Defense Evasion

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild

Rubeus Command Line Parameters

Use Alternate Authentication Material , Pass the Ticket , Steal or Forge Kerberos Tickets , Kerberoasting , AS-REP Roasting

Rubeus Command Line Parameters

Use Alternate Authentication Material , Pass the Ticket , Steal or Forge Kerberos Tickets , Kerberoasting , AS-REP Roasting

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild

Suspicious msbuild path

Masquerading , Trusted Developer Utilities Proxy Execution , Rename System Utilities , MSBuild