Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker ...
Windows Report

Fix: 'Java' is not Recognized as an Internal or External Command

If 'Java' is not recognized as an internal or external command, operable program, or batch file, you need to take a closer look at the variable paths. Usually, it's the missing Bin directory that ...
GitHub

detect_new_local_admin_account.yml

description: The following analytic detects the creation of new accounts elevated to local administrators. It uses Windows event logs, specifically EventCode 4720 (user account creation) and EventCode ...
GitHub

registry_keys_used_for_persistence.yml

description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...