- D3Secutrity CTI Feeds
- Linux Logs
- Netspi PowerShell Execution Policy Bypass
- Mandiant-leaks
- Tilbury Windows Credentials
- CWE top 25
- CrowdStrike 2015 Global Threat Report
- Prolific OSX Malware History
- CERN Windigo June 2019
- CrowdStrike GTR 2019
- Crowdstrike GTR2020 Mar 2020
- RecordedFuture 2021 Ad Infra
- Red Canary 2021 Threat Detection Report March 2021
- ACSC BlackCat Apr 2022
- Internet crime report 2022
- RC PowerShell
- 20 macOS Common Tools and Techniques
- Microsoft GPP Key
- Microsoft _VBA_PROJECT Stream
- Microsoft Learn
- Hybrid Analysis Icacls2 May 2018
- Microsoft Wow6432Node 2018
- DOJ-DPRK Heist
- ITWorld Hard Disk Health Dec 2014
- Microsoft 4657 APR 2017
- Microsoft 4697 APR 2017
- Microsoft User Creation Event
- Microsoft User Modified Event
- Microsoft 4768 TGT 2017
- HIPAA Journal S3 Breach, 2017
- Slack Security Risks
- PurpleSec Data Loss Prevention
- 7zip Homepage
- VMWare 8Base June 28 2023
- Acronis 8Base July 17 2023
- MicroFocus 9002 Aug 2016
- CISA AA21-200A APT40 July 2021
- AADInternals
- AADInternals Documentation
- AADInternals Github
- Gigamon BADHATCH Jul 2019
- bad_luck_blackcat
- Cybereason Bazar July 2020
- Red Canary Hospital Thwarted Ryuk October 2020
- CyberCX Anonymous Sudan June 19 2023
- Netskope Cloud Phishing
- Microsoft O365 Admin Roles
- Microsoft Atom Table
- Microsoft About BITS
- Microsoft About Event Tracing 2018
- Microsoft PowerShell Command History
- Microsoft List View Controls
- Microsoft PowerShell Logging
- Apple About Mac Scripting 2016
- PowerShell About 2019
- Microsoft PowerShellB64
- Microsoft Profiles
- Microsoft About Profiles
- Microsoft Remote Desktop Services
- systemsetup mac time
- MSDN Clipboard
- Microsoft HTML Help Executable Program
- About UEFI
- Microsoft Window Classes
- Picus Sodinokibi January 2020
- Application Bundle Manipulation Brandon Dalton
- NCC Group Chimera January 2021
- Electron 2
- Harmj0y Abusing GPO Permissions
- Retwin Directory Share Pivot
- BOHOPS Abusing the COM Registry
- abusing_com_reg
- Rhino Security Labs AWS VPC Traffic Mirroring
- Narrator Accessibility Abuse
- Intezer ACBackdoor
- AccCheckConsole.exe - LOLBAS Project
- CyberScoop APT28 Nov 2018
- Microsoft Azure Kubernetes Service Service Accounts
- CrowdStrike Access Brokers
- Microsoft Access Control Lists May 2018
- Auth0 Access Tokens
- BSidesSLC 2020 - LNK Elastic
- Mythic SpecterOps
- FireEye Chinese Espionage October 2019
- Unit42 AcidBox June 2020
- AcidRain JAGS 2022
- acroread package compromised Arch Linux Mail 8JUL2018
- Microsoft Actinium February 2022
- Wikipedia Active Directory
- Microsoft AD Accounts
- Microsoft AD Admin Tier Model
- Microsoft AD CS Overview
- Microsoft Get-ADUser
- Active Directory Enumeration with LDIFDE
- Microsoft SID-History Attribute
- Volexity Ivanti Zero-Day Exploitation January 2024
- ActiveMalwareEnergy
- Klein Active Setup 2010
- Dark Vortex Brute Ratel C4
- ad_blocker_with_miner
