-
# Description
The original victim is rebooted and the legitimate user logs in, emulating ordinary usage and a passage of time. This activity triggers the previously established persistence mechanis…
-
Allow to exclude known hooks from the detection. Hooks should be defined in an external configuration file, easily readable and editable for humans.
-
# Description
The payload in the Startup folder executes a follow-on payload using a stolen token (T1106, T1134).
-
# Description
The attacker accesses credentials stored in a local web browser (T1081, T1003) using a tool renamed to masquerade as a legitimate utility (T1036).
-
Wondered if there were plans to read EVTX logs?
These are binary xml logs used by Windows. The logs themselves can be converted to XML (and then to JSON for example), however there is heavy use of …
-
**Summary**
Introduce Display Name for an Indicator of Compromise (IoC) in the Threat Intelligence part of ECS
**Motivation**:
In the Threat Intelligence capabilities of the Security Solution…
-
This is in continuation of #673 and the google groups discussion [here](https://groups.google.com/forum/#!topic/crits-development/u1Zsl3o3pS4)
I have done some experimentation with a Relationship C…
-
The issue was found in scanning "7z2201-x64.exe". "strings" are missed in metadata, for any .dll or .exe in the 7z package. Below is an example of 7z/Uninstall.exe.
**Output of command "strings":**…
-
**Describe the enhancement:**
Winlogbeat user is sending recommendations and pipeline for winlogbeat developers to review
**Describe a specific use case for the enhancement or feature:**
winl…
jguay updated
9 months ago
-
# Description
The attacker runs a PowerShell one-liner command (T1086) to search for filesystem for document and media files (T1083, T1119). Files of interested are collected (T1005) then encrypted…