New Deployed Rules
Process CreationSuspicious Execution Location Of Wermgr.EXEPotential CVE-2023-36874 Exploitation – Fake Wermgr ExecutionNetwork Reconnaissance ActivityNode Process ExecutionsNslookup PowerShell Download Cradle – Process CreationSuspicious Usage Of Active Directory Diagnostic Tool (ntdsutil.exe)Harvesting Of Wifi Credentials Via Netsh.EXENew Port Forwarding Rule Added Via Netsh.EXXNew Network Trace Capture Started Via Netsh.EXEFirewall Rule Deleted Via Netsh.EXEPotential Recon Activity Via Nltest.EXEPotential Arbitrary […]
New Deployed Rules
Account ManagementOutgoing Logon with New CredentialsRottenPotato Like Attack PatternScanner PoC for CVE-2019-0708 RDP RCE Vuln File EventWebDAV Temporary Local File CreationSCR File Write Event Image LoadMicrosoft Office DLL Sideload Kernel-GeneralQuarksPwDump Clearing Access History Network Share ObjectRemote Task Creation via ATSVC Named PipeRemote Service Activity via SVCCTL Named PipeTransferring Files with Credential Data via Network SharesFirst […]
