I am a salaryman whose main job is business process improvement. On note, under the theme of "Enjoying contemplation and organizing thoughts," I will share information in a relaxed way, while digging ...

description: The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field ...

description: The following analytic detects the execution of 7z or 7za processes with command lines pointing to SMB network shares. It leverages data from Endpoint Detection and Response (EDR) agents, ...