Issac Briones (1d8)
Contributed Techniques
Technique Name Technique ID's Snippet(s) Rules(s) OS
WMI Event Subscriptions U1353
XBEL Recently Opened Files Check U1352
Default Windows Wallpaper Check U1351
Event Triggered Execution: Linux Inotify U1245 T1546
Replication Through Removable Media U1012 T1091
Impair Defenses: Impair Command History Logging T1562.003
AppInit DLL Injection U1244 T1546
Contributed Code Snippets
Technique Language OS Creation Date
WMI Event Subscriptions PowerShell 3 months
XBEL Recently Opened Files Check Python 6 months
Virtualization/Sandbox Evasion: User Activity Based Checks Python 7 months
Default Windows Wallpaper Check Golang 7 months
Event Triggered Execution: Linux Inotify Python 7 months, 2 weeks
Replication Through Removable Media Python 8 months, 2 weeks
AppInit DLL Injection C 10 months, 3 weeks
Hide Artifacts: Hidden Window C 10 months, 3 weeks