Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.
This project simulates a Tier 1 SOC investigation using Splunk. The investigation focuses on a high-severity alert involving suspicious login activity, obfuscated PowerShell execution, and outbound ...
description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results