Sponsor of the Day:
Jerkmate
https://detection.fyi/joesecurity/sigma-rules/winworddropsscriptinstartup/
Winword Drops Script In Startup | Detection.FYI
Winword.exe drops script file in startup location
startup detection fyidropsscript
https://detection.fyi/sigmahq/sigma/windows/registry/registry_set/registry_set_disable_administrative_share/
Disable Administrative Share Creation at Startup | Detection.FYI
Administrative shares are hidden network shares created by Microsoft Windows NT operating systems that grant system administrators remote access to every disk …
startup detection fyidisableadministrativesharecreation
https://detection.fyi/joesecurity/sigma-rules/powershellcreatelnkinstartup/
Powershell create lnk in startup | Detection.FYI
Powershell create lnk in startup
startup detection fyipowershellcreatelnk