Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-11 02:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

more queries

Browse Source
This commit is contained in:
@
2020-09-17 20:57:35 -05:00
parent 2f1a7813d3
commit c440e902e8
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
DefenseEvasion.md
+4
View File
@@ -34,6 +34,10 @@ Atomics: [T1070.001](https://github.com/redcanaryco/atomic-red-team/blob/master/
### T1027.004 Compile After Delivery
Atomics: [T1027.004](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md)
```
(TgtProcName = "csc.exe" AND SrcProcCmdLine Contains "/target:exe") OR (SrcProcName = "csc.exe" AND TgtFileIsExecutable = "true" AND SrcProcParentName Not In ("svchost.exe","AbtSvcHost_.exe"))
```
### T1218.001 Compiled HTML File
Atomics: [T1218.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md)