frack113
frack113
# What did you do? (required. The issue will be **closed** when not provided.) I get the last version version by GIT and build it I make a scan of...
Hello, - fix from #1023 - Fix error missing timastamp with empty index - Fix missing dateutil in requirements.txt - Fix warning API Cortex Log  NOT FIX: - check...
Hi, I have made some [Redcannary](https://github.com/redcanaryco/atomic-red-team) with LOLBAS. I think link can be usefull. You get the `detection` and a link in `Resources` to trigger it. What dou you think...
Hi, I have run `grep -ri "contains all" | grep -v ';'` ```bash 12_13_14_registry_event/include_autoruns_and_startup_keys.xml: hkcu\software\microsoft\windows nt\currentversion\accessibility\ATs\\*(1)\StartExe 12_13_14_registry_event/include_office.xml: software\microsoft\office\16.0\common\internet\server cache\ 1_process_creation/include_living_off_the_land.xml: vssadmin.exe delete 1_process_creation/include_living_off_the_land.xml: wbadmin.exe delete 1_process_creation/include_living_off_the_land.xml: bcedit.exe /set 1_process_creation/include_living_off_the_land.xml: diskshadow.exe...
## What did you do? When start Atomic Test #2 - DLL Side-Loading using the dotnet startup hook environment variable  When rename to preloader.dll  need to rename ?
When I want to GetPrereqs for T1219 Testnumber 8 I get a : "Start-BitsTransfer : The operation being requested was not performed because the user has not logged on to...
## What did you do? Run T1562.006.md atomic-test-6 (7 is the ps version) ## What did you expect to happen? Test run well and then test with EICAR defender Events...
https://bohops.com/2021/03/16/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion/ e0b06658-7d1d-4cd3-bf15-03467507ff7c : check creation of the log file 28036918-04d3-423d-91c0-55ecf99fb892: The key do not exist on Windows 10 and 11. But can not generate a CreateKey event with sysmon or...
### Summary of the Pull Request condition refractor ### Changelog remove 1/all of when useless ### Example Log Event ### Fixed Issues ### SigmaHQ Rule Creation Conventions - If your...