├── CrowdStrike_Falcon_Post_Exploitation_Hunt.txt
├── LICENSE
├── README.md
├── T1197_bitsadmin.txt
├── splunk_sysmon_Possible_Conti_Ransomware_Activity.txt
├── splunk_sysmon_T1003.003_ntda.dit.txt
├── splunk_sysmon_T1034_Findstr.txt
├── splunk_sysmon_T1053_SchTasks.txt
├── splunk_sysmon_T1076_Potential_RDP_Hijacking.txt
├── splunk_sysmon_T1096_esentutl.txt
├── splunk_sysmon_T1098_net_user_add.txt
├── splunk_sysmon_T1117_regsvr32.txt
├── splunk_sysmon_T1127_msbuild.txt
├── splunk_sysmon_T1140_certutil.txt
├── splunk_sysmon_T1170_mshta.txt
├── splunk_sysmon_T1170_mshta_with_network_connections.txt
├── splunk_sysmon_T1191_cmstp.txt
├── splunk_sysmon_T1196_control.txt
├── splunk_sysmon_T1212_SilverTicket.txt
├── splunk_sysmon_T1218.013_mavinject.txt
├── splunk_sysmon_T1218_InfDefaultInstall.txt
├── splunk_sysmon_T1218_Register_cimprovider.txt
├── splunk_sysmon_T1218_msiexec.txt
├── splunk_sysmon_T1218_odbcconf.txt
├── splunk_sysmon_T1218_pcalua.txt
├── splunk_sysmon_T1223_htmlhelp.txt
├── splunk_sysmon_lolbins_hunt_base_score.txt
├── splunk_sysmon_lolbins_hunt_base_score_stats_by_computername.txt
├── splunk_sysmon_lolbins_hunt_with_threat-count.txt
├── splunk_sysmon_lolbins_hunt_with_threat-count_renamed_binaries.txt
├── splunk_sysmon_lolbins_hunt_with_threat-count_stats_by_computername.txt
└── splunk_sysmon_malicious_powershell_hunt.txt


/CrowdStrike_Falcon_Post_Exploitation_Hunt.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/CrowdStrike_Falcon_Post_Exploitation_Hunt.txt


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/README.md


--------------------------------------------------------------------------------
/T1197_bitsadmin.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/T1197_bitsadmin.txt


--------------------------------------------------------------------------------
/splunk_sysmon_Possible_Conti_Ransomware_Activity.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_Possible_Conti_Ransomware_Activity.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1003.003_ntda.dit.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1003.003_ntda.dit.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1034_Findstr.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1034_Findstr.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1053_SchTasks.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1053_SchTasks.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1076_Potential_RDP_Hijacking.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1076_Potential_RDP_Hijacking.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1096_esentutl.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1096_esentutl.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1098_net_user_add.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1098_net_user_add.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1117_regsvr32.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1117_regsvr32.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1127_msbuild.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1127_msbuild.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1140_certutil.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1140_certutil.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1170_mshta.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1170_mshta.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1170_mshta_with_network_connections.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1170_mshta_with_network_connections.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1191_cmstp.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1191_cmstp.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1196_control.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1196_control.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1212_SilverTicket.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1212_SilverTicket.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1218.013_mavinject.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1218.013_mavinject.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1218_InfDefaultInstall.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1218_InfDefaultInstall.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1218_Register_cimprovider.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1218_Register_cimprovider.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1218_msiexec.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1218_msiexec.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1218_odbcconf.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1218_odbcconf.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1218_pcalua.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1218_pcalua.txt


--------------------------------------------------------------------------------
/splunk_sysmon_T1223_htmlhelp.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_T1223_htmlhelp.txt


--------------------------------------------------------------------------------
/splunk_sysmon_lolbins_hunt_base_score.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_lolbins_hunt_base_score.txt


--------------------------------------------------------------------------------
/splunk_sysmon_lolbins_hunt_base_score_stats_by_computername.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_lolbins_hunt_base_score_stats_by_computername.txt


--------------------------------------------------------------------------------
/splunk_sysmon_lolbins_hunt_with_threat-count.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_lolbins_hunt_with_threat-count.txt


--------------------------------------------------------------------------------
/splunk_sysmon_lolbins_hunt_with_threat-count_renamed_binaries.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_lolbins_hunt_with_threat-count_renamed_binaries.txt


--------------------------------------------------------------------------------
/splunk_sysmon_lolbins_hunt_with_threat-count_stats_by_computername.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_lolbins_hunt_with_threat-count_stats_by_computername.txt


--------------------------------------------------------------------------------
/splunk_sysmon_malicious_powershell_hunt.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/paladin316/ThreatHunting/HEAD/splunk_sysmon_malicious_powershell_hunt.txt


--------------------------------------------------------------------------------