attack.t1564.003 | Detection.FYI

File Download with Headless Browser

Nov 26, 2025 · attack.defense-evasion attack.command-and-control attack.t1105 attack.t1564.003 ·
Share on:

Detects execution of chromium based browser in headless mode using the "dump-dom" command line to download files

Read More
Powershell Executed From Headless ConHost Process

Nov 26, 2025 · attack.defense-evasion attack.execution attack.t1059.001 attack.t1059.003 attack.t1564.003 ·
Share on:

Detects the use of powershell commands from headless ConHost window. The "--headless" flag hides the windows from the user upon execution.

Read More
PUA - AdvancedRun Execution

Nov 26, 2025 · attack.execution attack.defense-evasion attack.privilege-escalation attack.t1564.003 attack.t1134.002 attack.t1059.003 ·
Share on:

Detects the execution of AdvancedRun utility

Read More
Browser Execution In Headless Mode

Oct 23, 2025 · attack.defense-evasion attack.command-and-control attack.t1105 attack.t1564.003 ·
Share on:

Detects execution of Chromium based browser in headless mode

Read More
Potential Data Stealing Via Chromium Headless Debugging

Oct 23, 2025 · attack.defense-evasion attack.credential-access attack.collection attack.t1185 attack.t1564.003 ·
Share on:

Detects chromium based browsers starting in headless and debugging mode and pointing to a user profile. This could be a sign of data stealing or remote control

Read More
HackTool - Covenant PowerShell Launcher

Aug 12, 2024 · attack.execution attack.defense-evasion attack.t1059.001 attack.t1564.003 ·
Share on:

Detects suspicious command lines used in Covenant luanchers

Read More
Suspicious PowerShell WindowStyle Option

Aug 12, 2024 · attack.defense-evasion attack.t1564.003 ·
Share on:

Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden

Read More