Skip to content

I wanted to track some of the ttps/methods I was learning while in CRTO2. This isnt perfect, and will be refined over time.

Notifications You must be signed in to change notification settings

kyle41111/WazuhRedTeamLab

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

WazuhRedTeamLab

I wanted to track some of the ttps/methods I was learning while in CRTO2. This isnt perfect, and will be refined over time. Some of the API calls are still very vague. Theres some obvious ttps that I left out to reduce noise. These are commented out in the ruleset and can be changed. This is a mix of things ive found from other creators and some ive implemeted myself/tweaked.

Research that helped: https://github.com/jsecurity101/TelemetrySource jsecurity for rev engineering sysmon and correlating events to win32 API calls. and as always; thanks to the spectreops bois https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971 https://specterops.io/wp-content/uploads/sites/3/2022/06/Subverting_Sysmon.pdf

About

I wanted to track some of the ttps/methods I was learning while in CRTO2. This isnt perfect, and will be refined over time.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published