-
Hi,
This post is copied from [my reddit reply to your tool/project reply](https://www.reddit.com/r/bindingofisaac/comments/qtsdy7/comment/lotor56/?utm_source=share&utm_medium=web3x&utm_name=web3xcs…
-
# Feature request
Use Sysmon as a source of events for all the supported events. We can project sysmon's event data within osquery core as evented tables in realtime using ETW tracing.
Curre…
-
The attacker then enumerates running processes (T1057) to discover/terminate the initial access from Step 1 (Pupy Agent) before deleting various files (T1107) associated with that access.
-
Hi,
Im currently running aurora lite from home...looking at different products. How do I add files to a whitelist to stop being notified of false positives?
Kind Regards
Nuno
-
# Description
The attacker uploads additional tools (T1086) through the new, elevated access before spawning an interactive powershell.exe shell (T1086). The additional tools are decompressed (T114…
-
Whenever I run Malheur in increment mode and feed it one report at a time, I don't get any results, forcing me to rerun it against all previous reports. This yields a noticeable overhead of processing…
-
# Description
This new payload is executed on the secondary victim via the PSExec utility (T1077, T1035) using the previously stolen credentials (T1078).
-
# Description
The scenario begins with an initial breach, where a legitimate user clicks (T1204) an executable payload (screensaver executable) masquerading as a benign word document (T1036). Once ex…
-
Hello, @merces and @GoGoOtaku! Debian package maintainer for `pev` here.
I noticed in the last few days that after [pev](https://github.com/merces/pev) remained archived for a brief stint while wai…
-
### Running `setup` with `setup.ilm.check_exists: false` creates invalid mappings (`text` for `keyword` fields), effecting the Security app
- Version: `7.9`, `7.10 BC1`
- Operating System: `Window…