Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_enable_susp_windows_optional_feature/
Potential Suspicious Windows Feature Enabled - ProcCreation | Detection.FYI
Detects usage of the built-in PowerShell cmdlet
potential suspiciouswindows featuredetection fyienabled
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_enable_susp_windows_optional_feature/
Potential Suspicious Windows Feature Enabled | Detection.FYI
Detects usage of the built-in PowerShell cmdlet
potential suspiciouswindows featuredetection fyienabled
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_secedit_execution/
Potential Suspicious Activity Using SeCEdit | Detection.FYI
Detects potential suspicious behaviour using secedit.exe. Such as exporting or modifying the security policy
potential suspiciousactivity usingdetection fyi