Manual
Search...
Ctrl + K
BluGenie
Artifacts
Tactical Artifacts by Category
EventLog Query
Previous
Query Autorun locations for any item nested that is not digitally signed
Next
Query for Process execution from unusual directories
Last updated
3 years ago
Query for Process execution from unusual directories
Query suspicious programs processed by the Task Scheduler using the Event Log
Query for unusual instances of rundll32.exe via the Event Log
Query for Unusual Instances of rundll32.exe making outbound network connections using SysMon Data
Query Suspicious Powershell Command Line Executions
Query the Windows System Log for 104, 517, 1102