833da1bbae
Merge pull request #365 from r0ny123/patch-1
...
Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Movement.md
2021-06-24 12:39:41 +03:00
17cc33beb9
Merge pull request #366 from dreadphones/patch-11
...
Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Moveme…
2021-06-23 09:35:57 -07:00
fe92fe5d1a
Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Movement.md
2021-06-23 09:08:38 -07:00
db477fe670
fix typo
2021-06-23 16:11:50 +05:30
db96e2b283
Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Movement.md
2021-06-23 12:51:28 +05:30
715bd2b37e
Merge pull request #364 from dreadphones/patch-10
...
Bazacall campaign queries
2021-06-22 11:55:47 -07:00
9939c96df9
Create NTDS theft.md
2021-06-22 11:54:07 -07:00
80fbefdfca
Create Cobalt Strike Lateral Movement
2021-06-22 11:51:31 -07:00
5e5627f7ed
Create Renamed Rclone Exfil.md
2021-06-22 11:40:16 -07:00
125f8aaed6
Create Excel Macro Execution.md
2021-06-22 11:33:50 -07:00
42e9a42af9
Create Malicious Excel Delivery.md
2021-06-22 11:31:02 -07:00
2b56a58d58
Create Bazacall Emails.md
2021-06-22 11:25:39 -07:00
f20c3affe0
Merge pull request #362 from martyav/patch-1
...
Update snip3-malicious-network-connectivity.md
2021-06-21 15:10:20 -07:00
e8a240c96b
specified that app armore is specific to linux
2021-06-21 18:06:58 -04:00
58e15cc5c9
Update snip3-malicious-network-connectivity.md
...
typo in query
2021-06-21 17:09:31 -04:00
76b3d2c7fe
Add files via upload
2021-06-20 08:40:59 +03:00
7c10b38dfe
Delete Microsoft 365 Defender - API Dashboard.pbit
2021-06-20 08:40:47 +03:00
41cdf436bb
title
2021-06-17 14:04:25 -04:00
7840720c34
created sysrv queries
2021-06-16 12:01:11 -04:00
d3f1d6237d
Merge pull request #360 from martyav/Jupyter-SolarMarker
...
moved jupyter/solarmaker files to new dir
2021-06-11 12:31:19 -07:00
24d205c12d
moved to new dir
2021-06-11 15:27:40 -04:00
0ee34f3574
Merge pull request #358 from martyav/cypherpunk-queries
...
title added to cypherpunk queries
2021-06-11 12:22:15 -07:00
7fb4977695
Merge pull request #359 from martyav/Jupyter-SolarMarker
...
jupyter/solarmarker queries
2021-06-11 11:14:26 -07:00
02f0f9d262
jupyter/solarmarker queries
2021-06-11 12:35:52 -04:00
d7c865f5ff
title added to cypherpunk queries
2021-06-11 11:34:56 -04:00
da2b2f62d0
Merge pull request #357 from martyav/cypherpunk-queries
...
cypherpunk related queries added
2021-06-11 08:16:10 -07:00
d6da8647e4
Merge pull request #356 from YoshihiroIchinose/patch-3
...
Update Device uptime calculation.md
2021-06-09 12:50:32 +03:00
08f6e08fa8
Update Device uptime calculation.md
...
I modified a previous query in a way of avoiding use of partitions. So now this query works for an environment with over 64 devices without device filters. And I modified this to consider changes of “LoggedOnUsers” in periodic DeviceInfo entries.
2021-06-09 15:02:38 +09:00
40a38d541d
updated per justin carroll's suggestions
2021-06-08 13:58:26 -04:00
08bfb3c13e
Update Device uptime calculation.md
...
I modified a previous query in a way of avoiding use of partitions. So now this query works for an environment with over 64 devices without device filters.
2021-06-08 16:06:25 +09:00
0f25b72e72
cypherpunk related queries added
2021-06-07 16:59:01 -04:00
5753181cf0
Merge pull request #355 from microsoft/endisphotic-ransomware-update
...
Endisphotic ransomware update
2021-06-03 13:53:40 -07:00
83bd748795
Update Suspicious Bitlocker Encryption.md
2021-06-03 13:48:37 -07:00
4fe6e39ea7
Update LaZagne Credential Theft.md
2021-06-03 13:48:13 -07:00
a70be3349f
Update IcedId attachments.md
2021-06-03 13:47:52 -07:00
21a4f05e1d
Update Gootkit File Delivery.md
2021-06-03 13:47:29 -07:00
49823d63f8
Update File Backup Deletion Alerts.md
2021-06-03 13:47:12 -07:00
6b9d15b001
Update Distribution from remote location.md
2021-06-03 13:46:49 -07:00
c3190abb0a
Update DarkSide.md
2021-06-03 13:46:27 -07:00
9a9dd3ccbb
Create Qakbot discovery activies.md
2021-06-03 13:46:08 -07:00
543ece0556
Create HTA Startup Persistence.md
2021-06-03 13:45:10 -07:00
5e22e4bff7
Create Discovery for highly-privileged accounts.md
2021-06-03 13:44:11 -07:00
186129a02d
Create Suspicious Google Doc Links.md
2021-06-03 13:43:07 -07:00
1cbb8fd2b5
Create Fake Replies.md
2021-06-03 13:42:00 -07:00
8a94bad2f2
Create Sticky Keys.md
2021-06-03 13:40:56 -07:00
9d067ae397
Create IcedId attachments.md
2021-06-03 13:39:04 -07:00
b95e22c2ef
Create Suspicious Image Load related to IcedId.md
2021-06-03 13:37:45 -07:00
54b620e971
Create IcedId Delivery.md
2021-06-03 13:36:25 -07:00
2249ad0ed8
Create IcedId email delivery.md
2021-06-03 13:35:27 -07:00
d4a94d2953
Create LaZagne Credential Theft.md
2021-06-03 13:34:30 -07:00
tali-ash
Justin C
dreadphones
Rony
Marty Hernandez Avedon
Dulce Montemayor
YoshihiroIchinose