Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_enable_susp_windows_optional_feature/
Potential Suspicious Windows Feature Enabled - ProcCreation | Detection.FYI
Detects usage of the built-in PowerShell cmdlet
potential suspiciouswindows featuredetection fyienabled
https://detection.fyi/sigmahq/sigma/windows/powershell/powershell_script/posh_ps_enable_susp_windows_optional_feature/
Potential Suspicious Windows Feature Enabled | Detection.FYI
Detects usage of the built-in PowerShell cmdlet
potential suspiciouswindows featuredetection fyienabled
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_reg_windows_defender_tamper/
Suspicious Windows Defender Registry Key Tampering Via Reg.EXE | Detection.FYI
Detects the usage of
exe detection fyisuspicious windowsregistry keytampering viadefender
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_susp_service_tamper/
Suspicious Windows Service Tampering | Detection.FYI
Detects the usage of binaries such as 'net', 'sc' or 'powershell' in order to stop, pause, disable or delete critical or important Windows services such as AV,...
suspicious windowsdetection fyiservicetampering