Tactic: Resource Development | Detection.FYI

AWS SNS Topic Created by Rare User

Feb 20, 2025 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS SNS Resources: Investigation Guide Use Case: Threat Detection Tactic: Resource Development ·
Share on:

Identifies when an SNS topic is created by a user who does not typically perform this action. Adversaries may create SNS topics to stage capabilities for data exfiltration or other malicious activities.

Read More
Anomalous Linux Compiler Activity

Jan 22, 2025 · Domain: Endpoint OS: Linux Use Case: Threat Detection Rule Type: ML Rule Type: Machine Learning Tactic: Resource Development Resources: Investigation Guide ·
Share on:

Looks for compiler activity by a user context which does not normally run compilers. This can be the result of ad-hoc software changes or unauthorized software deployment. This can also be due to local privilege elevation via locally run exploits or malware activity.

Read More