Home
This wiki contains information about:
- How CyberCX Digger works, and the threat intelligence it leverages
- Why we produced CyberCX Digger, and how you can contribute to the project
- The search techniques used, and the context of any results found
- Conducting further investigation to validate results presented in the CyberCX Digger report
- What to do if you believe your system may be compromised.
Please use the links on the right to navigate this wiki.
The Threat intelligence sources used to develop the detections withing CyberCX Digger include:
- ACSC advisory 2020-008 released under classification TLP: WHITE
- Investigations performed by the CyberCX DFIR team
- Investigations performed by CrowdStrike
- Contributions from the community.
Detections made by CyberCX Digger are based purely upon threat intelligence. If a scan returns findings, this does not itself mean that your system is compromised. Since all systems are different, further analysis should be performed to determine whether the finding is indeed proof of a compromise, or perhaps a false positive. Guidance for how to approach such analysis is provided within the wiki pages.
Please refer to the Detection Artefacts in the menu to the right for specific information and recommendations for each one.
