open-menu
closeme
Local System Accounts Discovery - Linux
calendar
Dec 14, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Permission Check Via Accesschk.EXE
calendar
Dec 1, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Discovery - Linux
calendar
Dec 1, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery - Linux
calendar
Dec 1, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
System Owner or User Discovery - Linux
calendar
Dec 1, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SOAPHound Execution
calendar
Dec 1, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ProcessCreation
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Discovery Activity
calendar
Dec 1, 2024
·
attack.discovery
attack.t1016
attack.t1049
attack.t1087
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
System Disk And Volume Reconnaissance Via Wmic.EXE
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1047
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Connection to Active Directory Web Services
calendar
Dec 1, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PCHunter Execution
calendar
Nov 25, 2024
·
attack.execution
attack.discovery
attack.t1082
attack.t1057
attack.t1012
attack.t1083
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Nov 25, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Renamed AdFind Execution
calendar
Nov 25, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
attack.t1482
attack.t1069.002
·
Share on:
twitter
facebook
linkedin
copy
ESXi Network Configuration Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Storage Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi System Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM List Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VSAN Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Firewall Configuration Discovery Via Netsh.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using Ioreg
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using sw_vers
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using System_Profiler
calendar
Nov 1, 2024
·
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1497.001
·
Share on:
twitter
facebook
linkedin
copy
System Integrity Protection (SIP) Disabled
calendar
Nov 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
System Integrity Protection (SIP) Enumeration
calendar
Nov 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon System Information Discovery Via Wmic.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certipy Execution
calendar
Oct 8, 2024
·
attack.discovery
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Security Tools Keyword Lookup Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution Anomaly
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution From Privileged Process
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution With Output Option
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Linux Network Service Scanning Tools Execution
calendar
Sep 22, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution GCC - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Find - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Flock - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Nice - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Apt - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Vim GTFOBin Abuse - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Via CLI
calendar
Sep 2, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery Via Powershell Script
calendar
Sep 2, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
System Network Discovery - macOS
calendar
Aug 29, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
File Explorer Folder Opened Using Explorer Folder Shortcut Via Shell
calendar
Aug 29, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious EventLog Recon Activity Using Log Query Utilities
calendar
Aug 29, 2024
·
attack.credential-access
attack.discovery
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Reconnaissance/Enumeration Via LDAP
calendar
Aug 27, 2024
·
attack.discovery
attack.t1069.002
attack.t1087.002
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Computers Enumeration With Get-AdComputer
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Group Enumeration With Get-AdGroup
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Csvde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
AD Groups Or Users Enumeration Using PowerShell - PoshModule
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
AD Groups Or Users Enumeration Using PowerShell - ScriptBlock
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
AD Privileged Users or Groups Reconnaissance
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Advanced IP Scanner - File Event
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Bookmarks Using Get-ChildItem PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1217
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Health Monitoring Agent Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Health Service Agents Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Details Export Attempt Detected
calendar
Aug 12, 2024
·
attack.collection
attack.reconnaissance
attack.discovery
attack.t1213
attack.t1082
attack.t1591.004
·
Share on:
twitter
facebook
linkedin
copy
BloodHound Collection Files
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Capabilities Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Cisco Collect Data
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.collection
attack.t1087.001
attack.t1552.001
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Cisco Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
attack.t1201
attack.t1057
attack.t1018
attack.t1082
attack.t1016
attack.t1049
attack.t1033
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Cisco Sniffing
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Computer Discovery And Export Via Get-ADComputer Cmdlet
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Computer Discovery And Export Via Get-ADComputer Cmdlet - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Computer System Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Console CodePage Lookup Via CHCP
calendar
Aug 12, 2024
·
attack.discovery
attack.t1614.001
·
Share on:
twitter
facebook
linkedin
copy
Container Residence Discovery Via Proc Virtual FS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Crontab Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Detected Windows Software Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518
·
Share on:
twitter
facebook
linkedin
copy
Detected Windows Software Discovery - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518
·
Share on:
twitter
facebook
linkedin
copy
DirectorySearcher Powershell Exploitation
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
DirLister Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Discovery of a System Time
calendar
Aug 12, 2024
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Discovery Using AzureHound
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.004
attack.t1526
·
Share on:
twitter
facebook
linkedin
copy
DNS Server Discovery Via LDAP Query
calendar
Aug 12, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Docker Container Discovery Via Dockerenv Listing
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Domain Trust Discovery Via Dsquery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
DriverQuery.EXE Execution
