Emulating an adversary for crafting detections
This is great stuff. I'm getting my feet wet with detection rules, viewing and querying logs, and I have everything at this point I need to go on if I want to look at different incidents as practice. Thank you for this great offering to the community.
I've been following the posts step by step and everything worked perfectly. I'm so excited about this project. As a college cyber security student and feeling that I know more about security than my teachers I'm really happy to improve my blue team skills. Great job!!
I used the lsass.exe process on sliver and it said "rpc error: code = unknown desc = incorrect function." Everything else was good up to this point. I don't know what it could be that I'm doing wrong.