
Rule Info
Name
Get-ChildItem PowerShell Command
Author
X__Junior
Description
Detects the execution of Get-ChildItem for every file with certain extension, could be used by threat actor for discovery.
Date
2025-01-08 00:00:00
Modified
None
Id
9cbbf574-c6d5-406c-afab-47aceed53808
Tags
attack.discovery
Type
Nextron Sigma feed only (private)