├── ADVERSARY_TEMPLATE.md
├── HUNTING_TECHNIQUES.md
├── LICENSE
├── README.md
├── TECHNIQUE_TEMPLATE.md
├── adversary_attribution
    ├── APT1.md
    ├── APT12.md
    ├── APT16.md
    ├── APT17.md
    ├── APT18.md
    ├── APT28.md
    ├── APT29.md
    ├── APT3.md
    ├── APT30.md
    ├── APT32.md
    ├── Axiom.md
    ├── Carbanak.md
    ├── Cleaver.md
    ├── Darkhotel.md
    ├── Deep Panda.md
    ├── DragonOK.md
    ├── Dragonfly.md
    ├── Dust Storm.md
    ├── Equation.md
    ├── FIN10.md
    ├── FIN6.md
    ├── FIN7.md
    ├── GCMAN.md
    ├── Gamaredon Group.md
    ├── Group5.md
    ├── Ke3chang.md
    ├── Lazarus Group.md
    ├── Lotus Blossom.md
    ├── MONSOON.md
    ├── Moafee.md
    ├── Molerats.md
    ├── Naikon.md
    ├── Night Dragon.md
    ├── OilRig.md
    ├── Patchwork.md
    ├── PittyTiger.md
    ├── Poseidon Group.md
    ├── Putter Panda.md
    ├── README.md
    ├── RTM.md
    ├── Sandworm Team.md
    ├── Scarlet Mimic.md
    ├── Stealth Falcon.md
    ├── Strider.md
    ├── Suckfly.md
    ├── Taidoor.md
    ├── Threat Group-1314.md
    ├── Threat Group-3390.md
    ├── Turla.md
    ├── Winnti Group.md
    ├── admin@338.md
    └── menuPass.md
├── metrics
    └── HuntTeam_HeatMap.xlsx
├── resources
    ├── README.md
    ├── papers
    │   ├── 16-3713-finding-cyber-threats with att&ck-based-analytics.pdf
    │   ├── 20170612_Detecting_LM.pdf
    │   ├── Network_Profiling_Using_Flow.pdf
    │   ├── SpecterOps_Subverting_Trust_in_Windows.pdf
    │   ├── advanced-threat-detection-and-response-tech-brief.pdf
    │   └── revoke-obfuscation-report.pdf
    └── presentations
    │   └── FIRST-2017_Tom-Ueltschi_Sysmon_FINAL.pdf
└── tactical_groups
    ├── credential_access
        ├── account_manipulation
        │   └── mimikatz_skeleton_key.md
        ├── credential_dumping
        │   └── in_memory_mimikatz.md
        ├── json
        │   ├── in_memory_mimikatz.json
        │   └── wdigest_downgrade.json
        └── wdigest_downgrade.md
    ├── defense_evasion
        ├── bypass_whitelisting_ieexec.md
        ├── bypass_whitelisting_installutil.md
        ├── bypass_whitelisting_odbcconf.md
        ├── bypass_whitelisting_regsvcs_regasm.md
        ├── bypass_whitelisting_regsvr32.md
        ├── dllinjection_via_loadlibrary.md
        ├── indicator_removal_on_host.md
        ├── json
        │   └── bypass_whitelisting_ieexec.json
        └── trusted_developer_utilities
        │   └── bypass_whitelisting_msbuild.md
    ├── discovery
        ├── json
        │   └── kerberoasting_activity.json
        ├── kerberoasting_activity.md
        ├── remote_dir_share_enumeration.md
        └── users_groups_enumeration.md
    ├── execution
        ├── bitsadmin.md
        ├── json
        │   └── office_process_creation.json
        └── office_process_creation.md
    ├── lateral_movement
        ├── create_remote_process_wmic.md
        ├── in_memory_mimikatz_pth.md
        ├── json
        │   └── create_remote_process_wmic.json
        ├── pass_the_hash.md
        ├── remote_desktop_logon.md
        ├── remote_execution_via_services.md
        ├── remote_file_copy.md
        ├── remote_powershell_sessions.md
        └── wmimplant_command_exec.md
    ├── persistence
        ├── appcompat_shim_databases.md
        ├── appinit_dlls.md
        ├── authentication_package.md
        ├── disable_password_change.md
        ├── dns_exe_dll_injection.md
        ├── json
        │   ├── authentication_package.json
        │   └── local_port_monitor.json
        ├── local_port_monitor.md
        └── windowsupdate_autostartkey.md
    └── privilege_escalation
        ├── bypass_user_account_control
            ├── eventvwr_bypassuac.md
            └── fodhelper_bypassuac.md
        └── json
            └── eventvwr_bypassuac.json


