Detects Commandlet names from well-known PowerShell exploitation frameworks

Detects Commandlet names from well-known PowerShell exploitation frameworks

Detects Commandlet names from well-known PowerShell exploitation frameworks

WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on book.hacktricks.xyz

Detects a set of suspicious network related commands often used in recon stages

Detects usage of the PsLogList utility to dump event log in order to extract admin accounts and perform account discovery or delete events logs

Detects the execution of the PUA/Recon tool Seatbelt via PE information of command line parameters

Detects patterns found in process executions cause by China Chopper like tiny (ASPX) webshells

This events that are generated when using the hacktool Ruler by Sensepost

Detects certain command line parameters often used during reconnaissance activity via web shells

Detects certain parent child patterns found in cases in which a webshell is used to perform certain credential dumping or exfiltration activities on a compromised system

Detects remote RPC calls useb by SharpHound to map remote connections and local group membership.

Detects Emotet Spawning ipconfig and systeminfo.