New Analytic Story
- IIS Components
New Analytics
- Windows Disable Windows Event Logging Disable HTTP Logging
- Windows IIS Components Add New Module
- Windows IIS Components Get-WebGlobalModule Module Query
- Windows IIS Components Module Failed to Load
- Windows IIS Components New Module Added
- Windows PowerShell Disable Windows Event Logging Disable HTTP Logging
- Windows PowerShell IIS Components WebGlobalModule Usage
Updated Analytics
- Account Discovery With Net App (Thanks to @TheLawsOfChaos)
- Msmpeng Application DLL Side Loading(Thanks to @sanjay900)
- Remcos RAT File Creation in Remcos Folder(Thanks to @sanjay900)
- Excessive DNS Failures (Thanks to @bowesmana)
- Batch File Write to System32 (Thanks to @nterl0k)
- Disable Defender AntiVirus Registry (Thanks to @nterl0k)
- Sc exe manipulating windows services
- Windows remote access software hunt
Other Updates
- Update to the CI workflow to Uploads the summary results to the s3 reporting bucket after a test completes.
- Added
risk_indexmacro which expands toindex=riskin security_content.