cd .. (Geri Dön)
siem-kutuphanesi/detection-use-cases/detection-use-cases-mitre-attck-tactics-and-techniques.md

Taktikler ve Teknikler

Mimikatz

İşletim Sistemi Kimlik Bilgilerinin Boşaltılması T1003 →

İşletim Sistemi Kimlik Bilgilerinin Boşaltılması: DCSync T1003.006 →

Powershell T1059.001 →

Şifre Püskürtme T1110.003 →

Erişim Jetonu Manipülasyonu T1134 →

Kerberoasting T1158.003 →

Hash T1550.002'yi iletin →

Altın Bilet T1558.001 ve Gümüş Bilet T1558.002 →

Ortadaki Düşman T1557 →

Ele Geçirme Yürütme Akışı: DLL Arama Siparişinin Ele Geçirilmesi T1574.001 →

Yanal Hareket TA0008 →

T1003 →

İşletim Sistemi Kimlik Bilgilerinin Boşaltılması T1003

Mimikatz

https://redcanary.com/threat-detection-report/threats/mimikatz/ →

https://redcanary.com/threat-detection-report/threats/mimikatz/

https://neil-fox.github.io/Mimikatz-usage-&-detection/ →

https://neil-fox.github.io/Mimikatz-usage-&-detection/

https://medium.com/@levurge/detecting-mimikatz-with-sysmon-f6a96669747e →

https://medium.com/@levurge/detecting-mimikatz-with-sysmon-f6a96669747e

T1003.006 →

İşletim Sistemi Kimlik Bilgilerinin Boşaltılması: DCSync T1003.006

https://www.alteredsecurity.com/post/a-primer-on-dcsync-attack-and-detection →

https://www.alteredsecurity.com/post/a-primer-on-dcsync-attack-and-detection

T1059.001 →

Powershell T1059.001

Potansiyel olarak şüpheli komutlar

https://gist.github.com/gfoss/2b39d680badd2cad9d82 →

https://gist.github.com/gfoss/2b39d680badd2cad9d82

Mandiant'ın Powershell günlüğe kaydetme kılavuzu

https://cloud.google.com/security/mandiant →

https://cloud.google.com/security/mandiant

T1110.003 →

Şifre Püskürtme T1110.003

https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing →

https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing

T1134 →

Erişim Jetonu Manipülasyonu T1134

https://www.elastic.co/blog/how-attackers-abuse-access-token-manipulation →

https://www.elastic.co/blog/how-attackers-abuse-access-token-manipulation

T1158.003 →

Kerberoasting T1158.003

https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activity →

https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activity

https://adsecurity.org/?p=3458 →

https://adsecurity.org/?p=3458

https://www.redsiege.com/blog/2020/10/detecting-kerberoasting/ → YAYINDAN KALDIRILDI

https://www.redsiege.com/blog/2020/10/detecting-kerberoasting/ YAYINDAN KALDIRILDI

T1550.002 →

Hash T1550.002'yi iletin

https://threathuntingreadings.com/passthehashwhatisandhowcanwedetectit/ → YAYINDAN KALDIRILDI

https://threathuntingreadings.com/passthehashwhatisandhowcanwedetectit/ YAYINDAN KALDIRILDI

T1558.001 →

T1558.002 →

Altın Bilet T1558.001 ve Gümüş Bilet T1558.002

https://adsecurity.org/?p=1515 →

https://adsecurity.org/?p=1515

T1557 →

Ortadaki Düşman  T1557

NTLM geçişi

https://posts.bluraven.io/detecting-ntlm-relay-attacks-d92e99e68fb9?gi=35173cc2ed4a →

https://posts.bluraven.io/detecting-ntlm-relay-attacks-d92e99e68fb9?gi=35173cc2ed4a

Kerberos Aktarma saldırılarını algılama

https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c?gi=48dbb02eb475 →

https://posts.bluraven.io/detecting-kerberos-relaying-e6be66fa647c?gi=48dbb02eb475

T1574.001 →

Ele Geçirme Yürütme Akışı: DLL Arama Siparişinin Ele Geçirilmesi T1574.001

https://marcusedmondson.com/2021/02/28/windows-persistence-mechanics-dll-search-order-hijacking/ →

https://marcusedmondson.com/2021/02/28/windows-persistence-mechanics-dll-search-order-hijacking/

TA0008 →

Yanal Hareket TA0008

Japonya CERT kılavuzu

https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf →

https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf

CERT-AB kılavuzu

https://media.cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf → YAYINDAN KALDIRILDI

https://media.cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf YAYINDAN KALDIRILDI

Compass Security'nin GPO ayarlarına ilişkin kılavuzu

https://www.compass-security.com/fileadmin/Datein/Research/White_Papers/lateral_movement_detection_basic_gpo_settings_v1.0.pdf →

https://www.compass-security.com/fileadmin/Datein/Research/White_Papers/lateral_movement_detection_basic_gpo_settings_v1.0.pdf

İleri Savunma Analisti kılavuzu

https://www.forwarddefense.com/media/attachments/2021/05/15/lateral-movement-analyst-reference.pdf →

https://www.forwarddefense.com/media/attachments/2021/05/15/lateral-movement-analyst-reference.pdf

Lares'ten Yanal Hareketin Düşüşü

https://www.lares.com/blog/the-lowdown-on-lateral-movement/ →

https://www.lares.com/blog/the-lowdown-on-lateral-movement/

🛡️ INTEGRATION.md

ACKLOG SIEM İle Tam Entegrasyon

Bu dokümantasyonda listelenen log kaynakları, kurallar, korelasyon mantıkları ve tespit senaryoları ACKLOG SIEM ürün ailesi tarafından yerleşik olarak desteklenmektedir. ACKLOG, teknolojisi ve otomasyon modülleri ile tespit süreçlerinizi saniyeler içinde devreye almanızı sağlar.