-
-
# Description
The attacker collects screenshots (T1113), data from the user’s clipboard (T1115), and keystrokes (T1056).
-
im encountering this issue when I attempt to inject into processes like backgroundtaskhost, opera.exe process, the "backiee.exe" app from microsoft store (the wallpaper thing), one process of discord.…
-
input json
`{
"id":"2baad784-c695-459a-9f2f-471aa5258938",
"winlog":{
"computer_name":"logcollector",
"event_id":"1",
"api":"wineventlog",
"opcode":"Info",
…
-
3. fkdjsadasd.ico file obtained from within the binary and used as a default icon for all files with extension. basta
```
{
"_index": "wazuh-archives-4.x-2022.06.27",
"_type": "_doc",
"_id"…
-
Currently the QRadar adapter's mapping methodology is based on what fields are present in the event. If the right fields are present, then they get mapped and a resultant STIX object is created.
Th…
-
The attacker then collects files (T1005), which are compressed (T1002) and encrypted (T1022), before being exfiltrated to an attacker-controlled WebDAV share (T1048).
-
rules laying in sigma under the linux folder has the "none" category and breaks when trying to be converted via the kusto backend.
Routinely getting:
Error while conversion: Unable to determine ta…
-
**Describe the solution you'd like**
I would like to see ***Syscheck*** collect and ***Inventory Data*** display the processes that are supervising each separate svchost.exe PID on Windows hosts. I d…
-
# Description
The attacker uses Lightweight Directory Access Protocol (LDAP) queries to enumerate other hosts in the domain (T1018) before creating a remote PowerShell session to a secondary victim…