Sponsor of the Day:
Jerkmate
https://detection.fyi/mbabinski/sigma-rules/2023_redcanary_threatdetectionreport/technique_wmi_unusual_module_loads/
WMIC Unusual Module Loads (RedCanary Threat Detection Report) | Detection.FYI
Detects the wmic process module loads potentially to perform application control bypasses. Part of the RedCanary 2023 Threat Detection Report.
redcanary threat detectionwmicunusualmoduleloads
https://detection.fyi/mbabinski/sigma-rules/2023_redcanary_threatdetectionreport/threat_gootloader_appdata_js_execution/
Gootloader JavaScript Execution in AppData Folder (RedCanary Threat Detection Report) |...
Detects execution of JavaScript (.js) files located in the AppData folder. Part of the RedCanary 2023 Threat Detection Report.
redcanary threat detectionjavascript executionappdatafolderreport
https://detection.fyi/mbabinski/sigma-rules/2023_redcanary_threatdetectionreport/technique_smb_win_admin_shares_process_execution/
Process Execution from Admin Share (RedCanary Threat Detection Report) | Detection.FYI
Detects processes executing from an Admin Share. Part of the RedCanary 2023 Threat Detection Report.
redcanary threat detectionprocess executionadminsharereport