/ADVERSARY_TEMPLATE.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/ADVERSARY_TEMPLATE.md


--------------------------------------------------------------------------------
/HUNTING_TECHNIQUES.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/HUNTING_TECHNIQUES.md


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/README.md


--------------------------------------------------------------------------------
/TECHNIQUE_TEMPLATE.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/TECHNIQUE_TEMPLATE.md


--------------------------------------------------------------------------------
/adversary_attribution/APT1.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT1.md


--------------------------------------------------------------------------------
/adversary_attribution/APT12.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT12.md


--------------------------------------------------------------------------------
/adversary_attribution/APT16.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT16.md


--------------------------------------------------------------------------------
/adversary_attribution/APT17.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT17.md


--------------------------------------------------------------------------------
/adversary_attribution/APT18.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT18.md


--------------------------------------------------------------------------------
/adversary_attribution/APT28.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT28.md


--------------------------------------------------------------------------------
/adversary_attribution/APT29.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT29.md


--------------------------------------------------------------------------------
/adversary_attribution/APT3.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT3.md


--------------------------------------------------------------------------------
/adversary_attribution/APT30.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT30.md


--------------------------------------------------------------------------------
/adversary_attribution/APT32.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/APT32.md


--------------------------------------------------------------------------------
/adversary_attribution/Axiom.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Axiom.md


--------------------------------------------------------------------------------
/adversary_attribution/Carbanak.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Carbanak.md


--------------------------------------------------------------------------------
/adversary_attribution/Cleaver.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Cleaver.md


--------------------------------------------------------------------------------
/adversary_attribution/Darkhotel.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Darkhotel.md


--------------------------------------------------------------------------------
/adversary_attribution/Deep Panda.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Deep Panda.md


--------------------------------------------------------------------------------
/adversary_attribution/DragonOK.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/DragonOK.md


--------------------------------------------------------------------------------
/adversary_attribution/Dragonfly.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Dragonfly.md


--------------------------------------------------------------------------------
/adversary_attribution/Dust Storm.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Dust Storm.md


--------------------------------------------------------------------------------
/adversary_attribution/Equation.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Equation.md


--------------------------------------------------------------------------------
/adversary_attribution/FIN10.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/FIN10.md


--------------------------------------------------------------------------------
/adversary_attribution/FIN6.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/FIN6.md


--------------------------------------------------------------------------------
/adversary_attribution/FIN7.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/FIN7.md


--------------------------------------------------------------------------------
/adversary_attribution/GCMAN.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/GCMAN.md


--------------------------------------------------------------------------------
/adversary_attribution/Gamaredon Group.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Gamaredon Group.md


--------------------------------------------------------------------------------
/adversary_attribution/Group5.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Group5.md


--------------------------------------------------------------------------------
/adversary_attribution/Ke3chang.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Ke3chang.md


--------------------------------------------------------------------------------
/adversary_attribution/Lazarus Group.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Lazarus Group.md


--------------------------------------------------------------------------------
/adversary_attribution/Lotus Blossom.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Lotus Blossom.md


--------------------------------------------------------------------------------
/adversary_attribution/MONSOON.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/MONSOON.md


--------------------------------------------------------------------------------
/adversary_attribution/Moafee.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Moafee.md


--------------------------------------------------------------------------------
/adversary_attribution/Molerats.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Molerats.md


--------------------------------------------------------------------------------
/adversary_attribution/Naikon.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Naikon.md


--------------------------------------------------------------------------------
/adversary_attribution/Night Dragon.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Night Dragon.md


--------------------------------------------------------------------------------
/adversary_attribution/OilRig.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/OilRig.md


--------------------------------------------------------------------------------
/adversary_attribution/Patchwork.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Patchwork.md


