| description |
|---|
Defense Evasion |
This technique launches an executable without a cmd.exe.
forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe
Defenders can monitor for process creation/commandline logs to detect this activity:
{% embed url="https://attack.mitre.org/wiki/Technique/T1202" %}