Skip to content

Hide Navigation Hide TOC

Launch-VsDevShell.PS1 Proxy Execution (45d3a03d-f441-458c-8883-df101a3bb146)

Detects the use of the 'Launch-VsDevShell.ps1' Microsoft signed script to execute commands.

Cluster A Galaxy A Cluster B Galaxy B Level
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) Attack Pattern Launch-VsDevShell.PS1 Proxy Execution (45d3a03d-f441-458c-8883-df101a3bb146) Sigma-Rules 1
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) Attack Pattern System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) Attack Pattern 2