Quick Wins

#Default Named Pipes from Cobalt Strike
postex_

#Account lockout event log 4740 with default windows naming convention or kali linux.
hostname=kali

#Filenames with simple spellings
abc.exe
1.exe

#Post exploit tools that haven't been renamed
plink.exe
Mimikatz.exe
ngrok.exe
socks.exe

PreviousWindows Event Logs NextDocker

Last updated 7 months ago