public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity

added more reference and contribution

Browse Source
This commit is contained in:
Tonmoy Jitu 2024-12-02 23:56:02 +11:00
parent 8cc231328f
commit 72aedc48da
No known key found for this signature in database
GPG Key ID: 5268921F49EE80A1
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Wevtutil.yml
View File

@ -36,8 +36,12 @@ Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_susp_eventlog_clear.yml - Sigma: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_susp_eventlog_clear.yml
- Splunk: https://lantern.splunk.com/Security/UCE/Guided_Insights/Threat_hunting/Detecting_a_ransomware_attack/Wevtutil.exe_abuse - Splunk: https://lantern.splunk.com/Security/UCE/Guided_Insights/Threat_hunting/Detecting_a_ransomware_attack/Wevtutil.exe_abuse
Resources: Resources:
- Link: https://www.reddit.com/r/ThreathuntingDFIR/comments/1b625v8/wevtutil_dumping_logs_without_powershell/
- Link: https://denwp.com/unexplored-lolbas-technique-wevtutil-exe/ - Link: https://denwp.com/unexplored-lolbas-technique-wevtutil-exe/
- Link: https://x.com/tonmoy0010/status/1860963760774713805 - Link: https://x.com/tonmoy0010/status/1860963760774713805
- Link: https://attack.mitre.org/software/S0645/
Acknowledgement: Acknowledgement:
- Person: Tonmoy Jitu - Person: Tonmoy Jitu
Handle: '@tonmoy0010' Handle: '@tonmoy0010'
- Person: Secret Guy
Handle: 'GoranLind'