Contact DMCA Privacy

Robuta

Sponsor of the Day: Jerkmate
https://detection.fyi/tags/attack.discovery/ attack.discovery | Detection.FYI discovery detection fyiattack https://detection.fyi/sigmahq/sigma/linux/process_creation/proc_creation_lnx_remote_system_discovery/ Linux Remote System Discovery | Detection.FYI Detects the enumeration of other remote systems. discovery detection fyilinux remotesystem https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_notepad_local_passwd_discovery/ Notepad Password Files Discovery | Detection.FYI Detects the execution of Notepad to open a file that has the string discovery detection fyinotepadpasswordfiles https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_computer_discovery_get_adcomputer/ Computer Discovery And Export Via Get-ADComputer Cmdlet - PowerShell | Detection.FYI Detects usage of the Get-ADComputer cmdlet to collect computer information and output it to a file powershell detection fyicomputerdiscoveryexportvia https://detection.fyi/sigmahq/sigma/linux/process_creation/proc_creation_lnx_local_groups/ Local Groups Discovery - Linux | Detection.FYI Detects enumeration of local system groups. Adversaries may attempt to find local system groups and permission settings linux detection fyilocal groupsdiscovery https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_netsh_fw_rules_discovery/ Firewall Configuration Discovery Via Netsh.EXE | Detection.FYI Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems exe detection fyifirewall configurationdiscovery vianetsh https://detection.fyi/mbabinski/sigma-rules/2024_cicada3301_ransomware/proc_creation_win_hyperv_stopvm/ Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets | Detection.FYI Detects powershell process used to find and shut down local Hyper-V VMs using the Stop-VM cmdlet, as documented in the 2024 Morphisec report on Cicada3301 … hyper v virtualvia powershelldetection fyimachinediscovery