Threat Hunt: Abuse of Serverless Execution for Malicious Activity
Abuse of Serverless Execution for Malicious Activity This hunt provides visibility into potential serverless abuse, helping organizations detect and respond...
#threat_hunting
Threat Hunt: Detecting LSASS Memory Dump via ProcDump
Introduction The Local Security Authority Subsystem Service (LSASS) process in Windows systems manages the security policy, writes to the Security...
Threat Hunt: Detecting Excessive File Writes/Modifications with Ransomware Note Extensions
Published Date: 06/03/2024 Introduction Ransomware attacks often involve encrypting files on a victim's system and leaving ransom notes with instructions...
Threat Hunt: Detecting Encoded PowerShell Commands
Published Date: 06/03/2024 Introduction This hunt aims to identify potentially malicious activities involving encoded PowerShell commands. Encoded commands are a...
