Home
Analytic Stories
Detections
Playbooks
Data Sources
Blog
About
Deprecated Detections
Name
Data Source
Technique
Type
Analytic Story
Date
Detect Rundll32 Application Control Bypass - advpack
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
,
Windows Event Log Security 4688
Rundll32
TTP
Compromised Windows Host
,
Living Off The Land
,
Suspicious Rundll32 Activity
2025-10-06
Detect Rundll32 Application Control Bypass - setupapi
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
,
Windows Event Log Security 4688
Rundll32
TTP
Compromised Windows Host
,
Living Off The Land
,
Suspicious Rundll32 Activity
2025-10-06
Detect Rundll32 Application Control Bypass - syssetup
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
,
Windows Event Log Security 4688
Rundll32
TTP
Compromised Windows Host
,
Living Off The Land
,
Suspicious Rundll32 Activity
2025-10-06
Windows Change Default File Association For No File Ext
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
,
Windows Event Log Security 4688
Change Default File Association
TTP
Compromised Windows Host
,
Prestige Ransomware
2025-10-06
Windows Set Private Network Profile via Registry
Sysmon EventID 13
Modify Registry
Anomaly
Secret Blizzard
2025-10-07
Defense Evasion Detections
Discovery Detections