--------------------------------------------------------------------------------
/adversary_attribution/PittyTiger.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/PittyTiger.md


--------------------------------------------------------------------------------
/adversary_attribution/Poseidon Group.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Poseidon Group.md


--------------------------------------------------------------------------------
/adversary_attribution/Putter Panda.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Putter Panda.md


--------------------------------------------------------------------------------
/adversary_attribution/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/README.md


--------------------------------------------------------------------------------
/adversary_attribution/RTM.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/RTM.md


--------------------------------------------------------------------------------
/adversary_attribution/Sandworm Team.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Sandworm Team.md


--------------------------------------------------------------------------------
/adversary_attribution/Scarlet Mimic.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Scarlet Mimic.md


--------------------------------------------------------------------------------
/adversary_attribution/Stealth Falcon.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Stealth Falcon.md


--------------------------------------------------------------------------------
/adversary_attribution/Strider.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Strider.md


--------------------------------------------------------------------------------
/adversary_attribution/Suckfly.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Suckfly.md


--------------------------------------------------------------------------------
/adversary_attribution/Taidoor.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Taidoor.md


--------------------------------------------------------------------------------
/adversary_attribution/Threat Group-1314.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Threat Group-1314.md


--------------------------------------------------------------------------------
/adversary_attribution/Threat Group-3390.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Threat Group-3390.md


--------------------------------------------------------------------------------
/adversary_attribution/Turla.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Turla.md


--------------------------------------------------------------------------------
/adversary_attribution/Winnti Group.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/Winnti Group.md


--------------------------------------------------------------------------------
/adversary_attribution/admin@338.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/admin@338.md


--------------------------------------------------------------------------------
/adversary_attribution/menuPass.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/adversary_attribution/menuPass.md


--------------------------------------------------------------------------------
/metrics/HuntTeam_HeatMap.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/metrics/HuntTeam_HeatMap.xlsx


--------------------------------------------------------------------------------
/resources/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/README.md


--------------------------------------------------------------------------------
/resources/papers/16-3713-finding-cyber-threats with att&ck-based-analytics.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/papers/16-3713-finding-cyber-threats with att&ck-based-analytics.pdf


--------------------------------------------------------------------------------
/resources/papers/20170612_Detecting_LM.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/papers/20170612_Detecting_LM.pdf


--------------------------------------------------------------------------------
/resources/papers/Network_Profiling_Using_Flow.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/papers/Network_Profiling_Using_Flow.pdf


--------------------------------------------------------------------------------
/resources/papers/SpecterOps_Subverting_Trust_in_Windows.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/papers/SpecterOps_Subverting_Trust_in_Windows.pdf


--------------------------------------------------------------------------------
/resources/papers/advanced-threat-detection-and-response-tech-brief.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/papers/advanced-threat-detection-and-response-tech-brief.pdf


--------------------------------------------------------------------------------
/resources/papers/revoke-obfuscation-report.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/papers/revoke-obfuscation-report.pdf


--------------------------------------------------------------------------------
/resources/presentations/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/resources/presentations/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL.pdf


--------------------------------------------------------------------------------
/tactical_groups/credential_access/account_manipulation/mimikatz_skeleton_key.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/credential_access/account_manipulation/mimikatz_skeleton_key.md


--------------------------------------------------------------------------------
/tactical_groups/credential_access/credential_dumping/in_memory_mimikatz.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/credential_access/credential_dumping/in_memory_mimikatz.md


--------------------------------------------------------------------------------
/tactical_groups/credential_access/json/in_memory_mimikatz.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/credential_access/json/in_memory_mimikatz.json


--------------------------------------------------------------------------------
/tactical_groups/credential_access/json/wdigest_downgrade.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/credential_access/json/wdigest_downgrade.json


--------------------------------------------------------------------------------
/tactical_groups/credential_access/wdigest_downgrade.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/credential_access/wdigest_downgrade.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/bypass_whitelisting_ieexec.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/bypass_whitelisting_ieexec.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/bypass_whitelisting_installutil.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/bypass_whitelisting_installutil.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/bypass_whitelisting_odbcconf.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/bypass_whitelisting_odbcconf.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/bypass_whitelisting_regsvcs_regasm.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/bypass_whitelisting_regsvcs_regasm.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/bypass_whitelisting_regsvr32.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/bypass_whitelisting_regsvr32.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/dllinjection_via_loadlibrary.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/dllinjection_via_loadlibrary.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/indicator_removal_on_host.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/indicator_removal_on_host.md


