open-menu
closeme
WinEvent Security Query
calendar
Apr 2, 2023
·
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
User Discovery And Export Via Get-ADUser Cmdlet
calendar
Mar 5, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Group Membership Reconnaissance Via Whoami.EXE
calendar
Feb 28, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Security Privileges Enumeration Via Whoami.EXE
calendar
Feb 28, 2023
·
attack.privilege_escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Whoami.EXE Execution From Privileged Process
calendar
Feb 28, 2023
·
attack.privilege_escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Whoami Utility Execution
calendar
Feb 28, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution Anomaly
calendar
Feb 28, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Whoami.EXE Execution
calendar
Feb 28, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Local Accounts Discovery
calendar
Feb 21, 2023
·
attack.discovery
attack.t1033
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Computer Discovery And Export Via Get-ADComputer Cmdlet
calendar
Feb 13, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpView Execution
calendar
Feb 13, 2023
·
attack.discovery
attack.t1049
attack.t1069.002
attack.t1482
attack.t1135
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpLdapWhoami Execution
calendar
Feb 6, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Chopper Webshell Process Pattern
calendar
Feb 1, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Computer Discovery And Export Via Get-ADComputer Cmdlet - PowerShell
calendar
Feb 1, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Renamed Whoami Execution
calendar
Feb 1, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
User Discovery And Export Via Get-ADUser Cmdlet - PowerShell
calendar
Feb 1, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Webshell Detection With Command Line Keywords
calendar
Feb 1, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell Hacking Activity Patterns
calendar
Feb 1, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
WhoAmI as Parameter
calendar
Feb 1, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Get-ADUser Enumeration Using UserAccountControl Flags
calendar
Jan 27, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Possible DCSync Attack
calendar
Jan 27, 2023
·
attack.t1033
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
SharpHound Recon Sessions
calendar
Jan 27, 2023
·
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Cisco Discovery
calendar
Jan 4, 2023
·
attack.discovery
attack.t1083
attack.t1201
attack.t1057
attack.t1018
attack.t1082
attack.t1016
attack.t1049
attack.t1033
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Get Current User
calendar
Jan 4, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
System Owner or User Discovery
calendar
Oct 25, 2022
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
to-top