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Enumerate All Information With Whoami.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery - MacOS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
File And SubFolder Enumeration Via Dir Command
calendar
Aug 12, 2024
·
attack.discovery
attack.t1217
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Drive Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1120
·
Share on:
twitter
facebook
linkedin
copy
GatherNetworkInfo.VBS Reconnaissance Script Output
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Get-ADUser Enumeration Using UserAccountControl Flags
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Storage Buckets Enumeration
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Gpresult Display Group Policy Information
calendar
Aug 12, 2024
·
attack.discovery
attack.t1615
·
Share on:
twitter
facebook
linkedin
copy
Group Membership Reconnaissance Via Whoami.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Bloodhound/Sharphound Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certify Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpLDAPmonitor Execution
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpLdapWhoami Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpView Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
attack.t1069.002
attack.t1482
attack.t1135
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
HackTool - TruffleSnout Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Ruler
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1087
attack.t1114
attack.t1059
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Harvesting Of Wifi Credentials Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Linux Network Service Scanning - Auditd
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Linux Remote System Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Local Accounts Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Local System Accounts Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
MacOS Network Service Scanning
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Macos Remote System Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Network Reconnaissance Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087
attack.t1082
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing - Linux
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
New Network Trace Capture Started Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Nltest.EXE Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
attack.t1018
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Download Activity
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SNMP OID Request
calendar
Aug 12, 2024
·
attack.discovery
attack.lateral-movement
attack.t1016
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity - Security
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OS Architecture Discovery Via Grep
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Discovery With Get-AdDefaultDomainPasswordPolicy
calendar
Aug 12, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Enumerated
calendar
Aug 12, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Pnscan Binary Data Transmission Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Possible DCSync Attack
calendar
Aug 12, 2024
·
attack.t1033
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - ProcCreation
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsModule
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsScript
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential AD User Enumeration From Non-Machine Account
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Bucket Enumeration on AWS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1580
·
Share on:
twitter
facebook
linkedin
copy
Potential Configuration And Service Reconnaissance Via Reg.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Potential Container Discovery Via Inodes Listing
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - MacOS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Via Dnscmd.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Dridex Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.discovery
attack.t1135
attack.t1033
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential GobRAT File Discovery Via Grep
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Network Sniffing Activity Using Network Tools
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Potential Packet Capture Activity Via Start-NetEventSession - ScriptBlock
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Potential Recon Activity Using DriverQuery.EXE
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Potential Recon Activity Via Nltest.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance Activity Via GatherNetworkInfo.VBS
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1615
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.defense-evasion
attack.credential-access
attack.privilege-escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ADRecon Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Directory Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Hotfix Enumeration
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Powershell Sensitive File Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Powershell Suspicious Win32_PnPEntity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1120
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdFind Suspicious Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
attack.t1482
attack.t1069.002
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
PUA - Adidnsdump Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
PUA - Advanced IP Scanner Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
PUA - Advanced IP/Port Scanner Update Check
calendar
Aug 12, 2024
·
attack.discovery
attack.t1590
·
Share on:
twitter
facebook
linkedin
copy
PUA - Advanced Port Scanner Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
PUA - Crassus Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1590.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - Nmap/Zenmap Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
PUA - Seatbelt Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1526
attack.t1087
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
PUA - SoftPerfect Netscan Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
PUA - Suspicious ActiveDirectory Enumeration Via AdFind.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Python Initiated Connection
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Recon Activity via SASec
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Recon Command Output Piped To Findstr.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1057
·
Share on:
twitter
facebook
linkedin
copy
Reconnaissance Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
attack.t1069.002
attack.s0039
·
Share on:
twitter
facebook
linkedin
copy
Remote Event Log Recon
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Remote Registry Recon
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Remote Schedule Task Recon via AtScv
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Remote Schedule Task Recon via ITaskSchedulerService
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Renamed Remote Utilities RAT (RURAT) Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.collection
attack.command-and-control
attack.discovery
attack.s0592
·
Share on:
twitter
facebook
linkedin
copy
Renamed Whoami Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
SAM Registry Hive Handle Request
