Experimental

| Name | Technique | Datamodel | | ——–| ——— |————|

Endpoint

CMD Echo Pipe - Escalation

Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process

Windows Post Exploitation Risk Behavior

Query Registry, System Network Connections Discovery, Permission Groups Discovery, System Network Configuration Discovery, OS Credential Dumping, System Info...

Disable Show Hidden Files

Hidden Files and Directories, Disable or Modify Tools, Hide Artifacts, Impair Defenses, Modify Registry

Detect SharpHound Usage

Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery

Back to Top ↑

Cloud

Back to Top ↑

Application

Windows AD Suspicious GPO Modification

Domain or Tenant Policy Modification, Group Policy Modification, File and Directory Permissions Modification, Windows File and Directory Permissions Modifica...

Windows AD GPO New CSE Addition

Domain or Tenant Policy Modification, Group Policy Modification, File and Directory Permissions Modification, Windows File and Directory Permissions Modifica...

Windows AD Hidden OU Creation

Domain or Tenant Policy Modification, File and Directory Permissions Modification, Windows File and Directory Permissions Modification

Windows AD Object Owner Updated

Domain or Tenant Policy Modification, File and Directory Permissions Modification, Windows File and Directory Permissions Modification

Back to Top ↑

Deprecated

Back to Top ↑

Web