来自MSN

Microsoft patches concerning Windows 11 Notepad security flaw

Microsoft patches Windows 11 Notepad RCE flaw CVE-2026-20841 Vulnerability exploited Markdown links to execute malicious code with user permissions Patch Tuesday update fixes issue; versions 11.2510 ...
GitHub

powershell_4104_hunting.yml

description: The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field ...
GitHub

detect_new_local_admin_account.yml

description: The following analytic detects the creation of new accounts elevated to local administrators. It uses Windows event logs, specifically EventCode 4720 (user account creation) and EventCode ...