Tag
high
advisory
Data Exfiltration via Curl to File-Sharing Websites
1 rule 1 TTPThis brief details the use of `curl.exe` by an attacker on a compromised Windows host to exfiltrate sensitive data to public file-sharing services, leading to potential data loss and regulatory non-compliance.
data-exfiltration
utility
windows
1r
1t
high
advisory
Sysinternals PsSuspend Suspicious Execution to Impair Defenses
1 ruleAdversaries are leveraging the legitimate Sysinternals PsSuspend utility to suspend critical security processes, such as Microsoft Defender Antivirus (`msmpeng.exe`), as a defense impairment technique to bypass endpoint detection and response (EDR) solutions.
Sysinternals PsSuspend
defense-evasion
utility
sysinternals
windows
1r