.. / Bash.exe
Star

File used by Windows subsystem for Linux


Paths:


Resources:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules

Acknowledgement:
Alex Ionescu - @aionescu


Detection:
Child process from bash.exe



Execute

Executes calc.exe from bash.exe 
bash.exe -c calc.exe
Usecase:Performs execution of specified file, can be used as a defensive evasion.
Privileges required:User
OS:Windows 10
Mitre:T1218



AWL bypass

Executes calc.exe from bash.exe 
bash.exe -c calc.exe
Usecase:Performs execution of specified file, can be used to bypass Application Whitelisting.
Privileges required:User
OS:Windows 10
Mitre:T1218