attack.t1020 | Detection.FYI

PowerShell Script With File Hostname Resolving Capabilities
May 9, 2023 · attack.exfiltration attack.t1020 ·
Share on:
Detects PowerShell scripts that have capabilities to read files, loop through them and resolve DNS host entries.

Read More
PowerShell Script With File Upload Capabilities
May 9, 2023 · attack.exfiltration attack.t1020 ·
Share on:
Detects PowerShell scripts leveraging the "Invoke-WebRequest" cmdlet to send data via either "PUT" or "POST" method.

Read More
AWS RDS Master Password Change
Oct 25, 2022 · attack.exfiltration attack.t1020 ·
Share on:
Detects the change of database master password. It may be a part of data exfiltration.

Read More
Restore Public AWS RDS Instance
Oct 9, 2022 · attack.exfiltration attack.t1020 ·
Share on:
Detects the recovery of a new public database instance from a snapshot. It may be a part of data exfiltration.

Read More
Suspicious Inbox Forwarding
Oct 9, 2022 · attack.exfiltration attack.t1020 ·
Share on:
Detects when a Microsoft Cloud App Security reported suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.

Read More