script detection fyi - Robuta Search

https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_x509enrollment/ Suspicious X509Enrollment - Ps Script | Detection.FYI Detect use of X509Enrollment script detection fyi suspicious ps https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_download_com_cradles/ Potential COM Objects Download Cradles Usage - PS Script | Detection.FYI Detects usage of COM objects that can be abused to download files in PowerShell by CLSID script detection fyi objects download potential cradles usage https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_potential_invoke_mimikatz/ Potential Invoke-Mimikatz PowerShell Script | Detection.FYI Detects Invoke-Mimikatz PowerShell script and alike. Mimikatz is a credential dumper capable of obtaining plaintext Windows account logins and passwords. script detection fyi potential invoke mimikatz powershell https://detection.fyi/joesecurity/sigma-rules/executescriptwithspoofedextension/ Execute Script with spoofed extension | Detection.FYI Execute Script with spoofed extension extension detection execute script spoofed fyi https://detection.fyi/joesecurity/sigma-rules/winworddropsscriptinstartup/ Winword Drops Script In Startup | Detection.FYI Winword.exe drops script file in startup location startup detection fyi drops script https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_wscript_cscript_dropper/ Potential Dropper Script Execution Via WScript/CScript | Detection.FYI Detects wscript/cscript executions of scripts located in user directories script execution detection fyi potential dropper via https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_veeam_credential_dumping_script/ Veeam Backup Servers Credential Dumping Script Execution | Detection.FYI Detects execution of a PowerShell script that contains calls to the execution detection fyi veeam backup credential dumping servers script https://detection.fyi/sigmahq/sigma/linux/process_creation/proc_creation_lnx_susp_script_interpretor_spawn_credential_scanner/ Script Interpreter Spawning Credential Scanner - Linux | Detection.FYI Detects a script interpreter process (like node.js or bun) spawning a known credential scanning tool (e.g., trufflehog, gitleaks). This behavior is indicative … linux detection fyi script interpreter spawning credential