This is for testing purposes:
Currently trying to better secure my network environment with ASR rules. Had them in audit and now to block mode. I am documenting potential attack vectors so that I can understand how the rules are triggered. Was wondering if anyone would know any test cases to trigger a child process via Adobe reader (ASR rule) **without the use of Metasploit payload**. Any help greatly appreciated.
Background info: There is not documentation available to the cybersecurity community on how to test ASR rules by triggering them. I hope to be able to publish a documentation so that other professionals can test on their own and understand the rules they are implementing on a closer level.