New Deployed Rules
NTFS: 1. Volume Shadow Copy Mount PowerShell Script 2. Code Executed Via Office Add-in XLL File 3. Potential Invoke-Mimikatz PowerShell Script 4. Tamper Windows Defender Remove-MpPreference – ScriptBlockLogging 5. Abuse of Service Permissions to Hide Services Via Set-Service – PS Process Access 6. WerFault Accessing LSASS 7. LSASS Memory Dump 8. HandleKatz Duplicating LSASS Handle […]
