Blue Team peeps. I've got a favor to ask. Do you have any screenshots of adversary activity you could share with me? Redacted where necessary, of course. I'm trying to help a friend out with a presentation they're giving. The person who was supposed to help her is in the hospital
-
-
Funny enough, I'm working on a list of logon event types to watch for. One of my usual indicators is attempts at Type 2 logon from service accounts or interactive logon from workstation to workstation. Outside of Help Desk/IT, I consider it anomalous behavior most places
-
this is a collection of sysmon logs from a blog post I wrote. first image are command line args from calling powershell, 2nd and 3rd images are analysis of the scripts in cyberchef, 4th image is analysis of the shellcode that the powershell script is attempting to deliver.pic.twitter.com/txF2b8rKSl
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.