Internal DOS commands in Advanced Hunting

%3CLINGO-SUB%20id%3D%22lingo-sub-1954145%22%20slang%3D%22en-US%22%3EInternal%20DOS%20commands%20in%20Advanced%20Hunting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1954145%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20detect%20internal%20DOS%20commands%20in%20Advanced%20Hunting%3F%20For%20example%2C%20commands%20(in%20cmd.exe%20or%20PowerShell)%20like%20%22cd%22%20or%20%22type%22%20are%20internal%20and%20don't%20have%20any%20executable%20(unlike%20ping.exe).%20is%20there%20a%20way%20to%20track%20those%20commands%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

Hello,

 

Is there a way to detect internal DOS commands in Advanced Hunting? For example, commands (in cmd.exe or PowerShell) like "cd" or "type" are internal and don't have any executable (unlike ping.exe). is there a way to track those commands?

 

Best regards

0 Replies