Infosec.Pub
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
digicatM to blueteamsecEnglish · 12 days ago

100 Days of KQL 2026: Various rules from days 9 and 10

message-square
message-square
0
link
fedilink
3
message-square

100 Days of KQL 2026: Various rules from days 9 and 10

digicatM to blueteamsecEnglish · 12 days ago
message-square
0
link
fedilink

Query to identify internet facing devices and then find those running the MongoDB service with a version impacted by the MongoBleed vulnerability https://github.com/m4nbat/100_days_of_kql_2026/blob/main/day10_mongobleed_vuln.md

Creation of .proj file in suspicious location eventually used to to bypass AV detection with msbuild.exe use. https://github.com/m4nbat/100_days_of_kql_2026/blob/main/day9_suspicious_filecreation_msbuild_ttp.md

alert-triangle
You must log in or # to comment.

blueteamsec

blueteamsec

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 5 users / day
  • 100 users / week
  • 302 users / month
  • 974 users / 6 months
  • 219 local subscribers
  • 594 subscribers
  • 2.07K Posts
  • 166 Comments
  • Modlog
  • mods:
  • digicat
  • BE: 0.19.13
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org