Example Rule Below is an example Sigma rule to detect file or folder permission changes: title: File or Folder Permissions Change id: 74c01ace-0152-4094-8ae2-6fd776dd43e5 status: test description...

“A threat-hunting hypothesis, much like a scientific hypothesis, is a statement of an idea or explanation to test against data.”[1] the three threat hunting hypotesis Threat intelligence-based...

Questions an investogation tries to answer: Who (Source IP and port) What (Data/payload) Where (Destination IP and port) When (Time and data) Why (How/What happen...

installation # PowerShell Import-Module "invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force $PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="AtomicRedTeam\atomics"} How...

How to Install Attack Range Create an attack_config.yml build the environment start your tests stop the environment optional: destroy your environment Basic commands #Builds a new ...

Execute chainsaw # mapping is a folder from chainsaw github ./chainsaw hunt -r rules/ evtx_attack_samples -s sigma/rules --mapping mappings/sigma-event-logs-all.yml --level critical Install # c...

Features Proxy allows to intercept and modify requests/response Repeater allows to capture, modify, then resend the same request numerous times Intrude...

Findings in Splunk Enterprise Security (ES) Findings in Splunk Enterprise Security (ES) are security-related events that require further investigation or action by security analysts. These notable...

Jobs # putting the current application in the background [control]+z - Application in the background jobs - Show Backgroundjobs fg - Application to Foreground (fg) bg ...