GitHub

dns_exfiltration_using_nslookup_app.yml

description: The following analytic identifies potential DNS exfiltration using the nslookup application. It detects specific command-line parameters such as query type (TXT, A, AAAA) and retry ...
GitHub

powershell_enable_smb1protocol_feature.yml

description: The following analytic detects the enabling of the SMB1 protocol via `powershell.exe`. It leverages PowerShell script block logging (EventCode 4104) to identify the execution of the ...