WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. The checks are explained on book.hacktricks.xyz
Read MoreDetects usage of the PsLogList utility to dump event log in order to extract admin accounts and perform account discovery or delete events logs
Read MoreDetects the execution of the PUA/Recon tool Seatbelt via PE information of command line parameters
Read MoreDetects patterns found in process executions cause by China Chopper like tiny (ASPX) webshells
Read MoreDetects certain command line parameters often used during reconnaissance activity via web shells
Read MoreDetects certain parent child patterns found in cases in which a webshell is used to perform certain credential dumping or exfiltration activities on a compromised system
Read MoreDetects remote RPC calls useb by SharpHound to map remote connections and local group membership.
Read More