EDR: Don’t mess with my config
Tags
attack-pattern: Data Direct Indirect Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Hooking - T1617 Native Api - T1575 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Trap - T1546.005 Tool - T1588.002 Execution Through Api - T1106 Hooking - T1179 Powershell - T1086 Trap - T1154 Hooking
Show in Graph
Common Information
Type Value
UUID e8344ce1-b210-49f9-b6f6-fac5d00542f1
Fingerprint 7e1d442228a505f3
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 11, 2024, 2:53 p.m.
Added to db Nov. 11, 2024, 4:16 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline EDR: Don’t mess with my config
Title EDR: Don’t mess with my config
Detected Hints/Tags/Attributes 66/1/11
Source URLs
Redirection Url
Details Source https://medium.com/@firef0x00/edr-dont-mess-with-my-config-af0543d8100f?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 380 
notepad.exe
Details File 533 
ntdll.dll
Details File 748 
kernel32.dll
Details File 1 
inprocessclient64.dll
Details File 82 
kernelbase.dll
Details File 1 
s1_poc.exe
Details File 1 
rdp.dll
Details File 1 
c:\users\public\rdp.dll
Details File 74 
mstsc.exe
Details File 1 
c:\users\public\rdp.txt
Details File 1 
c:\users\public\s1_poc.exe