Issac Briones (1d8)
Contributed Techniques
Technique Name Technique ID's Snippet(s) Rules(s) OS
WMI Event Subscriptions U1353
XBEL Recently Opened Files Check U1352
Default Windows Wallpaper Check U1351
Event Triggered Execution: Linux Inotify U1245 T1546
Replication Through Removable Media U1012 T1091
Impair Defenses: Impair Command History Logging T1562.003
AppInit DLL Injection U1244 T1546
Contributed Code Snippets
Technique Language OS Creation Date
WMI Event Subscriptions PowerShell 2 weeks, 5 days
XBEL Recently Opened Files Check Python 3 months, 2 weeks
Virtualization/Sandbox Evasion: User Activity Based Checks Python 4 months, 2 weeks
Default Windows Wallpaper Check Golang 4 months, 2 weeks
Event Triggered Execution: Linux Inotify Python 5 months
Replication Through Removable Media Python 6 months
AppInit DLL Injection C 8 months
Hide Artifacts: Hidden Window C 8 months