Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters. Various Windows utilities may be used to execute commands, possibly without invoking [cmd](https://attack.mitre.org/software/S0106). For example, [Forfiles](https://attack.mitre.org/software/S0193), the Program Compatibility Assistant (`pcalua.exe`), components of the Windows Subsystem for Linux (WSL), `Scriptrunner.exe`, as well as other utilities may...
BY SOURCE
PROCEDURES (26)
Auto-extracted: 13 detections for process creation monitoring
Auto-extracted: 5 detections for general monitoring
Auto-extracted: 5 detections for child process
Auto-extracted: 4 detections for suspicious
Auto-extracted: 2 detections for parent process
Auto-extracted: 2 detections for macro
Auto-extracted: 2 detections for persist
Auto-extracted: 2 detections for download
Auto-extracted: 2 detections for bypass
Auto-extracted: 2 detections for parent process
Auto-extracted: 2 detections for inject
Auto-extracted: 1 detections for script execution monitoring
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for evasion
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for registry
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for download
Auto-extracted: 1 detections for powershell
Auto-extracted: 1 detections for module load monitoring
Auto-extracted: 1 detections for remote
Auto-extracted: 1 detections for cloud monitoring
Auto-extracted: 1 detections for office
Auto-extracted: 1 detections for evasion
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for powershell