GitHub

7zip_commandline_to_smb_share_path.yml

description: The following analytic detects the execution of 7z or 7za processes with command lines pointing to SMB network shares. It leverages data from Endpoint Detection and Response (EDR) agents, ...
GitHub

powershell_4104_hunting.yml

description: The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field ...
来自MSN

Notepad++ isn't the best app for huge files anymore — I tested the alternatives

The first time Notepad++ let me down was when I tried to open a server log that had grown to a few hundred megabytes. The window came up fast enough, but the moment I tried to scroll or search through ...