
Summary
The 'AspNetCompiler Execution' detection rule identifies instances where the 'aspnet_compiler.exe' executable is executed on a Windows system. This executable is part of the .NET Framework and is typically used to compile ASP.NET applications, but it can also be exploited by malicious actors to execute arbitrary C# code within the compromised environment. The rule focuses on monitoring process creation events specifically for the 'aspnet_compiler.exe' binary located in standard .NET installation directories. By tracking its invocation, the rule aims to flag potential misuse of this tool as a part of broader attack vectors that utilize compilation and execution of custom code to evade detection and execute payloads.
Categories
- Windows
Data Sources
- Process
Created: 2021-11-24