Tag

Command-Line

3 briefs RSS

Long Base64 Encoded Command via Scripting Interpreter

Detection of oversized command lines used by Python, PowerShell, Node.js, or Deno interpreters containing base64 decoding or encoded-command patterns, indicating potential evasion and malicious execution.

Elastic Endpoint defense-evasion execution scripting-interpreter base64 command-line

2r 5t Jan 3, 2024

medium advisory

Detection of Obfuscated IP Addresses via Command Line Tools

3 rules 1 TTP

The use of command-line tools like ping.exe or arp.exe with obfuscated IP addresses (hex, octal, etc.) in the command line can indicate reconnaissance activity or attempts to evade security controls by masking the true destination.

Windows reconnaissance evasion command-line

3r 1t Jan 3, 2024

high advisory

Command Obfuscation via Unicode Modifier Letters

2 rules 1 TTP

Adversaries use Unicode modifier letters to obfuscate command-line arguments, evading string-based detections on common Windows utilities like PowerShell and cmd.exe.

Microsoft Defender XDR +5 defense-evasion command-line unicode obfuscation

2r 1t Jan 3, 2024