Tag

Command-Shell

1 brief RSS

Command Shell Activity Started via RunDLL32

This rule detects command shell activity, such as cmd.exe or powershell.exe, initiated by RunDLL32, a technique commonly abused by attackers to execute malicious code and bypass security controls.

M365 Defender +2 execution command-shell rundll32

2r 4t 8h ago