Tag
This brief describes detection of common reconnaissance commands executed through webshells on Windows systems, enabling defenders to identify post-exploitation discovery activities.