Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_vulnerable_driver_blocklist_registry_tampering/
Vulnerable Driver Blocklist Registry Tampering Via CommandLine | Detection.FYI
Detects tampering of the Vulnerable Driver Blocklist registry via command line tools such as PowerShell or REG.EXE. The Vulnerable Driver Blocklist is a …
commandline detection fyitampering viavulnerabledriverblocklist
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_credential_guard_registry_tampering/
Windows Credential Guard Registry Tampering Via CommandLine | Detection.FYI
Detects attempts to add, modify, or delete Windows Credential Guard related registry keys or values via command line tools such as Reg.exe or PowerShell. …
commandline detection fyiwindows credentialtampering viaguardregistry
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_registry_special_accounts_hide_user/
Hiding User Account Via SpecialAccounts Registry Key - CommandLine | Detection.FYI
Detects changes to the registry key
commandline detection fyiuser accountregistry keyhidingvia
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_susp_cli_obfuscation_escape_char/
Potential Commandline Obfuscation Using Escape Characters | Detection.FYI
Detects potential commandline obfuscation using known escape characters
escape charactersdetection fyipotentialcommandlineobfuscation