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.credential-access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
SCM Database Handle Failure
calendar
Aug 12, 2024
·
attack.discovery
attack.t1010
·
Share on:
twitter
facebook
linkedin
copy
Security Privileges Enumeration Via Whoami.EXE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Share And Session Enumeration Using Net.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
SharpHound Recon Account Discovery
calendar
Aug 12, 2024
·
attack.t1087
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Source Code Enumeration Detection by Keyword
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Hostname
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Systeminfo
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Information for SMB Share
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Information for SMB Share - PowerShell Module
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Local Groups Information
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Local Groups Information - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GPO Discovery With Get-GPO
calendar
Aug 12, 2024
·
attack.discovery
attack.t1615
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Group And Account Reconnaissance Activity Using Net.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Kernel Dump Using Dtrace
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Command
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection to IP Lookup Service APIs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Get Current User
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Discovery With Get-Process
calendar
Aug 12, 2024
·
attack.discovery
attack.t1057
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Query of MachineGUID
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reconnaissance Activity Using Get-LocalGroupMember Cmdlet
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reconnaissance Activity Via GatherNetworkInfo.VBS
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1615
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scan Loop Network
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of PsLogList
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087
attack.t1087.001
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Where Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1217
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsService Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsSuspend Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
SysKey Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Discovery Via Default Driver Altitude Using Findstr.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
System and Hardware Information Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery - Auditd
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Via Sysctl - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1497.001
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery Via Net.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
System Network Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059
attack.lateral-movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Use Get-NetTCPConnection
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
Use Get-NetTCPConnection - PowerShell Module
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
Use of W32tm as Timer
calendar
Aug 12, 2024
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
User Discovery And Export Via Get-ADUser Cmdlet
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
User Discovery And Export Via Get-ADUser Cmdlet - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
WannaCry Ransomware Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
attack.discovery
attack.t1083
attack.defense-evasion
attack.t1222.001
attack.impact
attack.t1486
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
WhoAmI as Parameter
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami Utility Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Windows Pcap Drivers
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Execution of SOAPHound Tool with Specific Arguments
calendar
Aug 10, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Using explorer.exe to open a file explorer folder via command prompt
calendar
Aug 10, 2024
·
attack.Discovery
attack.T1135
·
Share on:
twitter
facebook
linkedin
copy
Enumerating Domain Trust Relationships with Nltest.exe
calendar
Mar 26, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Whoami Recon Writing Output to File
calendar
Mar 26, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.discovery
attack.t1087
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
AdFind Discovery
calendar
Feb 23, 2024
·
attack.discovery
attack.t1018
attack.t1482
attack.t1069.002
attack.t1087.002
attack.s0552
·
Share on:
twitter
facebook
linkedin
copy
Invoke-ShareFinder Discovery Activity
calendar
Feb 23, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
Invoke-ShareFinder Discovery Activity
calendar
Feb 23, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
List remote processes using tasklist
calendar
Feb 23, 2024
·
attack.discovery
attack.t1057
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Registry Query for WDigest
calendar
Feb 23, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Viewing remote directories
calendar
Feb 23, 2024
·
attack.discovery
attack.t1083
dist.public
·
Share on:
twitter
facebook
linkedin
copy
NetScan Share Enumeration Write Access Check
calendar
Jan 29, 2024
·
attack.discovery
attack.t1135
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Domain User Enumeration Network Recon 01
calendar
Oct 18, 2023
·
attack.discovery
attack.t1087.002
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Arguments from Explorer or Wermgr
calendar
Sep 1, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
SocGholish NLTest Domain Trust Enumeration (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
SocGholish Script File Whoami Output to File (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Account Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1592
·
Share on:
twitter
facebook
linkedin
copy
Enumeration via the Global Catalog
calendar
Apr 21, 2023
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Network Scans Count By Destination IP
calendar
Apr 21, 2023
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Network Scans Count By Destination Port
calendar
Apr 21, 2023
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Potential Backup Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1580
·
Share on:
twitter
facebook
linkedin
copy
Potential Network Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Potential Storage Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1619
·
Share on:
twitter
facebook
linkedin
copy
Reconnaissance Activity Using BuiltIn Commands
calendar
Apr 21, 2023
·
attack.discovery
attack.t1087
attack.t1082
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Driverquery Lookup
calendar
Jan 9, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Nslookup Local
calendar
Jan 9, 2023
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
System Time Lookup
calendar
Jan 9, 2023
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
CHCP CodePage Locale Lookup
calendar
Jan 8, 2023
·
attack.discovery
attack.t1614.001
·
Share on:
twitter
facebook
linkedin
copy
Emotet Child Process Spawn Pattern
calendar
Jan 8, 2023
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
to-top