Ramblings about MITRE ATT&CK, CarbonBlack Response, and Powershell
Sometimes building MITRE ATT&CK detection rules in your environment can be a piece of cake if you don’t have a whole lot of endpoints to deal with but if you’re like me and work for a large enterprise it can be quite painful. A simple search for cmd.exe or powershell.exe in your EDR (Endpoint Detection … Continue reading Ramblings about MITRE ATT&CK, CarbonBlack Response, and Powershell
A blog about Digital Forensics and Incident Response 