open-menu
closeme
Deleting Windows Defender scheduled tasks
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabling Python warnings for executing untrusted code
calendar
Aug 10, 2024
·
attack.Defense-Evansion
attack.T1562.001
·
Share on:
twitter
facebook
linkedin
copy
Enabling RDP service via reg.exe command execution
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.lateral_movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling restricted admin mode
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HH.exe LOLBA executing .chm files
calendar
Aug 10, 2024
·
attack.Compiled.HTML.File
attack.T1218.001
·
Share on:
twitter
facebook
linkedin
copy
Hiding local user accounts
calendar
Aug 10, 2024
·
attack.hidden.users
attack.T1564.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell AMSI Bypass Pattern
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Using Emojis to evade detection
calendar
Aug 10, 2024
·
( ͡° ͜ʖ ͡°)
·
Share on:
twitter
facebook
linkedin
copy
Using explorer.exe to open a file explorer folder via command prompt
calendar
Aug 10, 2024
·
attack.Discovery
attack.T1135
·
Share on:
twitter
facebook
linkedin
copy
Using Lazagne to dump credentials
calendar
Aug 10, 2024
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Using powershell specific download cradle OneLiner
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
T1059.001
·
Share on:
twitter
facebook
linkedin
copy
to-top