Infosec.Pub
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
digicatM to blueteamsecEnglish · 2 months ago

100 Days of KQL 2026: Various rules from days 9 and 10

message-square
message-square
0
link
fedilink
3
message-square

100 Days of KQL 2026: Various rules from days 9 and 10

digicatM to blueteamsecEnglish · 2 months ago
message-square
0
link
fedilink

Query to identify internet facing devices and then find those running the MongoDB service with a version impacted by the MongoBleed vulnerability https://github.com/m4nbat/100_days_of_kql_2026/blob/main/day10_mongobleed_vuln.md

Creation of .proj file in suspicious location eventually used to to bypass AV detection with msbuild.exe use. https://github.com/m4nbat/100_days_of_kql_2026/blob/main/day9_suspicious_filecreation_msbuild_ttp.md

alert-triangle
You must log in or # to comment.

blueteamsec

blueteamsec

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 3 users / day
  • 83 users / week
  • 345 users / month
  • 957 users / 6 months
  • 228 local subscribers
  • 651 subscribers
  • 2.65K Posts
  • 212 Comments
  • Modlog
  • mods:
  • digicat
  • BE: 0.19.16
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org