Permission Misconfiguration Reconnaissance Via Findstr.EXE (47e4bab7-c626-47dc-967b-255608c9a920)
Detects usage of findstr with the "EVERYONE" or "BUILTIN" keywords. This is seen being used in combination with "icacls" to look for misconfigured files or folders permissions