ioc[.]one - OSINT Cyber Threat Intelligence Database

Bypassing Application Whitelisting By Using rcsi.exe

Tags

attack-pattern:

Powershell - T1059.001 Powershell - T1086 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	f103ce23-4469-45fa-9514-9d742e226d29
Fingerprint	3f2c0b1a057ae4d9
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 21, 2016, 2:06 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	enigma0x3
Title	Bypassing Application Whitelisting By Using rcsi.exe
Detected Hints/Tags/Attributes	17/1/17

Source URLs

	Redirection	Url
Details	Source	https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/

URL Provider

Details	Provider	Source level domain
Details	enigma0x3.net	enigma0x3.net

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	212		technet.microsoft.com
Details	Domain	11		blogs.msdn.microsoft.com
Details	Domain	4128		github.com
Details	Domain	4		www.exploit-monday.com
Details	File	3		rcsi.exe
Details	File	4		dnx.exe
Details	File	2		csi.exe
Details	File	1		using-device-guard-to-mitigate-against.html
Details	Github username	7		dotnet
Details	Github username	5		mattifestation
Details	Github username	4		subtee
Details	Url	2		https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide.
Details	Url	1		https://blogs.msdn.microsoft.com/visualstudio/2011/10/19/introducing-the-microsoft-roslyn-ctp
Details	Url	1		https://github.com/dotnet/roslyn
Details	Url	1		http://www.exploit-monday.com/2016/09/using-device-guard-to-mitigate-against.html
Details	Url	1		https://github.com/mattifestation/deviceguardbypassmitigationrules
Details	Url	1		https://github.com/subtee/bluehat2016