yugoslavskiy
- Subject: [Atomic Red Team project](https://github.com/redcanaryco/atomic-red-team/) - Author: @redcanaryco - Type: threat simulation tests - Requirements: Create one Pull Request per Sigma rule Please comment the issue with a task...
- Research (slides): [Hunting for Privilege Escalation in Windows Environment](https://www.slideshare.net/heirhabarov/hunting-for-privilege-escalation-in-windows-environment) - Author: Teymur Kheirkhabarov, [@HeirhabarovT](https://twitter.com/HeirhabarovT) - Type: Ready-made alerts (Kibana queries) - Requirements: Create one Pull Request per Sigma rule...
- Research (slides): [Hunting For PowerShell Abuse](https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse) - Author: Teymur Kheirkhabarov, [@HeirhabarovT](https://twitter.com/HeirhabarovT) - Type: Ready-made alerts (Kibana queries) - Requirements: Create one Pull Request per Sigma rule You can pick...
- Research (slides): [Hunting Lateral Movement in Windows Infrastructure](https://drive.google.com/file/d/1lKya3_mLnR3UQuCoiYruO3qgu052_iS_/view?usp=sharing) - Author: Teymur Kheirkhabarov, [@HeirhabarovT](https://twitter.com/HeirhabarovT) - Type: Ready-made alerts (Splunk queries) - Requirements: Create one Pull Request per Sigma rule You...
- Subject: [Atomic Red Team project](https://github.com/redcanaryco/atomic-red-team/) - Author: @redcanaryco - Type: threat simulation tests - Requirements: Create one Pull Request per Sigma rule - Pro tip: Consider developing Sigma rules...
- Subject: [Atomic Red Team project](https://github.com/redcanaryco/atomic-red-team/) - Author: @redcanaryco - Type: threat simulation tests - Requirements: Create one Pull Request per Sigma rule - Pro tip: Consider developing Sigma rules...
**Feature description** Responder for CB Response (previous name) / Carbon Black Endpoint Detection and Response (current name) or just "Carbon Black EDR" that would be able to execute the following...
We are seeking for a help with Response Actions development. You are very welcome to contribute. Please use the existing placeholder for the [RA3601: Lock user account](https://github.com/atc-project/atc-react/tree/master/response_actions/RA_3601_lock_user_account.yml), as well as...
## The context We need to be on the same page to discuss the problem and solution of Incident Response (IR) and Threat Detection (TD) connection. Here is some information...