New Analytic Stories
- DarkSide Ransomware
- Active Directory Password Spraying
New Detections
- Extract SAM from Registry
- SLUI RunAs Elevated
- SLUI Spawning a Process
- Detect Renamed RClone
- Detect RClone Command-Line Usage
- CMLUA Or CMSTPLUA UAC Bypass
- Multiple Disabled Users Failing To Authenticate From Host Using Kerberos
- Multiple Invalid Users Failing To Authenticate From Host Using Kerberos
- Multiple Invalid Users Failing To Authenticate From Host Using NTLM
- Multiple Users Attempting To Authenticate Using Explicit Credentials
- Multiple Users Failing To Authenticate From Host Using Kerberos
- Multiple Users Failing To Authenticate From Host Using NTLM
- Multiple Users Failing To Authenticate From Process
- Multiple Users Remotely Failing To Authenticate From Host
- Delete ShadowCopy With PowerShell (Experimental)
Updated Detections
- Ransomware Notes bulk creation
- Cobalt Strike Named Pipes