ThreatHuntingStuff

Lots of stuff coming soon. Need to start dumping my favorite Splunk queries. Company is currently switching webhosts, so past blog material is unavailable atm. I did upload a local HTML copy of the netshell helper DLL persistence/loading technique due to it making Mitre's ATT&CK matrix this month. The link on the MITRE wiki is broken.

https://attack.mitre.org/wiki/Technique/T1128

Link to HTML view

https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html

4/8/17 Sigma repo created

Reference: https://github.com/Neo23x0/sigma

Name		Name	Last commit message	Last commit date
Latest commit History 133 Commits
HTAtricks		HTAtricks
SigmaRules/Sysmon		SigmaRules/Sysmon
Splunk		Splunk
BigAssReconList.txt		BigAssReconList.txt
CiscoDomain1M		CiscoDomain1M
PSDLCradleWatchList		PSDLCradleWatchList
README.md		README.md
SuspiciousPowershellScriptText		SuspiciousPowershellScriptText
XMLcradle.txt		XMLcradle.txt
cmd.exe		cmd.exe
evil.inf		evil.inf
evil.sct		evil.sct
generictest.txt		generictest.txt
sendkeysPSCradle		sendkeysPSCradle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ThreatHuntingStuff

About

Releases

Packages

MatthewDemaske/ThreatHuntingStuff

Folders and files

Latest commit

History

Repository files navigation

ThreatHuntingStuff

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages