Detects external IP address lookups by non-browser processes via services such as "api.ipify.org". This could be indicative of potential post compromise internet test activity.

Read More

Detects nltest commands that can be used for information discovery

Read More

Detects nltest commands that can be used for information discovery

Read More

Detects the execution of rundll32 that leads to system discovery activity, such as incl. network, user info and domain groups. The malware Pikabot has been seen to use this technique as part of its C2-botnet registration with a short collection time frame (less than 1 minute).

Read More

Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems

Read More

Detects network enumeration performed on AWS.

Read More

Detects enumeration of local network configuration

Read More

Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems

Read More

Detects use of nslookup to look up the local nameserver as part of host discovery

Read More

Find information about network devices that is not stored in config files

Read More

Detects enumeration of local network configuration

Read More