Web Servers Executing Suspicious Processes

System Information Discovery

Detect Mimikatz Via PowerShell And EventCode 4703

LSASS Memory

Reg exe used to hide files directories via registry keys

Hidden Files and Directories

Osquery pack - ColdRoot detection

Processes Tapping Keyboard Events