Skip to content

Create ClickFix Defense Evasion #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
eatinsundip wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Create ClickFix Defense Evasion #13

eatinsundip wants to merge 8 commits into from

Conversation

@eatinsundip
Copy link
Contributor

@eatinsundip eatinsundip commented Aug 1, 2025

Just something I came across in a Microsoft Threat Intel Blog. I found no abnormal uses of this in my environment so it could be used to detect or threat hunt in other environments as well.

Test before prod!

eatinsundip
eatinsundip commented Aug 13, 2025
View reviewed changes
Copy link
Contributor Author

@eatinsundip eatinsundip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have now added both techniques I used to monitor for this activity. If you have any questions, please feel free to reach out.

Thank you!

@eatinsundip
Merge branch 'SlimKQL:main' into main
e754f64
@eatinsundip
Add KQL script for detecting 7-Zip suspicious processes
60d5c94 
This KQL script detects suspicious child processes spawned by 7-Zip executables in specific folders.
@eatinsundip
Merge pull request #2 from eatinsundip/eatinsundip-patch-1-1
cbc8c23 
Add KQL script for detecting 7-Zip suspicious processes
@eatinsundip
Refactor KQL to use DeviceProcessEvents
53fe98f
@eatinsundip
Add KQL query for 7-Zip arbitrary file write detection
0938796 
This KQL query identifies potential arbitrary file write attempts by 7-Zip to sensitive locations, filtering for specific file types and folders.
@eatinsundip
Copy link
Contributor Author

eatinsundip commented Dec 3, 2025

I'm slow to understand git but I am figuring it out. I refreshed the request with the old ones I had as well as a few new 7-Zip detections.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eatinsundip