Indirect Command Execution

Various Windows utilities may be used to execute commands, possibly without invoking cmd. For example, for files, the Program Compatibility Assistant (pcalua.exe), components of the Windows Subsystem for Linux (WSL), as well as other utilities may invoke the execution of programs and commands from a Command-Line Interface, Run window, or via scripts.
Adversaries may abuse these utilities for Defense Evasion, specifically to perform arbitrary execution while subverting detections and/or mitigation controls (such as Group Policy) that limit/prevent the usage of cmd.

Additional Resources

Subscribe to our Newsletter and don't miss important updates