New Analytic Story
- Volt Typhoon
New Analytics
- Network Share Discovery Via Dir Command
- Active Directory Privilege Escalation Identified
- Windows Ldifde Directory Object Behavior
- Windows Proxy Via Netsh
- Windows Proxy Via Registry
Updated Analytics
- CHCP Command Execution
New BA Analytics
- Windows PowerSploit GPP Discovery
- Windows Findstr GPP Discovery
- Windows File Share Discovery With Powerview
- Windows Default Group Policy Object Modified with GPME
- Windows PowerView AD Access Control List Enumeration
Updated BA Analytics
- Detect Prohibited Applications Spawning cmd exe
Other Updates:
- Updated several detecetions with Atomic GUIDs
- Tagged several existing detections with
Volt Typhoon