Upload files to "Modules"
This commit is contained in:
@ -3,6 +3,21 @@ import re
|
|||||||
|
|
||||||
|
|
||||||
TIPS = [
|
TIPS = [
|
||||||
|
"💻 Make sure your Host Agents are not disabled by the APT/Red Team.",
|
||||||
|
"🛡️ Ensure EDR and antivirus solutions are actively monitoring all endpoints.",
|
||||||
|
"🔒 Monitor for unusual attempts to disable or uninstall security agents.",
|
||||||
|
"📊 Know what type of logs you are receiving.",
|
||||||
|
"🔍 Understand your log sources and validate their integrity.",
|
||||||
|
"📈 Ensure critical logs like authentication, network traffic, and process activity are being collected.",
|
||||||
|
"📧 Phishing is a common initial access attempt.",
|
||||||
|
"🛑 Train employees to recognize and report phishing emails promptly.",
|
||||||
|
"🕵️♀️ Investigate email attachments or links for suspicious behavior.",
|
||||||
|
"👽 Initial Access, Lateral Movement, and C2 are the easiest to catch.",
|
||||||
|
"🌐 Watch for strange connections to uncommon IPs or ports for C2 detection.",
|
||||||
|
"🔗 Track login patterns for signs of lateral movement across systems.",
|
||||||
|
"🛠️ Create Alerts tailored to your APT.",
|
||||||
|
"🚨 Develop rules based on TTPs of the threats your organization faces.",
|
||||||
|
"👾 Use known threat actor behavior as a baseline for detection.",
|
||||||
"🔐 Look for multiple failed login attempts followed by a success.",
|
"🔐 Look for multiple failed login attempts followed by a success.",
|
||||||
"👥 Monitor for the creation of suspicious or unusual accounts.",
|
"👥 Monitor for the creation of suspicious or unusual accounts.",
|
||||||
"🖋️ Keep an eye out for renamed files or sudden changes to file extensions.",
|
"🖋️ Keep an eye out for renamed files or sudden changes to file extensions.",
|
||||||
|
|||||||
Reference in New Issue
Block a user