Tag
medium
advisory
Detection of VScode Remote Tunneling for Command and Control
2 rules 1 TTPThe rule detects the execution of the VScode portable binary with the tunnel command line option, potentially indicating an attempt to establish a remote tunnel session to Github or a remote VScode instance for unauthorized access and command and control.
Microsoft Defender XDR +3
command-and-control
vscode
remote-access-tools
windows
2r
1t
medium
advisory
Suspicious Execution from VS Code Extension
2 rules 9 TTPsMalicious VS Code extensions can execute arbitrary commands, leading to initial access and subsequent payload deployment on Windows systems.
VS Code
initial-access
execution
supply-chain-compromise
vscode
2r
9t