文件名称:Windows-Hunting
文件大小:29KB
文件格式:ZIP
更新时间:2024-05-24 14:23:56
Windows狩猎 该存储库的目的是帮助Windows威胁猎人在日常操作中寻找一些常见的工件。 随时恭喜。
【文件预览】:
Windows-Hunting-master
----Persistence()
--------.DS_Store(10KB)
--------Registry Autoruns()
----.DS_Store(10KB)
----_config.yml(32B)
----README.md(176B)
----WindowsDefenderATP Hunting Queries ()
--------Process_Certutil_decode in appdata(328B)
--------APT_IR_Persistance_LocalGroups(489B)
--------Alert_Summary by Category(191B)
--------Process_wscript_js execution(300B)
--------Process_Rundll32_possible hta remote(288B)
--------Process_Bitsadmin Executions(615B)
--------Alert_Summary by FIleName(200B)
--------Process_Rundll32_Sus(372B)
--------APT_IR_CNC_rdp enable(567B)
--------Process_Bitsadmin transfer(283B)
--------APT_IR_Persistance_AccountCreation(369B)
--------Indication_Tool_ProcDump_possible(412B)
--------APT_IR_Persistance_LocalAccounts(407B)
--------Process_Possible_MSOffice_Abuse(496B)
--------Process_wscript_suspicious rar:zip(392B)
--------APT_IR_Persistance_secedit(331B)
--------Indication_ClearEventlog(359B)
--------Network_Cscript_Wscript(337B)
--------Indication_RemoteShareMounting(247B)
--------Indication_Tool_IMPACKET artifact(350B)
--------Network_PowerShell(285B)
--------Process_Rundll32_roaming(386B)
--------Alert_Summary by AlertTitle(197B)
--------Process_Rundll32_Control_RunDLL(323B)
--------Process_at.exe execution(200B)
--------Indication_OutPut_Redirection(282B)
--------APT_IR_Execution_Echo(372B)
--------APT_IR_CNC_Possible RDP Tunnel(304B)
--------Process_Rundll32_DllRegisterServer(307B)
--------Process_wmic_process call(281B)
--------SHELL Detection()
--------Alert_WDAVDetection(330B)
--------Alert_Summary by ComputerName(183B)