Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check out WatchAD2.0 by Qihoo360 #1328

Open
K4ack2013 opened this issue Apr 17, 2024 · 1 comment
Open

Check out WatchAD2.0 by Qihoo360 #1328

K4ack2013 opened this issue Apr 17, 2024 · 1 comment
Labels
enhancement New feature or request under-investigation under investigation to develop

Comments

@K4ack2013
Copy link

Strengthen the log detection of domain control, and recommend you a https://github.com/Qihoo360/WatchAD2.0 item
There are domain-related attack detections here, and I hope the next version of the tool will be updated.

Shortcoming:
Currently, the tool cannot detect common domain attack tools such as mimikatz and Impacket, including log detection of common domain control attacks.

@K4ack2013 K4ack2013 added the bug Something isn't working label Apr 17, 2024
@YamatoSecurity
Copy link
Collaborator

Thank you for sharing. Currently Hayabusa does detect all of the attacks mentioned here: https://github.com/Qihoo360/WatchAD2.0/blob/master/README_EN.md#iii-currently-supported-specific-detection-functions
But of course the proper logging has to be turned on. If you want to share any specific .evtx files with us, we can write rules to detect them. We will look into if we can incorporate any methods in WatchAD into Hayabusa.

@YamatoSecurity YamatoSecurity added enhancement New feature or request under-investigation under investigation to develop and removed bug Something isn't working labels Apr 17, 2024
@YamatoSecurity YamatoSecurity changed the title A good offer for you Check out WatchAD2.0 by Qihoo360 Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request under-investigation under investigation to develop
Projects
None yet
Development

No branches or pull requests

2 participants