Skip to content

Latest commit

 

History

History
8 lines (7 loc) · 737 Bytes

README.md

File metadata and controls

8 lines (7 loc) · 737 Bytes

WazuhRedTeamLab

I wanted to track some of the ttps/methods I was learning while in CRTO2. This isnt perfect, and will be refined over time. Some of the API calls are still very vague. Theres some obvious ttps that I left out to reduce noise. These are commented out in the ruleset and can be changed. This is a mix of things ive found from other creators and some ive implemeted myself/tweaked.

Research that helped: https://github.com/jsecurity101/TelemetrySource jsecurity for rev engineering sysmon and correlating events to win32 API calls. and as always; thanks to the spectreops bois https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971 https://specterops.io/wp-content/uploads/sites/3/2022/06/Subverting_Sysmon.pdf