How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots
ATT&CK techniques detected
T1564.006Run Virtual Instance
78%
“vmware : https : / / docs. netgate. com / pfsense / en / latest / virtualization / virtualizing - pfsense - with - vmware - vsphere - esxi. html. iso download : https : / / www. pfsense. org / download / windows server 2016 – domain controller 1 vcpu ( 2 is better ), 4gb ram ( mo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
43%
“= import manifest ) wevtutil im c : \ windows \ system32 \ customeventchannels. man increase the size of the channels ( log buckets ) in powershell now! not cmd. cmd c : \ > powershell - ep bypass $ xml = wevtutil el | select - string - pattern " wec " foreach ( $ subscription in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors […]
The post How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots appeared first on Black Hills Information Security, Inc..