|
@SwiftOnSecurity | |||||
|
If you understand the leverage patterns in a system, attackers can develop new methods and you can still catch them, years ahead of time.
|
||||||
|
||||||
|
SwiftOnSecurity
@SwiftOnSecurity
|
2. velj |
|
My Sysmon config sees the shell/open reg key being written, if you want to alert on this. /cc @cyb3rops twitter.com/teamcymru/stat…
|
||
|
|
||
|
SwiftOnSecurity
@SwiftOnSecurity
|
2. velj |
|
<TargetObject name="T1042" condition="contains">\command\</TargetObject> <!--Windows: Sensitive sub-key under file associations and CLSID that map to launch command--> pic.twitter.com/Lbne87ph84
|
||
|
|
||