open-menu
closeme
Microsoft Exchange Server UM Spawning Suspicious Processes
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Tactic: Lateral Movement
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Exchange Server UM Writing Suspicious Files
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Tactic: Lateral Movement
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Update Orchestrator Service Hijack
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Use Case: Vulnerability
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via InstallerFileTakeOver
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious JetBrains TeamCity Child Process
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Print Spooler File Deletion
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Print Spooler Point and Print DLL
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Print Spooler SPL File Created
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrintSpooler Service Executable File Creation
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Unusual Child Process of dns.exe
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Resources: Investigation Guide
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Modification by dns.exe
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Unusual Print Spooler Child Process
calendar
Apr 1, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601 - CurveBall)
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Use Case: Vulnerability
·
Share on:
twitter
facebook
linkedin
copy
Potential curl CVE-2023-38545 Exploitation
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Use Case: Vulnerability
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via CVE-2023-4911
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Enlightenment
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via OverlayFS
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Recently Compiled Executable
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Sudo Privilege Escalation via CVE-2019-14287
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
Use Case: Vulnerability
Data Source: Elastic Endgame
Data Source: Auditd Manager
·
Share on:
twitter
facebook
linkedin
copy
Potential Buffer Overflow Attack Detected
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Initial Access
Use Case: Vulnerability
Rule Type: Higher-Order Rule
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Credential Dumping via Proc Filesystem
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via PKEXEC
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privileged Escalation via SamAccountName Spoofing
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Use Case: Active Directory Monitoring
Data Source: Active Directory
Use Case: Vulnerability
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Code Execution via Web Server
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Initial Access
Data Source: Elastic Endgame
Use Case: Vulnerability
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process of Adobe Acrobat Reader Update Service
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious JAVA Child Process
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
TCC Bypass via Mounted APFS Snapshot Access
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Sudo Heap-Based Buffer Overflow Attempt
calendar
Jan 17, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Abnormally Large DNS Response
calendar
Oct 3, 2023
·
Use Case: Threat Detection
Tactic: Lateral Movement
Resources: Investigation Guide
Use Case: Vulnerability
·
Share on:
twitter
facebook
linkedin
copy
Potential JAVA/JNDI Exploitation Attempt
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Remote Computer Account DnsHostName Update
calendar
Aug 21, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Active Directory Monitoring
Data Source: Active Directory
Use Case: Vulnerability
·
Share on:
twitter
facebook
linkedin
copy
to-top