• Back


QOMPLX Detections: Reference

QOMPLX Detections is a reference document that provides essential information on the methods that our technology uses to identify suspicious and malicious activity within your environment.

The posts included in this document describe common attacks and malicious behaviors and the telltale signs that identify them. They are intended to provide basic information and insights about the attack activity and trends that are driving malicious campaigns and that QOMPLX helps its customers to detect and counter.

  1. Understanding Golden SAML Forgery Attack
  2. Understanding Pass The Hash Attacks
  3. Detecting Password Spraying Attacks
  4. Detecting New Members Added To Sensitive Groups
  5. Detecting Account Name Enumeration
  6. Detecting Successful Zone Transfer from an Unknown Source
  7. Detecting PowerShell Executed in the Background
  8. Detecting PowerShell Encoded Command Execution
  9. Detecting Use of Built-In Windows Utilities
  10. Detecting Service Installed on Sensitive Systems
  11. Detecting Suspicious Use of Regsvr32
  12. Detecting ASREP Roasting Attacks
  13. QOMPLX Knowledge: Honey Account Logins and Ticket Requests
  14. QOMPLX Knowledge: Detecting Pass The Hash Attacks

More Posts

Card image cap
QOMPLX releases the Arkscrape Community Edition: open source internet archiving for investigators and researchers

Published Jul 28, 2021

Card image cap
Ex-Military Cyber Experts To Take Game-Changing $1.5 Billion Startup Public

Published Jul 20, 2021

Card image cap
QOMPLX Reboots Punkspider

Published Jul 20, 2021

Card image cap
Crawler to the People! Punkspider Returns With Eyes On OWASP Top 10

Published Jul 20, 2021