ProxyShell ProxyNotShell Behavior Detected
Exploit Public-Facing Application, External Remote Services
Risk
Windows Modify Registry Risk Behavior
Modify Registry
Windows Post Exploitation Risk Behavior
Query Registry, System Network Connections Discovery, Permission Groups Discovery, System Network Configuration Discovery, OS Credential Dumping, System Info...
Windows Common Abused Cmd Shell Risk Behavior
File and Directory Permissions Modification, System Network Connections Discovery, System Owner/User Discovery, System Shutdown/Reboot, System Network Config...
Active Directory Privilege Escalation Identified
Domain Policy Modification
AWS S3 Exfiltration Behavior Identified
Transfer Data to Cloud Account
Steal or Forge Authentication Certificates Behavior Identified
Steal or Forge Authentication Certificates
Active Directory Lateral Movement Identified
Exploitation of Remote Services
Okta Risk Threshold Exceeded
Valid Accounts, Brute Force
Log4Shell CVE-2021-44228 Exploitation
Ingress Tool Transfer, Exploit Public-Facing Application, Command and Scripting Interpreter, External Remote Services
Living Off The Land
Ingress Tool Transfer, Exploit Public-Facing Application, Command and Scripting Interpreter, External Remote Services
Linux Persistence and Privilege Escalation Risk Behavior
Abuse Elevation Control Mechanism
Azure Active Directory High Risk Sign-in
Compromise Accounts, Cloud Accounts, Brute Force, Password Spraying