Skip to content

andrewnorthern/CB-Threat-Hunting

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

132 Commits
API
API
 
 
ATT&CK
ATT&CK
 
 
Scripts
Scripts
 
 
SigmaRules
SigmaRules
 
 
ThreatDragonModels/Ransomware
ThreatDragonModels/Ransomware
 
 
Bitsadmin usage
Bitsadmin usage
 
 
Clearing Windows Eventlog
Clearing Windows Eventlog
 
 
CreateRemoteThread from powershell.exe
CreateRemoteThread from powershell.exe
 
 
MMC Lateral Movment
MMC Lateral Movment
 
 
Malicious Shims
Malicious Shims
 
 
Processes on User Profile
Processes on User Profile
 
 
README.md
README.md
 
 
Reg export usage
Reg export usage
 
 
Ruler Detection
Ruler Detection
 
 
Sc.exe executed cmd.exe
Sc.exe executed cmd.exe
 
 
Simon Tatham signed processes to the internet
Simon Tatham signed processes to the internet
 
 
Susp_mmc_source
Susp_mmc_source
 
 
Suspicious certutil usage
Suspicious certutil usage
 
 
Suspicious executions of mstsc.exe
Suspicious executions of mstsc.exe
 
 
Unsigned Processes running from programdata with network connection
Unsigned Processes running from programdata with network connection
 
 
WMIprvse childrens
WMIprvse childrens
 
 
Windows Update UAC Bypass
Windows Update UAC Bypass
 
 
Wmic usage
Wmic usage
 
 
winrs
winrs
 
 

Repository files navigation

CB-Threat-Hunting

Carbon Black search queries that help security analysts in finding malicious activities.The search queries could be adjusted to be used elsewhere including sysmon

CarbonBlack MITRE ATT&CK Mapping

This will contain tested search queries to map most of Mitre ATTACK Framework to CarbonBlack. Will be updated from time to time

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.1%
  • DIGITAL Command Language 4.9%