description: The following analytic identifies the use of Living Off the Land Binaries and Scripts (LOLBAS) with network traffic. It leverages data from the Network Traffic data model to detect when ...
description: The following analytic detects suspicious PowerShell execution indicative of PowerShell-Empire activity. It leverages PowerShell Script Block Logging (EventCode=4104) to capture and ...
This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.
Within this document I am talking about changing the contents of the Registry. Always be sure to make a backup before changing. You can do this in the Registry Editor by clicking File, Export and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results