GitHub

gpupdate_with_no_command_line_arguments_with_network.yml

description: The following analytic detects the execution of gpupdate.exe without command line arguments and with an active network connection. This behavior is identified using Endpoint Detection and ...
GitHub

7zip_commandline_to_smb_share_path.yml

description: The following analytic detects the execution of 7z or 7za processes with command lines pointing to SMB network shares. It leverages data from Endpoint Detection and Response (EDR) agents, ...
LinkedIn

Exploit and Elevate: Reverse Shells in Action with MSFvenom

The first step in our penetration testing process was to perform an initial enumeration of the target IP using Nmap, one of the most widely used network scanning tools in the industry. This scan helps ...