Detects restricted access to applications by the Software Restriction Policies (SRP) policy

Read More

Csi.exe is a signed binary from Microsoft that comes with Visual Studio and provides C# interactive capabilities. It can be used to run C# code from a file passed as a parameter in command line. Early version of this utility provided with Microsoft “Roslyn” Community Technology Preview was named 'rcsi.exe'

Read More

Detect use of PDQ Deploy remote admin tool

Read More

Detects the execution of Radmin which can be abused by an adversary to remotely control Windows machines

Read More