List Potential Adversary-in-the-middle Phishing
Description List potential adversary in the middle phishing attempts that have been identified by the OfficeHome application in combination with an empty
Read MoreWhere Every Failure Becomes A Manual
Description List potential adversary in the middle phishing attempts that have been identified by the OfficeHome application in combination with an empty
Read MoreDescription Adversaries can use SMB to upload files to remote shares or to interact with files on those shares. A
Read MoreDescription This KQL query detects when multiple sensitive group additions have been initiated from the command-line within a certain timeframe.
Read MoreDescription Adversaries may use executable files to gain initial access. A tactic that is used is to send executable files,
Read MoreDescription Attackers install web shells on servers by taking advantage of security gaps, typically vulnerabilities in web applications, in internet-facing
Read MoreDescription Adversaries can use older kerberos encryption algorithms which are vulnerable to brute force attacks to crack passwords. This query
Read MoreDescription This KQL query list all internet facing devices that have a vulnerability that is exploitable. What exploitable means is
Read MoreDescription Adversaries may create local accounts to perform malicious activities. Those accounts can then be used to logon to the
Read MoreDescription Adversaries may use macro enabled files go gain access to the network. If the macros are not enabled the
Read More