Switch branches/tags
Nothing to show
Find file History
Permalink
..
Failed to load latest commit information.
analyze_producer_consumer_ratio.md Added new PCR reference Sep 26, 2016
antivirus_logs.md Update antivirus_logs.md Jun 14, 2017
beacon_detection_via_intra_request_time_deltas.md Added @jackcr twitter link for malware C2 hunting. Jun 28, 2016
checking-how-outsiders-see-you.md Added new Safebrowsing hunt Jun 16, 2016
comparing_host_images_memory_dumps_to_known_good_baselines.md Fixed links to published procedures (removed a few stale ones, fixed Jun 15, 2016
critical_process_impersonation.md Added link to string distance algorithm description Nov 30, 2016
dynamic_dns_c2.md fixes formatting for clean pandoc conversion Aug 6, 2016
emet_log_mining.md Fixed links to published procedures (removed a few stale ones, fixed Jun 15, 2016
golden_ticket.md Create golden_ticket.md Aug 23, 2016
http_uri_analysis.md fixes formatting for clean pandoc conversion Aug 6, 2016
http_user_agent_analysis.md New Add Jul 8, 2016
internet_facing_http_request_analysis.md Initial checkin of existing techniques and brand new README file. Apr 8, 2016
lateral-movement-via-explicit-credentials.md Updated markdown formatting in title May 23, 2017
lateral-movement-windows-authentication-logs.md Minor formatting fix for the hunt title May 23, 2017
lateral_movement_detection_via_process_monitoring.md Added refs to MITRE Cyber Analytic Repository Dec 30, 2016
net_session_c2.md Added explict 'More Info' section to indicate no links are known at t… Nov 21, 2016
ntfs_extended_attribute_analysis.md Switches _ to ` for pandoc latex of inline code Aug 3, 2016
privileged-group-tracking.md Correct misspelled filename Jun 22, 2016
psexec-windows-events.md Switches _ to ` for pandoc latex of inline code Aug 3, 2016
ram_dumping.md Fixed links to published procedures (removed a few stale ones, fixed Jun 15, 2016
rdp_external_access.md Added refs to MITRE Cyber Analytic Repository Dec 30, 2016
renamed-tools.md Added refs to MITRE Cyber Analytic Repository Dec 30, 2016
rogue_listeners.md Fixed links to published procedures (removed a few stale ones, fixed Jun 15, 2016
shimcache_amcache.md Fixed links to published procedures (removed a few stale ones, fixed Jun 15, 2016
suspicious_command_shells.md Added new hunt for suspcious command shells in process execution data Dec 30, 2016
suspicious_process_creation_via_windows_event_logs.md Added refs to MITRE Cyber Analytic Repository Dec 30, 2016
webshell_behavior.md Minor edits to clean up formatting Aug 6, 2016
webshells.md Switches _ to ` for pandoc latex of inline code Aug 3, 2016
windows_autoruns_analysis.md Added refs to MITRE Cyber Analytic Repository Dec 30, 2016
windows_driver_analysis.md Switches _ to ` for pandoc latex of inline code Aug 3, 2016
windows_prefetch_cache_analysis.md Switches _ to ` for pandoc latex of inline code Aug 3, 2016
windows_service_analysis.md Switches _ to ` for pandoc latex of inline code Aug 3, 2016