FalconFriday — Process injection and malicious CPL files
We believe there isn’t enough content available to detect advanced adversary techniques. That’s why every two weeks on “FalconFriday”, we will release hunting queries to detect offensive techniques. Today: part four!
-> Process injection using the CreateRemoteThread API. -> Suspicious CPL files being loaded (https://attack.mitre.org/techniques/T1218/002/).
Cross post from medium.com, please read the full article here:
Direct link to our Github page: