-
# Description
Finally, the attacker launches a PowerShell script that performs a wide variety of reconnaissance commands (T1083, T1033, T1082, T1016, T1057, T1063, T1069), some of which are done by…
-
Looking for guidance: I wonder how I can create a pipeline yml file that simply drops unsupported fields present the rule that there aren't supported by my backend. For example, Hashes fields is not s…
-
The attacker then collects files (T1005), which are compressed (T1002) and encrypted (T1022), before being exfiltrated to an attacker-controlled WebDAV share (T1048).
-
Windows - Microsoft-Windows-Sysmon/Operational - 7
So where is the imageloaded fields here?
-
**Describe the bug**
I realised after purchasing the process analysis licenced feature, that my SOC alerts don't include all the information like in Taylor's video. However, when I create a SOC alert…
-
I've just compiled the tool as suggested in the README:
~~~~
go install github.com/chainguard-dev/bincapz@latest
~~~~
When running it on `/bin/true` it fails with:
~~~~
> ~/go/bin/bincapz /bin…
-
## Link to rule
[threat_intel_indicator_match_hash.toml](https://github.com/elastic/detection-rules/blob/main/rules/cross-platform/threat_intel_indicator_match_hash.toml)
## Description
This …
-
**Describe the bug**
errors in compiling yara rules when run the main script.
**To Reproduce**
command:`./paranoya.py -d -s 20000 --noindicator --csv --intense --logfolder log --silent --nolisten…
-
The Sysmon process creation events calculate the following hashes, which get indexed in the winlog.event_data.Hashes field.
- md5
- sha256
- imphash
Use the kv processor to split that field into…
-
Virustotal (https://www.virustotal.com/) has a database of checksums that we may be able to fetch in winetricks to check executables prior to invoking them.
So this basically implements a fast anti…