Tag
medium
advisory
Suspicious Execution via Windows Command Debugging Utility
2 rules 2 TTPsAdversaries can abuse the Windows command line debugging utility cdb.exe to execute commands or shellcode from non-standard paths, evading traditional security measures.
Microsoft Defender XDR +5
lolbas
defense-evasion
windows
2r
2t
medium
advisory
Abuse of Windows Update Client for DLL Loading
2 rules 3 TTPsThe Windows Update Auto Update Client (wuauclt.exe) is being abused to load arbitrary DLLs, a defense evasion technique where malicious activity blends with legitimate Windows software by using specific process arguments and placing DLLs in writable paths.
Windows Auto Update Client
defense-evasion
execution
lolbas
windows
2r
3t
high
advisory
Suspicious MSBuild Execution from Non-Standard Path
3 rules 2 TTPsDetection of msbuild.exe execution from a non-standard path, indicating potential attempts to evade detection and execute malicious code.
Splunk Enterprise +2
msbuild
lolbas
living-off-the-land
defense-evasion
3r
2t
low
advisory
Windows Delayed Execution via Ping Followed by Malicious Utilities
2 rules 14 TTPsAdversaries may use ping to delay execution of malicious commands, scripts, or binaries to evade detection, often observed during malware installation.
Windows
execution
defense-evasion
ping
lolbas
2r
14t