open-menu
closeme
Direct Syscall of NtOpenProcess
calendar
Mar 23, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via CommandLine
calendar
Mar 5, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RedMimicry Winnti Playbook Execution
calendar
Mar 2, 2023
·
attack.execution
attack.defense_evasion
attack.t1106
attack.t1059.003
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mshta.EXE Execution Patterns
calendar
Feb 22, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike BOF Injection Pattern
calendar
Feb 1, 2023
·
attack.execution
attack.t1106
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via PowerShell Scripts
calendar
Jan 9, 2023
·
attack.execution
attack.t1059.001
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
WinDbg/CDB LOLBIN Usage
calendar
Jan 4, 2023
·
attack.execution
attack.t1106
attack.defense_evasion
attack.t1218
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Named Pipes
calendar
Oct 26, 2022
·
attack.g0010
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
HandleKatz Duplicating LSASS Handle
calendar
Oct 26, 2022
·
attack.execution
attack.t1106
attack.defense_evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
BPFDoor Abnormal Process ID or Lock File Accessed
calendar
Oct 25, 2022
·
attack.execution
attack.t1106
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
to-top