-
Generate detection rule using the [Carbanak step 2.B](https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/carbanak/Emulation_Plan/Scenario_1#2b---screen-captu…
-
Generate detection rule using the Carbanak step 4.A
- Test environment setup
- Collect relevant logs
- Write appropiate decoders and rules
For step setup thei requires a Linux endpoint to be added t…
-
## Description
MusNotifyIcon.exe can also be added to the list of excluded process names. It's the exe that shows the icon in the taskbar when there are updates available.
event.category:process a…
-
Generate detection rule using the Carbanak [step 7.A](https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/carbanak/Emulation_Plan/Scenario_1#7a---rdp-through-…
-
Generate detection rule using the Carbanak [step 5.C](https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/carbanak/Emulation_Plan/Scenario_1#5c---lateral-move…
-
Generate detection rule using the Carbanak step 1.A*
- Collect relevant logs
- Write appropiate decoders and rules
-
Generate detection rule using the Carbanak step 5.B
- Test environment setup
- Collect relevant logs
- Write appropriate decoders and rules
Detection criteria:
5.B.1 - plink.exe connects over SSH (…
-
Generate detection rule using the Carbanak [step 4.A](https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/carbanak/Emulation_Plan/Scenario_1#step-4---domain-d…
-
https://github.com/Neo23x0/Raccine/blob/b8ea99ad4b4e393b3cab2639b33755a26d3a8868/raccine.cpp#L79
I think you want dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID && dwIntegrityLevel < SECURITY_MAND…
-
After a quick look. I think these issues affect all the Ps* tools because they have copies of the same code.
## Issue 1
Leak when exiting function early from error path in `IntegrityLevel()`
…