open-menu
closeme
HackTool - NoFilter Execution
calendar
Nov 1, 2024
·
attack.privilege-escalation
attack.t1134
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious AccessMask Requested From LSASS
calendar
Nov 1, 2024
·
attack.credential-access
car.2019-04-004
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - Security
calendar
Oct 1, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Registry Key - Write Access Requested
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
account_management
calendar
Sep 13, 2024
·
Share on:
twitter
facebook
linkedin
copy
Startup/Logon Script Added to Group Policy Object
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Persistence and Execution at Scale via GPO Scheduled Task
calendar
Sep 6, 2024
·
attack.persistence
attack.lateral-movement
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Group Policy Abuse for Privilege Addition
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Kerberoasting Activity - Initial Query
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
A New Trust Was Created To A Domain
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Access To ADMIN$ Network Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Replication from Non Machine Account
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
AD Object WriteDAC Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.001
·
Share on:
twitter
facebook
linkedin
copy
AD Privileged Users or Groups Reconnaissance
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability with Risky EKU
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Add or Remove Computer from DC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Addition of SID History to Active Directory Object
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1134.005
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Health Monitoring Agent Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Health Service Agents Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - Security
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - Security
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
DCERPC SMB Spoolss Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
DCOM InternetExplorer.Application Iertutil DLL Hijack - Security
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Denied Access To Remote Desktop
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
Device Installation Blocked
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1200
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Domain Backup Key Extraction
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.004
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Domain Master Key Backup Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.004
·
Share on:
twitter
facebook
linkedin
copy
Enabled User Right in AD to Control User Objects
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
External Disk Drive Or USB Storage Device Was Recognized By The System
calendar
Aug 12, 2024
·
attack.t1091
attack.t1200
attack.lateral-movement
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Failed Code Integrity Checks
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Remote Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution - Filter Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Ruler
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1087
attack.t1114
attack.t1059
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Hidden Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
Impacket PsExec Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted/Disabled
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Event Auditing Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
ISO Image Mounted
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Manipulation
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Locked Workstation
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access From Non System Account
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Metasploit SMB Authentication
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation - Security
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz DC Sync
calendar
Aug 12, 2024
·
attack.credential-access
attack.s0002
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New or Renamed User Account with '$' Character
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
object_access
calendar
Aug 12, 2024
·
Share on:
twitter
facebook
linkedin
copy
Password Change on Directory Service Restore Mode (DSRM) Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Password Dumper Activity on LSASS
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Enumerated
calendar
Aug 12, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Email Attachment)
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.t1027
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
PetitPotam Suspicious Kerberos TGT Request
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1187
·
Share on:
twitter
facebook
linkedin
copy
Possible DC Shadow Attack
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket SecretDump Remote Activity
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.004
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Possible PetitPotam Coerce Authentication Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1187
·
Share on:
twitter
facebook
linkedin
copy
Possible Shadow Credentials Added
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Potential AD User Enumeration From Non-Machine Account
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Privileged System Service Operation - SeLoadDriverPrivilege
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Scripts Installed as Services - Security
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Powerview Add-DomainObjectAcl DCSync AD Extend Right
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Processes Accessing the Microphone and Webcam
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Protected Storage Service Access
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
RDP over Reverse SSH Tunnel WFP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.lateral-movement
attack.t1090.001
attack.t1090.002
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Reconnaissance Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
attack.t1069.002
attack.s0039
·
Share on:
twitter
facebook
linkedin
copy
Register new Logon Process by Rubeus
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Sessions Network Connections (WinRM)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Service Activity via SVCCTL Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Task Creation via ATSVC Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
car.2013-05-004
car.2015-04-001
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Replay Attack Detected
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558
·
Share on:
twitter
facebook
linkedin
copy
SAM Registry Hive Handle Request
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.credential-access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
SCM Database Handle Failure
calendar
Aug 12, 2024
·
attack.discovery
attack.t1010
·
Share on:
twitter
facebook
linkedin
copy
SCM Database Privileged Operation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Secure Deletion with SDelete
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1070.004
attack.t1027.005
attack.t1485
attack.t1553.002
attack.s0195
·
Share on:
twitter
facebook
linkedin
copy
Security Eventlog Cleared
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - Security
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Read Access Request
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
SMB Create Remote File Admin Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Access to Sensitive File Extensions
calendar
Aug 12, 2024
·
attack.collection
attack.t1039
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Kerberos RC4 Ticket Encryption
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LDAP-Attributes Used
calendar
Aug 12, 2024
·
attack.t1001.003
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PsExec Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Logon with Explicit Credentials
calendar
Aug 12, 2024
·
attack.t1078
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Teams Application Related ObjectAcess Event
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows ANONYMOUS LOGON Local Account Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1136.002
·
Share on:
twitter
facebook
linkedin
copy
SysKey Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Channel Reference Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
T1047 Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Tap Driver Installation - Security
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Transferring Files with Credential Data via Network Shares
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Unauthorized System Time Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Outbound Kerberos Connection - Security
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
User Added to Local Administrator Group
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Couldn't Call a Privileged Service 'LsaRegisterLogonProcess'
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
User Logoff Event
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
VSSAudit Security Event Source Registration
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
WCE wceaux.dll Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Weak Encryption Enabled and Kerberoast
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Win Susp Computer Name Containing Samtheadmin
calendar
Aug 12, 2024
·
cve.2021-42278
cve.2021-42287
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion List Modified
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Event Auditing Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Network Access Suspicious desktop.ini Action
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Windows Pcap Drivers
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
to-top