BluSapphire Manuals
BluSapphire
BluGenie

Powered by GitBook

On this page

BluGenie

Artifacts

Tactical Artifacts by Category

EventLog Query

PreviousQuery Autorun locations for any item nested that is not digitally signed NextQuery for Process execution from unusual directories

Last updated 3 years ago

Query for Process execution from unusual directories

Query suspicious programs processed by the Task Scheduler using the Event Log

Query for unusual instances of rundll32.exe via the Event Log

Query for Unusual Instances of rundll32.exe making outbound network connections using SysMon Data

Query Suspicious Powershell Command Line Executions

Query the Windows System Log for 104, 517, 1102