Product

Microsoft Diagnostics Troubleshooting Wizard (MSDT)

1 brief RSS

Suspicious Microsoft Diagnostics Wizard Execution

This rule detects potential abuse of the Microsoft Diagnostics Troubleshooting Wizard (MSDT) to proxy malicious command or binary execution via malicious process arguments on Windows systems.

Elastic Defend +2 defense-evasion msdt windows

3r 1t Jan 25, 2024