==================================================

CREATED: WIN-POWERSHELL-INVOKE-RESTMETHOD (#1452)

Description

This detector identifies the execution of PowerShell scripts that include the Invoke-RestMethod cmdlet. The Invoke-RestMethod cmdlet was designed to send HTTP and HTTPS requests to Representational State Transfer (REST) web services that returns richly structured data, but can be used to download any type of content. 

ATT&CK Technique T1086

==================================================

CREATED: WIN-SDCLT-UAC-BYPASS-REGMOD (#1490)

Description

This detector identifies Windows Registry modifications that enable the use of Windows Backup Client (sdclt.exe) as a UAC bypass/privilege exploit technique.

ATT&CK Technique T1088

Did this answer your question?