Vulnerability scanners @GitHub
Tools @Testlab
macOS EDR techniques
Linux EDR techniques
Windows EDR techniques
EDR shell scripts @GitHub
Windows core
Windows sysinternals
Windows event logs
Sysmon
Osquery basics
Exploring the core processes within a Windows OS and understand what normal behaviour is.
This foundational knowledge will help identify malicious processes running on an endpoint.
smss.exe
csrss.exe
wininit.exe
services.exe
svchost.exe
lsass.exe
winlogon.exe
explorer.exe
