search

OTRF / detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
GNU General Public License v3.0
133 stars 41 forks source link

13.D) Process Discovery #33

Open Cyb3rWard0g opened 4 years ago

Cyb3rWard0g commented 4 years ago

Description

The attacker performs local enumeration using various Windows API calls, specifically gathering running processes (T1057).