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/json/bypass_whitelisting_ieexec.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/json/bypass_whitelisting_ieexec.json


--------------------------------------------------------------------------------
/tactical_groups/defense_evasion/trusted_developer_utilities/bypass_whitelisting_msbuild.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/defense_evasion/trusted_developer_utilities/bypass_whitelisting_msbuild.md


--------------------------------------------------------------------------------
/tactical_groups/discovery/json/kerberoasting_activity.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/discovery/json/kerberoasting_activity.json


--------------------------------------------------------------------------------
/tactical_groups/discovery/kerberoasting_activity.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/discovery/kerberoasting_activity.md


--------------------------------------------------------------------------------
/tactical_groups/discovery/remote_dir_share_enumeration.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/discovery/remote_dir_share_enumeration.md


--------------------------------------------------------------------------------
/tactical_groups/discovery/users_groups_enumeration.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/discovery/users_groups_enumeration.md


--------------------------------------------------------------------------------
/tactical_groups/execution/bitsadmin.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/execution/bitsadmin.md


--------------------------------------------------------------------------------
/tactical_groups/execution/json/office_process_creation.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/execution/json/office_process_creation.json


--------------------------------------------------------------------------------
/tactical_groups/execution/office_process_creation.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/execution/office_process_creation.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/create_remote_process_wmic.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/create_remote_process_wmic.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/in_memory_mimikatz_pth.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/in_memory_mimikatz_pth.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/json/create_remote_process_wmic.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/json/create_remote_process_wmic.json


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/pass_the_hash.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/pass_the_hash.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/remote_desktop_logon.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/remote_desktop_logon.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/remote_execution_via_services.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/remote_execution_via_services.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/remote_file_copy.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/remote_file_copy.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/remote_powershell_sessions.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/remote_powershell_sessions.md


--------------------------------------------------------------------------------
/tactical_groups/lateral_movement/wmimplant_command_exec.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/lateral_movement/wmimplant_command_exec.md


--------------------------------------------------------------------------------
/tactical_groups/persistence/appcompat_shim_databases.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/appcompat_shim_databases.md


--------------------------------------------------------------------------------
/tactical_groups/persistence/appinit_dlls.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/appinit_dlls.md


--------------------------------------------------------------------------------
/tactical_groups/persistence/authentication_package.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/authentication_package.md


--------------------------------------------------------------------------------
/tactical_groups/persistence/disable_password_change.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/disable_password_change.md


--------------------------------------------------------------------------------
/tactical_groups/persistence/dns_exe_dll_injection.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/dns_exe_dll_injection.md


--------------------------------------------------------------------------------
/tactical_groups/persistence/json/authentication_package.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/json/authentication_package.json


--------------------------------------------------------------------------------
/tactical_groups/persistence/json/local_port_monitor.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/json/local_port_monitor.json


--------------------------------------------------------------------------------
/tactical_groups/persistence/local_port_monitor.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/local_port_monitor.md


--------------------------------------------------------------------------------
/tactical_groups/persistence/windowsupdate_autostartkey.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/persistence/windowsupdate_autostartkey.md


--------------------------------------------------------------------------------
/tactical_groups/privilege_escalation/bypass_user_account_control/eventvwr_bypassuac.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/privilege_escalation/bypass_user_account_control/eventvwr_bypassuac.md


--------------------------------------------------------------------------------
/tactical_groups/privilege_escalation/bypass_user_account_control/fodhelper_bypassuac.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/privilege_escalation/bypass_user_account_control/fodhelper_bypassuac.md


--------------------------------------------------------------------------------
/tactical_groups/privilege_escalation/json/eventvwr_bypassuac.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coolx28/ThreatHunter-Playbook/HEAD/tactical_groups/privilege_escalation/json/eventvwr_bypassuac.json


--------------------------------------------------------------------------------