Twitter | Pretraživanje | |
SwiftOnSecurity
My Sysmon config sees the shell/open reg key being written, if you want to alert on this. /cc
Reply Retweet Označi sa "sviđa mi se" More
SwiftOnSecurity 2. velj
Odgovor korisniku/ci @SwiftOnSecurity
If you understand the leverage patterns in a system, attackers can develop new methods and you can still catch them, years ahead of time.
Reply Retweet Označi sa "sviđa mi se"
SwiftOnSecurity 2. velj
Odgovor korisniku/ci @SwiftOnSecurity
<TargetObject name="T1042" condition="contains">\command\</TargetObject> <!--Windows: Sensitive sub-key under file associations and CLSID that map to launch command-->
Reply Retweet Označi sa "sviđa mi se"
SkelSec 2. velj
Odgovor korisniku/ci @SwiftOnSecurity @cyb3rops
My sysmon brings all the boys to the yard
Reply Retweet Označi sa "sviđa mi se"