ℹ️ This was duplicated to this blog for readability and reference
The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.
Jeremy Fountain dactix
jexp
/ graphrag-load-neo4j-1.ipynb
Last active
September 8, 2024 19:28
Quick Neo4j Loaders for GraphRAG Parquet
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
mgraeber-rc
/ GetAppPackageTriageInfo.ps1
Created
December 28, 2023 18:46
A tool to perform rapid triage of decompressed application packages (.msix and .appx files).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Get-AppPackageTriageInfo { | |
| <# | |
| .SYNOPSIS | |
| A tool to perform rapid triage of decompressed application packages (.msix and .appx files). | |
| .DESCRIPTION | |
| Get-AppPackageTriageInfo parses key information from an uncompressed application package (.msix and .appx) without needing to first install it. |
brokensound77
/ RMM-detection.md
Last active
January 27, 2026 18:22
Detection Engineering: RMM analysis
AsishP
/ Search Unified Audit Log
Created
December 19, 2018 09:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $data = Search-UnifiedAuditLog | |
| -StartDate $startInterval | |
| -EndDate $endInterval | |
| -Operations FileAccessed, FilePreviewed, PageViewed, PageViewedExtended, SearchViewed, CompanyLinkUsed, SecureLinkUsed, FileDownloaded, FileModified, FileUploaded, FileDeleted, FolderModified, CompanyLinkCreated, SharingInheritanceBroken, ListUpdated, FileSyncDownloadedFull, FileSyncUploadedFull | |
| -SessionId $sessionId | |
| -SessionCommand ReturnLargeSet | |
| -ResultSize 5000 | |
| ## Start Date - Date and Time in local Computer Date Time format | |
| ## End Date - Date and Time in local Computer Date Time format | |
| ## Operations - For more information see here - https://docs.microsoft.com/en-gb/office365/securitycompliance/search-the-audit-log-in-security-and-compliance#sharing-and-access-request-activities |