GSPBC-1036: Defense Evasion - Indirect Command Execution - GuardSight, Cybersecurity as a Service

GSPBC-1036: Defense Evasion – Indirect Command Execution

Indirect Command Execution

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters. Various Windows utilities may be used to execute commands, possibly without invoking cmd. For example, Forfiles, the Program Compatibility Assistant (pcalua.exe), components of the Windows Subsystem for Linux (WSL), as well as other utilities may invoke the execution of programs and commands from a Command and Scripting Interpreter, Run window, or via scripts.

Adversaries may abuse these features for Defense Evasion, specifically to perform arbitrary execution while subverting detections and/or mitigation controls (such as Group Policy) that limit/prevent the usage of cmd or file extensions more commonly associated with malicious payloads.

Source:
https://attack.mitre.org/techniques/T1202/

Back to Playbook Battle Cards

See Playbook Battle Cards on GitHub

Katherine Kostreva2021-10-10T01:51:59+00:00

Free Playbook Battle Cards

Join our newsletter to stay up to date on the latest industry trends, cybersecurity tools, and resources.

Experiencing a breach? Get in touch.

Free Playbook Battle Cards

Join our newsletter to stay up to date on the latest industry trends, cybersecurity tools, and resources.

Experiencing a breach? Get in touch.

GuardSight, Inc.
755 S. Main St., 4-137
Cedar City, UT 84720
info@guardsight.com
844-482-7374