.execution attack.lateral_movement attack.t1072 ·
Detects the execution of Radmin which can be abused by an adversary to remotely control Windows machines
PDQ Deploy Remote Adminstartion Tool ExecutionFeb 4, 2023 · attack.execution attack.lateral_movement attack.t1072 ·
Detect use of PDQ Deploy remote admin tool