Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.
This project simulates a Tier 1 SOC investigation using Splunk. The investigation focuses on a high-severity alert involving suspicious login activity, obfuscated PowerShell execution, and outbound ...
description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...