- Microsoft Support O365 Add Another Admin, October 2019
- Amazon AWS IMDS V2
- Adding Login Items
- MRWLabs Office Persistence Add-ins
- AddinUtil.exe - LOLBAS Project
- Microsoft - Add-MailboxPermission
- AddMonitor
- Microsoft Azure AD Users
- Microsoft Office Add-ins
- Microsoft AddPrintProcessor May 2018
- RFC1918
- Microsoft Exchange Address Lists
- Microsoft AD DS Getting Started
- Akamai DGA Mitigation
- Keychain Decryption Passware
- Trend Micro Deep Dive Into Defacement
- Talos Lokibot Jan 2021
- Malwarebytes Saint Bot April 2021
- SecurityScorecard CredoMap September 2022
- Krebs DNS Hijack 2019
- Reaqta MuddyWater November 2017
- ESET Turla PowerShell May 2019
- Kubernetes Admission Controllers
- Krebs Adobe
- Github AD-Pentest-Script
- adplus.exe - LOLBAS Project
- Microsoft ADV170021 Dec 2017
- FireEye APT Groups
- Mandiant Advanced Persistent Threats
- Mandiant APT Groups List
- Advanced_sec_audit_policy_settings
- Adversaries Hijack DLLs
- CrowdStrike Richochet Chollima September 2021
- Elastic - Hunting for Persistence Part 1
- NCSC APT29 July 2020
- Advpack.dll - LOLBAS Project
- Kaspersky Adwind Feb 2016
- Bitdefender Trickbot VNC module Whitepaper 2021
- Mac Backdoors are back
- SentinelOne January 30 2023
- Trend Micro March 26 2024
- Kaspersky MSSQL Aug 2019
- Securelist Agent.btz
- ThreatExpert Agent.btz
- AgentExecutor.exe - LOLBAS Project
- SentinelLabs Agent Tesla Aug 2020
- LogPoint Agent Tesla March 23 2023
- ATT Sidewinder January 2021
- Harmj0y Domain Trusts
- airwalk backdoor unix systems
- Wired Lockergoga 2019
- ZDNET Selling Data
- ESET Zebrocy May 2019
- Kersten Akira 2023
- Akira Ransomware Analysis August 2023
- Sophos Akira May 9 2023
- Microsoft AKS Azure AD 2023
- Okta DPoP 2023
- US-CERT SamSam 2018
- CISA MSS Sep 2020
- CISA Lokibot September 2020
- CISA_AA21_200B
- cisa_malware_orgs_ukraine
- US-CERT Ransomware 2016
- US-CERT WannaCry 2017
- US-CERT HIDDEN COBRA June 2017
- US-CERT NotPetya 2017
- US-CERT APT Energy Oct 2017
- US-CERT FALLCHILL Nov 2017
- US-CERT Volgmer Nov 2017
- US-CERT TA18-074A
- US-CERT-TA18-106A
- US-CERT Emotet Jul 2018
- AlKhaser Debug
- Fysbis Palo Alto Analysis
- Medium KONNI Jan 2020
- Unit 42 Palo Alto Ransomware in Public Clouds 2022
- Cyber Centre ALPHV/BlackCat July 25 2023
- Mandiant ALPHV Affiliate April 3 2023
- Microsoft ADS Mar 2014
- XPNSec PPID Nov 2017
- Microsoft AlwaysInstallElevated 2018
- ASEC BLOG July 21 2022
- Amazon Snapshots
- Amazon AMI
- Amazon S3
- Trend Micro S3 Exposed PII, 2017
- Recorded Future Beacon Certificates
- Botnet Scan
- Trend Micro Ngrok September 2020
- CIRCL PlugX March 2013
- Apple Unified Log Analysis Remote Login and Screen Sharing
- Medium S2W WhisperGate January 2022
- Analysis of FG-IR-22-369
- Graeber 2014
- Fortinet Agent Tesla April 2018
- Antiy CERT Ramsay April 2020
- Storm-0558 techniques for unauthorized email access
- ESET Telebots July 2017
