Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
GitHub

delete_shadowcopy_with_powershell.yml

description: The following analytic detects the use of PowerShell to delete shadow copies via the WMIC PowerShell module. It leverages EventCode 4104 and searches for specific keywords like ...
OSTechNix

EmDash: The Secure, Fast TypeScript Successor to WordPress

EmDash is an open-source CMS built on Astro and Cloudflare. Featuring sandboxed plugins, AI-native tools, and 66% faster ...
GitHub

detect_new_local_admin_account.yml

description: The following analytic detects the creation of new accounts elevated to local administrators. It uses Windows event logs, specifically EventCode 4720 (user account creation) and EventCode ...