open-menu
closeme
Exchange Mailbox Export via PowerShell
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Keylogging Script
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Mailbox Collection Script
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Data Source: PowerShell Logs
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script with Webcam Video Capture Capabilities
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Share Enumeration Script
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Tactic: Collection
Tactic: Execution
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Suspicious Discovery Related Windows API Functions
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Tactic: Collection
Tactic: Execution
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Suspicious Script with Audio Capture Capabilities
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Suspicious Script with Clipboard Retrieval Capabilities
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Data Source: PowerShell Logs
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Suspicious Script with Screenshot Capabilities
calendar
Oct 28, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
Linux Clipboard Activity Detected
calendar
Oct 18, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Collection
Data Source: Elastic Defend
Data Source: Elastic Endgame
Data Source: Auditd Manager
·
Share on:
twitter
facebook
linkedin
copy
Encrypting Files with WinRar or 7z
calendar
Oct 15, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Exporting Exchange Mailbox via PowerShell
calendar
Oct 15, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: SentinelOne
Data Source: Microsoft Defender for Endpoint
Data Source: System
·
Share on:
twitter
facebook
linkedin
copy
Google Drive Ownership Transferred via Google Workspace
calendar
Sep 25, 2024
·
Domain: Cloud
Data Source: Google Workspace
Tactic: Collection
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Custom Gmail Route Created or Modified
calendar
Sep 25, 2024
·
Domain: Cloud
Data Source: Google Workspace
Tactic: Collection
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inter-Process Communication via Outlook
calendar
Jul 3, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Full Network Packet Capture Detected
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
Azure Event Hub Authorization Rule Created or Updated
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Azure
Use Case: Log Auditing
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
GCP Pub/Sub Subscription Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: GCP
Data Source: Google Cloud Platform
Use Case: Log Auditing
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
GCP Pub/Sub Topic Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: GCP
Data Source: Google Cloud Platform
Use Case: Log Auditing
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Inbox Forwarding Rule Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
Sensitive Files Compression
calendar
May 22, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Collection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Sensitive Files Compression Inside A Container
calendar
May 22, 2024
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Collection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
to-top