- EST Kimsuky SmokeScreen April 2019
- Ukraine15 - EISAC - 201603
- Check Point Havij Analysis
- ESET Emotet Dec 2018
- Rewterz Sidewinder COVID-19 June 2020
- CISA AR18-352A Quasar RAT December 2018
- CISA AR21-126A FIVEHANDS May 2021
- JoeSecurity Egregor 2020
- GDATA Zeus Panda June 2017
- jstnk9.github.io June 01 2022
- Analyzing CS Dec 2020
- Objective_See 1 4 2024
- Microsoft Security Blog 4 22 2024
- Uperesia Malicious Office Documents
- Unit42 OilRig Nov 2018
- McAfee GhostSecret
- Microsoft Analyzing Solorigate Dec 2020
- Lastline PlugX Analysis
- TrendMicro Sandworm October 2014
- Dragos Crashoverride 2018
- Anatomy of an hVNC Attack
- Syscall 2014
- SCADAfence_ransomware
- ESET IIS Malware 2021
- Medium Anchor DNS July 2020
- NSA Joint Advisory SVR SolarWinds April 2021
- Kaspersky Andariel Ransomware June 2021
- Sophos X-Ops C-23
- RFC826 ARP
- HP SVCReady Jun 2022
- SecureList Fileless
- ESET Ebury Feb 2014
- Welivesecurity Ebury SSH
- Avertium Black Basta June 2022
- Myers 2007
- Linux Services Run Levels
- Anomali Pirate Panda April 2020
- AnonGhost Team Profile
- AnonHBGary
- Fortinet Metamorfo Feb 2020
- MuddyWater TrendMicro June 2018
- AlienVault Sykipot 2011
- RiskIQ Newegg September 2018
- Dell WMI Persistence
- iDefense Rootkit Overview
- Trend Micro Rhysida August 09 2023
- Mandiant Ukraine Cyber Threats January 2022
- Microsoft AMSI
- Microsoft Anti Spoofing
- Fox-It Anunak Feb 2015
- Group-IB Anunak
- Google TAG Ukraine Threat Landscape March 2022
- Zairon Hooking Dec 2006
- SentinelOne Aoqin Dragon June 2022
- Apache Server 2018
- Secureworks BRONZEUNION Feb 2019
- AppArmor official
- PenTestLabs AppDomainManagerInject
- Rapid7 AppDomain Manager Injection
- Mandiant APT1 Appendix
- AppInit Secure Boot
- AppInstaller.exe - LOLBAS Project
- objectivesee osx.shlayer apple approved 2020
- AppleDocs AuthorizationExecuteWithPrivileges
- AppleDocs Scheduling Timed Jobs
- CISA AppleJeus Feb 2021
- Apple Remote Desktop Admin Guide 3.3
- applescript signing
- Microsoft Entra ID Service Principals
- Microsoft App Domains
- Corio 2008
- Microsoft Application Lockdown
- SANS Application Whitelisting
- Beechey 2010
- NSA MS AppLocker
- Penetration Testing Lab MSXSL July 2017
- Microsoft Requests for Azure AD Roles in Privileged Identity Management
- Apple App Security Overview
- Tripwire AppUNBlocker
- Appvlp.exe - LOLBAS Project
- BlackHat Atkinson Winchester Token Manipulation
- FireEye APT10 April 2017
- Securelist APT10 March 2021
- FireEye APT10 Sept 2018
- NCC Group APT15 Alive and Strong
- Mandiant APT1
- Profero APT27 December 2020
- FireEye APT28 January 2017
- FireEye APT28
- U.S. CISA APT28 Cisco Routers April 18 2023
- Symantec APT28 Oct 2018
- FireEye APT28 Hospitality Aug 2017
- Bitdefender APT28 Dec 2015
- FireEye APT29 Domain Fronting
- FireEye APT29 Domain Fronting With TOR March 2017
- FireEye APT30
- Zscaler APT31 Covid-19 October 2020
- sentinelone apt32 macOS backdoor 2020
