v4.25.0
·
2161 commits
to develop
since this release
Release notes for ESCU v4.25.0
New Analytics Story
Updated Analytics Story
New Analytics
- ConnectWise ScreenConnect Path Traversal
- ConnectWise ScreenConnect Path Traversal Windows SACL
- Windows Non Discord App Access Discord LevelDB
- Windows Time Based Evasion via Choice Exec
- Windows Unsecured Outlook Credentials Access In Registry
- ConnectWise ScreenConnect Authentication Bypass
- WordPress Bricks Builder plugin RCE
Updated Analytics
- Detect Regasm Spawning a Process
- Download Files Using Telegram
- Executables Or Script Creation In Suspicious Path
- High Process Termination Frequency
- Linux Edit Cron Table Parameter
- Non Chrome Process Accessing Chrome Default Dir
- Non Firefox Process Access Firefox Profile Dir
- Processes launching netsh
- Registry Keys Used For Persistence
- Suspicious Driver Loaded Path
- Suspicious Process DNS Query Known Abuse Web Services
- Suspicious Process Executed From Container File
- Windows Credentials from Password Stores Chrome LocalState Access
- Windows Credentials from Password Stores Chrome Login Data Access
- Windows File Transfer Protocol In Non-Common Process Path
- Windows Gather Victim Network Info Through Ip Check Web Services
- Windows Phishing PDF File Executes URL Link
- Windows System Network Connections Discovery Netsh
- Windows User Execution Malicious URL Shortcut File
- WinEvent Scheduled Task Created Within Public Path
Other Updates
- Updated contentctl to output accurate providing technologies in savedsearches.conf