decode files

Detect Deobfuscate/Decode Files or Information with this free Splunk Detection Rule

Detect Deobfuscate/Decode Files or Information Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from the analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware, Scripting, PowerShell, or by using utilities…

File and Directory Permissions

Detect File and Directory Permissions Modification

Detect File and Directory Permissions Modification File and directory permissions are commonly managed by discretionary access control lists (DACLs) specified by the file or directory owner. File and directory DACL implementations may vary by platform, but generally, they are explicitly designated so that users/groups can perform actions ie. read, write, execute, etc. Adversaries may modify…

Deobfuscate Detection

Detect Deobfuscate /Decode Files or Information

Detect Deobfuscate /Decode Files or Information Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from the analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware, Scripting, PowerShell, or by using…

Detect Malicious Control Panel items

Detect Malicious Control Panel Items With This Free Splunk Detection Rule Windows Control Panel items are utilities that allow users to view and adjust computer settings. Control Panel items are registered executable (.exe) or Control Panel (.cpl) files, the latter are actually renamed dynamic-link library (.dll) files that export a CPlApplet function. Control Panel items…

Detection of Audio Capture Attack with Splunk Detection Rule

Detection of Audio Capture Attack with Splunk Detection Rule

Detection of Audio Capture Attack with Splunk Detection Rule Detection of Audio Capture Attack ID: T1123 Tactic: Collection Platform: Linux, macOS, Windows An adversary can leverage a computer’s peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening to sensitive conversations to gather information. Malware…