New Analytic Story
- Spring4Shell CVE-2022-22965
New Analytics
- Java Writing JSP File
- Spring4Shell Payload URL Request
- Web JSP Request via URL
- Web Spring4Shell HTTP Request Class Module
- Web Spring Cloud Function FunctionRouter
- Windows Drivers Loaded by Signature
- Windows ISO LNK File Creation
- Windows Registry Certificate Added
- Windows Registry Modification for Safe Mode Persistence
- Kerberos TGT Request Using RC4 Encryption
- Unknown Process Using The Kerberos Protocol
- Kerberos User Enumeration
- Kerberos Service Ticket Request Using RC4 Encryption
- Windows PowerView Unconstrained Delegation Discovery
- Windows Get-ADComputer Unconstrained Delegation Discovery
- Windows PowerView Constrained Delegation Discovery
- GitHub Actions Disable Security Workflow
- MacOS plutil
Updated Analytics
- MacOS LOLbin
- Suspicious Kerberos Service Ticket Request
- Suspicious Ticket Granting Ticket Request
- Unusual Number of Computer Service Tickets Requested
- PetitPotam Suspicious Kerberos TGT Request