edr-telemetry

Here are 3 public repositories matching this topic...

Compcode1 / ios9-scheduled-task

This case study documents an advanced persistence technique involving a scheduled task launching base64-encoded PowerShell, used to execute malicious commands without dropping traditional malware to disk.

powershell scheduled-task ioc-analysis edr-telemetry fileless-persistence

Updated May 13, 2025
Jupyter Notebook

Compcode1 / ioc4-unsigned-executable

Star

This case study focused on a low-profile intrusion attempt involving a standalone executable (patcher.exe) found in a writable but non-standard directory (C:\ProgramData\WinUpdate).

cybersecurity edr-telemetry unsigned-executable-detection application-triage-framework host-log-cross-reference-protocol

Updated May 11, 2025
Jupyter Notebook

Compcode1 / ioc2-process-spawn-dll

Star

In this second case study of the structured IOC triage series, we examined a subtle but dangerous host-based compromise involving the abuse of the Windows utility `rundll32.exe` to execute a malicious DLL payload.

cybersecurity windows-forensics ioc-analysis edr-telemetry dll-investigation

Updated May 10, 2025
Jupyter Notebook

Improve this page

Add a description, image, and links to the edr-telemetry topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the edr-telemetry topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly