search

Bert-JanP / Hunting-Queries-Detection-Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
https://kqlquery.com
BSD 3-Clause "New" or "Revised" License
1.14k stars 213 forks source link

Create ttp_t1027-010_powershellEncodedCommand.md #24

Closed m4nbat closed 7 months ago

m4nbat commented 7 months ago

Part of several analytics submitted to detect TTPs associated with fin7, ZLoader, and FakeBat, from a recent a Red Canary report.

Bert-JanP commented 7 months ago

Cool stuff man! Thanks for the addition(s). Will put the credits in a commit after I have merged all the PRs.

m4nbat commented 7 months ago

No worries I have loads but need to convert to your format. More PRs when I get some free time.

Great project πŸ‘ŒπŸΌπŸ˜ŽπŸ”₯

Regards,

Gavin Knapp GSEC | GCIH | GCIA | GDAT | GCFA | GCDA | GMON | GCED | GSOM

On Thu, 18 Jan 2024, 19:58 Bert-Jan, @.***> wrote:

Cool stuff man! Thanks for the addition(s). Will put the credits in a commit after I have merged all the PRs.

β€” Reply to this email directly, view it on GitHub https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/pull/24#issuecomment-1899119585, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD3AD7IZDS2276OQMOT2DGDYPF5FNAVCNFSM6AAAAABB4WFITSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJZGEYTSNJYGU . You are receiving this because you authored the thread.Message ID: @.***>