Skip to content

Instantly share code, notes, and snippets.

@olafhartong
olafhartong / Get-InjectedThread.ps1
Created Jan 7, 2019 — forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
View bro-ids_logstash.conf
# Bro-IDS Logstash parser
# Parts of this taken from http://www.appliednsm.com/wp-content/uploads/logstash-SObro22-parse.conf_.txt
#Logs being parsed:
#app_stats.log
#conn.log
#dns.log
#dpd.log
#files.log
#http.log