Tag
This rule detects potential SharpRDP behavior, a tool used for authenticated command execution against a remote target via Remote Desktop Protocol (RDP) for lateral movement by identifying incoming RDP connections followed by RunMRU registry value modifications and subsequent process execution.