Tag

T1685

3 briefs RSS

low advisory

GitHub Push Protection Bypass Detection

2 rules

Detection of a GitHub user bypassing push protection, potentially leading to the exposure of secrets.

Github defense-impairment t1685

2r Apr 29, 2024

high advisory

ETW Registry Disabled via Registry Modification

2 rules 1 TTP

Attackers may disable Event Tracing for Windows (ETW) for the .NET Framework by modifying the ETWEnabled registry value, allowing them to evade endpoint detection and response (EDR) tools and hide malicious activity.

.NETFramework +3 etw registry defense-evasion windows t1127 t1685

2r 1t Jan 3, 2024

medium advisory

ESXi Download Error Detection

2 rules 2 TTPs

Detection of failed file download attempts on ESXi hosts, potentially indicating unauthorized or malicious activity such as installing or updating components, including VIBs or scripts.

ESXi +3 vmware syslog anomaly T1601.001 T1685 ESXi Post Compromise Black Basta Ransomware Infrastructure +1

2r 2t Jan 3, 2024