GitHub

proc_creation_win_powershell_non_interactive_execution.yml

description: Detects non-interactive PowerShell activity by looking at the "powershell" process with a non-user GUI process such as "explorer.exe" as a parent ...
GitHub

windows_debugger_tool_execution.yml

description: This analysis detects the use of debugger tools within a production environment. While these tools are legitimate for file analysis and debugging, they are abused by malware like PlugX ...