open-menu
closeme
JavaScript Execution Using MSDOS 8.3 File Notation
calendar
Feb 26, 2024
·
attack.defense_evasion
attack.t1059
dist.public
·
Share on:
twitter
facebook
linkedin
copy
AdFind Discovery
calendar
Feb 23, 2024
·
attack.discovery
attack.t1018
attack.t1482
attack.t1069.002
attack.t1087.002
attack.s0552
·
Share on:
twitter
facebook
linkedin
copy
AteraAgent malicious installations
calendar
Feb 23, 2024
·
attack.execution
attack.t1059.006
·
Share on:
twitter
facebook
linkedin
copy
Custom Cobalt Strike Command Execution
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Deleting Windows Defender scheduled tasks
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Exchange Webshell creation
calendar
Feb 23, 2024
·
attack.t1505.003
attack.persistence
attack.t1190
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Execution of ZeroLogon PoC executable
calendar
Feb 23, 2024
·
attack.execution
attack.lateral_movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
FlawedGrace spawning threat injection target
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1055
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Hiding local user accounts
calendar
Feb 23, 2024
·
attack.t1564.002
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Lazagne dumping credentials
calendar
Feb 23, 2024
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
List remote processes using tasklist
calendar
Feb 23, 2024
·
attack.discovery
attack.t1057
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Operator Bring Your Own Tools
calendar
Feb 23, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
QBot process creation from scheduled task REGSVR32 (regsvr32.exe), -s flag and SYSTEM in the command line
calendar
Feb 23, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Registry Query for WDigest
calendar
Feb 23, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Uninstall Windows Feature - Defender
calendar
Feb 23, 2024
·
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Viewing remote directories
calendar
Feb 23, 2024
·
attack.discovery
attack.t1083
dist.public
·
Share on:
twitter
facebook
linkedin
copy
WinEvent Security Query
calendar
Feb 23, 2024
·
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Enable WDigest using PowerShell
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling RDP service via reg.exe command execution
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.lateral_movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling restricted admin mode
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation to execute LOLbins
calendar
Feb 22, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Conhost Suspicious Command Execution
calendar
Nov 1, 2023
·
attack.defense_evasion
attack.t1564.003
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Adding, Listing and Removing Credentials via Cmdkey CommandLine Ultility
calendar
Oct 30, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
NIM Pass The Hash Tooling Detection
calendar
Oct 30, 2023
·
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
Renamed Autohotkey Binary
calendar
Feb 6, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Driverquery Lookup
calendar
Jan 9, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Mshta Executing from Registry
calendar
Jan 9, 2023
·
attack.defense_evasion
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Nslookup Local
calendar
Jan 9, 2023
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
System Time Lookup
calendar
Jan 9, 2023
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Loader
calendar
Jan 9, 2023
·
Share on:
twitter
facebook
linkedin
copy
Default Account Usage
calendar
Jan 8, 2023
·
attack.t1136
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Custom Named Service Binary
calendar
Jan 8, 2023
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Jan 8, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Bumblebee WmiPrvSE execution pattern
calendar
Jan 8, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
CHCP CodePage Locale Lookup
calendar
Jan 8, 2023
·
attack.discovery
attack.t1614.001
·
Share on:
twitter
facebook
linkedin
copy
Emotet Child Process Spawn Pattern
calendar
Jan 8, 2023
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Command Line With Ticket Export
calendar
Jan 8, 2023
·
attack.credential_access
attack.t1003
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
MOFComp Execution
calendar
Jan 8, 2023
·
attack.execution
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
SplashTop Process
calendar
Jan 8, 2023
·
attack.lateral_movement
attack.t1133
attack.command_and_control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands by SQL Server
calendar
Jan 8, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
to-top