- FireEye APT33 Webinar Sept 2017
- FireEye APT34 Webinar Dec 2017
- DFIR Report APT35 ProxyShell March 2022
- Check Point APT35 CharmPower January 2022
- FireEye APT37 Feb 2018
- FireEye APT38 Oct 2018
- FireEye APT39 Jan 2019
- APT3 Adversary Emulation Plan
- evolution of pirpi
- FireEye APT40 March 2019
- Rostovcev APT41 2021
- Mandiant APT42
- NSA APT5 Citrix Threat Hunting December 2022
- welivesecurity_apt-c-23
- QiAnXin APT-C-36 Feb2019
- 360 Machete Sep 2020
- Cycraft Chimera April 2020
- CISA IT Service Providers
- Securelist GCMAN
- Proofpoint TA459 April 2017
- Kaspersky ToddyCat June 2022
- Securelist APT Trends April 2018
- Kaspersky APT Trends Q1 2020
- Kaspersky APT Trends Q1 April 2021
- Securelist APT Trends Q2 2017
- Wired ArcaneDoor April 24 2024
- Cisco Talos ArcaneDoor April 24 2024
- Wald0 Guide to GPOs
- Lau 2011
- Krebs-Booter
- RSA Forfiles Aug 2017
- FireEye Respond Webinar July 2017
- Browser-updates
- Sekoia.io AridViper
- TechNet Arp
- Cisco ARP Poisoning Mitigation 2016
- ASEC Emotet 2017
- ASERT Seven Pointed Dagger Aug 2015
- Securelist Sofacy Feb 2018
- THE FINANCIAL TIMES LTD 2019.
- Aspnet_Compiler.exe - LOLBAS Project
- Mandiant UNC2452 APT29 April 2022
- Microsoft AssemblyLoad
- Kubernetes Assigning Pods to Nodes
- Microsoft Assoc Oct 2017
- Rhino Security Labs Enumerating AWS Roles
- Cybereason Astaroth Feb 2019
- spamhaus-malvertising
- Microsoft APC
- Medium February 08 2023
- AsyncRAT Crusade: Detections and Defense | Splunk
- TechNet At
- Die.net Linux at Man Page
- Linux at
- PWC Pirpi Scanbox
- Atbroker.exe - LOLBAS Project
- ESET Attor Oct 2019
- LogRhythm WannaCry
- Malwarebytes Dyreza November 2015
- At.exe - LOLBAS Project
- ENSIL AtomBombing Oct 2016
- SentinelOne 5 3 2023
- Malwarebytes 1 10 2024
- FireEye TRITON 2018
- The DFIR Report Truebot June 12 2023
- att_def_ps_logging
- Attack chain leads to XWORM and AGENTTESLA | Elastic
- Intezer TeamTNT September 2020
- Metcalf 2015
- Cisco Blog Legacy Device Attacks
- FireEye TRITON 2017
- FireEye TRITON Dec 2017
- Forbes GitHub Creds
- GitHub Cloud Service Credentials
- Unit 42 Unsecured Docker Daemons
- Talos Roblox Scam 2023
- Black Hills Attacking Exchange MailSniper, 2016
- SANS Attacking Kerberos Nov 2014
- NetSPI SQL Server CLR
- Mandiant FIN5 GrrCON Oct 2016
- Attacking VNC Servers PentestLab
- Talos Template Injection July 2017
- Lotus Blossom Dec 2015
- Symantec Attacks Against Government Sector
- Aqua Security Cloud Native Threat Report June 2021
- CERT-FR PYSA April 2020
- InsiderThreat NTFS EA Oct 2017
- Microsoft ASR Obfuscation
- Obfuscated scripts
- TrendMicro Msiexec Feb 2018
- GitHub ATTACK Empire
- lambert systemd 2022
- TechNet Credential Theft
- AcidRain State Department 2022
- Audit OSX
- Microsoft Audit Logon Events
- Cloud Audit Logs
- Microsoft Scheduled Task Events Win10
- auditpol
- auditpol.exe_STRONTIC
- Audit_Policy_Microsoft
- TechNet Audit Policy
