PowerShell Web Access Feature Enabled Via DISM

Rule Info

Name
PowerShell Web Access Feature Enabled Via DISM
Author
Michael Haag
Description
Detects the use of DISM to enable the PowerShell Web Access feature, which could be used for remote access and potential abuse
Date
2024-09-03 00:00:00
Modified
None
Id
7e8f2d3b-9c1a-4f67-b9e8-8d9006e0e51f
Tags
attack.persistence attack.t1548.002 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Michael Haag
Merge PR #4997 from @MHaggis - Add rules related to PowerShell Web Access
2024-09-03