Aaron Hoffmann
Aaron Hoffmann
Change(s): - Adds a filter to include WMIC events where shadow copies are deleted Reason for Change(s): - Updating query for better detections Version Updated: - N/A Testing Completed: -...
Required items, please complete Change(s): - Updates workbook "ReversingLabs-CapabilitiesOverview": update KQL queries in workbook to match playbook names as deployed by solution; update guide text Reason for Change(s): - Typo...
# Edit from maintainer Hi, I got a response from someone who has given me a potential workaround for this DPAPI issue. * Delete the directory: `%userprofile%\AppData\Local\Microsoft\IdentityCache` * Try signing...