- Microsoft Audit Registry July 2012
- Security Affairs Elderwood Sept 2012
- NIST Authentication
- MSDN Authentication Packages
- Microsoft Authenticode
- K8s Authorization Overview
- SSH Authorized Keys
- Trend Micro njRAT 2018
- Re-Open windows on Mac
- TechNet Autoruns
- Autoruns for Windows
- Hornet Security Avaddon June 2020
- Arxiv Avaddon Feb 2021
- CISA Phishing
- Malwarebytes AvosLocker Jul 2021
- avoslocker_ransomware
- Cisco Talos Avos Jun 2022
- Awesome Executable Packing
- ESET Kobalos Jan 2021
- AWS Root User
- GitHub AWS-ADFS-Credential-Generator
- AWS GetPasswordPolicy
- AWS Console Sign-in Events
- AWS Describe DB Instances
- AWS Get Bucket ACL
- AWS Get Public Access Block
- AWS Head Bucket
- Rhino Security Labs AWS Privilege Escalation
- AWS Lambda Redirector
- Sysdig AMBERSQUID September 18 2023
- Rhino Security Labs AWS S3 Ransomware
- AWS Systems Manager Run Command
- Pylos Xenotime 2019
- objective-see ay mami 2018
- Microsoft AZ CLI
- Intezer Russian APT Dec 2020
- az monitor diagnostic-settings
- Microsoft Azure AD Security Operations for Devices
- Microsoft Azure Active Directory security operations guide
- Azure AD Connect for Read Teamers
- Microsoft - Azure PowerShell
- Azure Blob Storage
- Microsoft Azure Instance Metadata 2021
- Microsoft Azure Policy
- SpecterOps Azure Privilege Escalation
- Azure Products
- Azure - Resource Manager API
- Mandiant Azure Run Command 2021
- Microsoft Azure security baseline for Azure Active Directory
- Microsoft - Azure Sentinel ADFSDomainTrustMods
- Azure Serial Console
- Microsoft Azure Storage Security, 2019
- Azure - Stormspotter
- Medium Babuk February 2021
- Sogeti CERT ESEC Babuk March 2021
- Unit42 BabyShark Apr 2019
- Symantec Briba May 2012
- TrendMicro Squiblydoo Aug 2017
- Symantec Darkmoon Aug 2005
- ESET BackdoorDiplomacy Jun 2021
- Backdooring an AWS account
- Symantec Linfo May 2012
- Symantec Backdoor.Mivast
- Symantec Nerex May 2012
- Symantec Backdoor.Nidiran
- Symantec Remsec IOCs
- Symantec Ristol May 2012
- Symantec Vasport May 2012
- FSecure Hupigon
- Symantec Wiarp May 2012
- Microsoft Lamin Sept 2017
- Microsoft PoisonIvy 2017
- Microsoft Win Defender Truvasys Sep 2017
- Microsoft Wingbird Nov 2017
- Microsoft BITS
- NCC Group Research Blog August 19 2022
- Tech Republic - Restore AWS Snapshots
- Secureworks COBALT DICKENS August 2018
- Cybereason Kimsuky November 2020
- Proofpoint TA453 March 2021
- Unit 42 BadPatch Oct 2017
- ESET Bad Rabbit
- Secure List Bad Rabbit
- BlackBerry Bahamut
- BaltimoreSun RobbinHood May 2019
- ESET Research Bandook July 7 2021
- CheckPoint Bandook Nov 2020
- Banker Google Chrome Extension Steals Creds
- Unit42 Banking Trojans Hooking 2022
- Linux manual bash invocation
- DieNet Bash
- Bash.exe - LOLBAS Project
- Bashfuscator Command Obfuscators
- Microsoft Basic TxF Concepts
- eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif
- BATLOADER: The Evasive Downloader Malware
- Palo