Skip to content

v3.54.0
Compare
Choose a tag to compare
@github-actions github-actions released this 29 Nov 23:58
· 5154 commits to develop since this release
v3.54.0
83fc0e3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytic Story

  • CISA AA22-320A
  • Reverse Network Proxy
  • MetaSploit

New Analytics

  • Ngrok Reverse Proxy on Network
  • Powershell Load Module in Meterpreter
  • Windows Apache Benchmark Binary
  • Windows Mimikatz Binary Execution
  • Windows MSExchange Management Mailbox Cmdlet Usage
  • Windows Ngrok Reverse Proxy Usage
  • Windows Service Created with Suspicious Service Path

Updated Analytics

  • BITSAdmin Download File (Thank you @BlackB0lt)
  • Common Ransomware Extensions (Thank you Steven Dick!) Issue 2448
  • Exchange PowerShell Module Usage

New BA Analytics

  • Windows PowerShell Disabled Kerberos Pre-Authentication Discovery Get-ADUser
  • Windows PowerShell Disabled Kerberos Pre-Authentication Discovery With PowerView

Updated BA Analytics

  • Windows Exchange PowerShell Module Usage

Other Updates

  • Tagged several detections for AgentTesla, Qakbot
  • Crowdstike TA added to detection testing pipeline

Contributors

BlackB0lt
Assets 7