Toggle navigation sidebar
Toggle in-page Table of Contents
Threat Hunter Playbook
Knowledge Library
Windows
Active Directory Replication
Active Directory Federation Services (ADFS) Distributed Key Manager (DKM) Keys
Data Protection API
Logon Session
LSA Policy Objects
Mimikatz OpenProcess Modules
Process Security and Access Rights
Security Account Manager (SAM) Database
Security Account Manager Remote Protocol (SAMRP)
Security Assertion Markup Language (SAML)
Service Control Manager
SysKey
Task Scheduler Service
Pre-Hunt Activities
Data Management
Data Documentation
Data Standardization
Data Modeling
Data Quality
Guided Hunts
Windows
LSASS Memory Read Access
DLL Process Injection via CreateRemoteThread and LoadLibrary
Active Directory Object Access via Replication Services
Active Directory Root Domain Modification for Replication Services
Registry Modification to Enable Remote Desktop Conections
Local PowerShell Execution
WDigest Downgrade
PowerShell Remote Session
Alternate PowerShell Hosts
Domain DPAPI Backup Key Extraction
SysKey Registry Keys Access
SAM Registry Hive Handle Request
WMI Win32_Process Class and Create Method for Remote Execution
WMI Eventing
WMI Module Load
Local Service Installation
Remote Service creation
Remote Service Control Manager Handle
Remote Interactive Task Manager LSASS Dump
Registry Modification for Extended NetNTLM Downgrade
Access to Microphone Device
Remote WMI ActiveScriptEventConsumers
Remote DCOM IErtUtil DLL Hijack
Remote WMI Wbemcomn DLL Hijack
SMB Create Remote File
Wuauclt CreateRemoteThread Execution
Tutorials
Jupyter Notebooks
Jupyter Server Installation
Introduction to Python
Introduction to Python NumPy Arrays
Introduction to Pandas
repository
open issue
Index
