keep Your Credentials Safe: Hunting Spraykatz with Sysmon
Hackers use the Spraykatz tool to harvest credentials when they are conducting lateral movements. Lateral movement is when a cyber-attacker…
Read more
Detect F5 BIG-IP Critical Vulnerability Exploitation Attempt with Free Sigma Detection Rule
To apply this detection rule, you can convert it to your SIEM language. It is also recommended to update…
Detect Indicator Blocking with these free splunk Detection Rules
An adversary may attempt to block indicators or events typically captured by sensors from being gathered and analyzed. This could…
Detect Hidden Windows with this free Splunk Detection Rule
Adversaries may implement hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that…
Detect Hidden Files and Directories with this free Splunk Detection Rule
To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a…
Detect File Deletion with these free Splunk Detection Rules
Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as…
Detect File and Directory Permissions Modification with this free Splunk Detection Rule
File and directory permissions are commonly managed by discretionary access control lists (DACLs) specified by the file or directory owner.…