Product
high
advisory
Firewall Disabled via Netsh Command
2 rules 1 TTPDetection of Windows Firewall being disabled via the `netsh` command, potentially exposing the system to external threats and unauthorized communication.
Windows Firewall
defense-evasion
endpoint
windows
2r
1t
medium
advisory
Netsh Used to Enable Remote Desktop Protocol (RDP) in Windows Firewall
2 rules 2 TTPsAdversaries may use the `netsh.exe` utility to enable inbound Remote Desktop Protocol (RDP) connections in the Windows Firewall, potentially allowing unauthorized remote access to compromised systems.
Windows Firewall +4
defense-evasion
lateral-movement
windows
netsh
rdp
2r
2t