Update Modules/tips.py
This commit is contained in:
@ -93,7 +93,97 @@ TIPS = [
|
||||
"⚙️ Investigate mismatches in user-agent strings in web traffic.",
|
||||
"🔍 Look for attackers leaving test artifacts like `1.txt` or `test.ps1`.",
|
||||
"📜 Track file hashes for unauthorized changes to key binaries.",
|
||||
"🚦 Review network traffic for abnormal TTL values."
|
||||
"🚦 Review network traffic for abnormal TTL values.",
|
||||
"🛡️ Identify rare parent-child process relationships in your environment.",
|
||||
"🔍 Investigate long-running processes, especially with elevated privileges.",
|
||||
"📊 Analyze PowerShell logs for encoded or obfuscated commands.",
|
||||
"🌐 Review TLS/SSL traffic for connections to self-signed certificates.",
|
||||
"📁 Monitor for temporary files with sensitive data remnants.",
|
||||
"🚦 Analyze unusual ICMP traffic patterns, often used in C2 communications.",
|
||||
"🔗 Watch for new shares created on file servers.",
|
||||
"🕵️♂️ Search for suspicious DNS TXT record queries.",
|
||||
"🔍 Investigate commands executed by `cmd.exe` or `bash`.",
|
||||
"🖥️ Look for abnormal usage of tools like `certutil` or `wget`.",
|
||||
"🔓 Monitor for attempted privilege escalation via sudo or su.",
|
||||
"📂 Search for files with names mimicking system executables.",
|
||||
"🚨 Look for multiple simultaneous logins to a single account.",
|
||||
"🛡️ Track binaries executed directly from the browser download folder.",
|
||||
"🌐 Monitor HTTP POST requests to unknown domains.",
|
||||
"📊 Analyze VPN connections for anomalies in duration or frequency.",
|
||||
"🔍 Check for DLLs loaded from unexpected directories.",
|
||||
"📂 Monitor `.tmp` files in system directories.",
|
||||
"🖋️ Look for encoded payloads in commonly abused file formats like `.docx`.",
|
||||
"🚦 Watch for network traffic containing known C2 patterns.",
|
||||
"🔧 Investigate changes to Local Security Authority (LSA) configuration.",
|
||||
"📈 Analyze system uptime for anomalies indicating potential reboots.",
|
||||
"🌐 Monitor unusual redirects in web server logs.",
|
||||
"📂 Investigate changes to `/etc/passwd` or SAM files.",
|
||||
"🛡️ Look for unauthorized modifications to PAM modules.",
|
||||
"🖋️ Examine email forwarding rules set by attackers for persistence.",
|
||||
"🚦 Analyze protocol mismatches in encrypted traffic.",
|
||||
"🔍 Search for executables or scripts hidden with spaces or special characters.",
|
||||
"📂 Look for ZIP/RAR archives with embedded malicious scripts.",
|
||||
"🌐 Monitor user-agent strings for indicators of automation.",
|
||||
"🚦 Watch for port scanning or unusual sequential connections.",
|
||||
"🔒 Track processes that directly modify system logs.",
|
||||
"📂 Monitor suspicious changes to file ownership or permissions.",
|
||||
"🛡️ Investigate suspicious network shares with modified permissions.",
|
||||
"🚀 Look for scripts invoking unauthorized API calls.",
|
||||
"🔧 Monitor changes to firewall rules allowing external access.",
|
||||
"🌍 Correlate suspicious geolocation patterns in remote logins.",
|
||||
"🖥️ Analyze command history for unusual usage.",
|
||||
"📤 Watch for data egress in unconventional formats.",
|
||||
"📊 Investigate mismatches between file metadata and actual content.",
|
||||
"🔍 Search for execution of commands like `nc` or `netcat`.",
|
||||
"🚨 Track endpoints with repeated failed DNS lookups.",
|
||||
"📂 Monitor files compressed using password protection.",
|
||||
"📡 Look for inbound SSH connections from unknown sources.",
|
||||
"🖋️ Investigate office documents with unusual macros.",
|
||||
"🚦 Watch for packet size anomalies in encrypted traffic.",
|
||||
"🔍 Analyze event logs for attempts to tamper with security settings.",
|
||||
"🛡️ Monitor software installations from untrusted certificates.",
|
||||
"📥 Investigate repeated connections to IPs without associated domains.",
|
||||
"📊 Look for binary downloads from suspicious URLs.",
|
||||
"🕵️♂️ Monitor registry changes related to persistence mechanisms.",
|
||||
"🛠️ Analyze anomalous changes in group memberships.",
|
||||
"📂 Investigate tampered antivirus exclusions or policies.",
|
||||
"📈 Search for inconsistencies in time-stamped files.",
|
||||
"🔧 Monitor default admin shares for unusual access.",
|
||||
"📜 Look for signs of log tampering in security audit logs.",
|
||||
"📡 Check SMB traffic for unauthorized access attempts.",
|
||||
"🖋️ Investigate PDFs with hidden payloads or JavaScript.",
|
||||
"🌐 Analyze web server headers for outdated or misconfigured software.",
|
||||
"📊 Look for modified or unexpected system images.",
|
||||
"🖥️ Monitor endpoint connections to public paste sites.",
|
||||
"🚦 Watch for stealthy TCP retransmissions in packet captures.",
|
||||
"📂 Investigate newly created service accounts with high privileges.",
|
||||
"🔧 Analyze processes creating non-standard network connections.",
|
||||
"📈 Monitor CPU and memory spikes during off-hours.",
|
||||
"🚀 Investigate scripts executed from uncommon locations.",
|
||||
"🌍 Correlate network traffic against threat intelligence sources.",
|
||||
"📤 Look for encrypted or compressed outbound data at odd times.",
|
||||
"📂 Monitor endpoints for large, unexpected file deletions.",
|
||||
"📡 Look for reverse shell attempts in network logs.",
|
||||
"🛡️ Investigate unusual browser plugins or extensions.",
|
||||
"📊 Search for unexplained registry run keys.",
|
||||
"🔧 Investigate unusual file naming conventions in backup locations.",
|
||||
"🖥️ Monitor desktop activity for unscheduled screenshots or keylogging.",
|
||||
"📜 Investigate systems with missing or altered critical files.",
|
||||
"🚦 Correlate failed authentications with brute-force patterns.",
|
||||
"📂 Analyze temporary folders for suspicious script files.",
|
||||
"🔍 Look for attackers testing connectivity via `ping` or traceroute.",
|
||||
"📊 Track spikes in file-sharing activity.",
|
||||
"🌐 Review web traffic logs for possible data leakage.",
|
||||
"🖋️ Investigate documents with high entropy in their metadata.",
|
||||
"📤 Look for staging directories with suspicious files.",
|
||||
"🕵️♂️ Monitor access logs for unauthorized application startups.",
|
||||
"📂 Investigate tampered scheduled jobs or cron entries.",
|
||||
"🛡️ Analyze unauthorized password resets or account creations.",
|
||||
"🔧 Search for hidden tasks in task scheduler or cron jobs.",
|
||||
"📡 Investigate unusual or repeated ARP requests.",
|
||||
"🌍 Correlate IoT device traffic patterns with known exploits.",
|
||||
"🚦 Monitor DNS requests with large or binary-like payloads.",
|
||||
"📈 Look for repeated HTTP 401 (Unauthorized) responses."
|
||||
]
|
||||
|
||||
# Cybersecurity jokes
|
||||
|
||||
Reference in New Issue
Block a user