Skip to content

v4.3.0
Compare
Choose a tag to compare
@github-actions github-actions released this 30 May 18:15
· 3880 commits to develop since this release
v4.3.0
00d0915
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytic Story

  • Volt Typhoon

New Analytics

  • Network Share Discovery Via Dir Command
  • Active Directory Privilege Escalation Identified
  • Windows Ldifde Directory Object Behavior
  • Windows Proxy Via Netsh
  • Windows Proxy Via Registry

Updated Analytics

  • CHCP Command Execution

New BA Analytics

  • Windows PowerSploit GPP Discovery
  • Windows Findstr GPP Discovery
  • Windows File Share Discovery With Powerview
  • Windows Default Group Policy Object Modified with GPME
  • Windows PowerView AD Access Control List Enumeration

Updated BA Analytics

  • Detect Prohibited Applications Spawning cmd exe

Other Updates:

  • Updated several detecetions with Atomic GUIDs
  • Tagged several existing detections with Volt Typhoon
Assets 7
Loading