Advance Threat Analysis issues

Repositories
Issues
Comments

Results 3 issues of


                                            Advance Threat Analysis

windows defender service stop with trustedinstaller token impersonation rule

Hi this is my rule for defender service stop with token impersonation [defenderstop_2.txt](https://github.com/SigmaHQ/sigma/files/8010298/defenderstop_2.txt) `title: defender stop with trustedinstaller token impersonation id: status: experimental description: detect windows defender service stop with...

Add files via upload

lateral movement with windows sc manager

SpooFool(CVE-2022-21999 win-LPE)

here is the spoolfool evtx [spoolfool.zip](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/files/8102712/spoolfool.zip)