… try to discover information about the host. There are several built-in Windows commands that can be used to learn about the software configurations, active users, administrators, and networking configuration. These commands should be monitored to identify when an adversary is le…

…k traffic monitoring and process monitoring on the target host. However, if the command line utility wmic.exe is used on the source host, then it can additionally be detected on an analytic. The command line on the source host is constructed into something like wmic.exe /node:"\<…

Malicious actors may rename built-in commands or external tools, such as those provided by SysInternals, to better blend in with the environment. In those cases, the file path name is arbitrary and may blend in well with the background. If the arguments are closely inspected, it …

…file_version" : "10.0.14393.0 (rs1_release.160715-1616)" , "fingerprint_process_command_line_mm3" : 2833745090 , "hash_imphash" : "CAEE994F79D85E47C06E5FA9CDEAE453" , "hash_md5" : "097CE5761C89434367598B34FE32893B" , "hash_sha1" : "044A0CF1F6BC478A7172BF207EEF1E201A18BA02" , "has…

… use the sudoers file to elevate privileges. Adversaries may do this to execute commands as other users or spawn processes with higher privileges. .004 Elevated Execution with Prompt Adversaries may leverage the AuthorizationExecuteWithPrivileges API to escalate privileges by pro…

… use the sudoers file to elevate privileges. Adversaries may do this to execute commands as other users or spawn processes with higher privileges. .004 Elevated Execution with Prompt Adversaries may leverage the AuthorizationExecuteWithPrivileges API to escalate privileges by pro…

…arate keys with comma in combos, remove modifier "meta2-", add option legacy in command /key issue #1238 task #10317 core: make keys normal options, so they are shown and can be updated with /set and /fset commands ( task #12427 task #11783 core: add key Alt (upper case) to grab …

…ipts at once with /script autoload issue #2018 script: fix crash when a /script command triggers another /script command ( issue #923 xfer: fix memory leak on plugin unload Tests irc: add tests on server functions Version 4.0.4 (2023-08-22) Bug fixes core: fix integer overflow wh…

…es core: add completion "eval_variables", used in completion of /eval core: add command /sys to show resource limits/usage and suspend WeeChat process, add key Ctrl to suspend WeeChat ( issue #985 core: ignore key bindings with empty command core: add support of quotes in command…

… ReleaseNotes.adoc in sources). Version 3.6 (2022-07-10) New features core: add command /item to create custom bar items ( issue #808 core: add bar item "spacer" ( issue #1700 core: add case conversion in evaluation of expressions with lower:string and upper:string issue #1778 co…

…ion hdata_long trigger: fix memory leak when adding a new trigger with /trigger command Tests core: fix tests on function strftimeval on Alpine Version 4.2.1 (2024-01-22) Bug fixes irc: fix random date displayed when a received message contains tags but no "time" ( issue #2064 Ve…

…ion hdata_long trigger: fix memory leak when adding a new trigger with /trigger command Tests core: fix tests on function strftimeval on Alpine Version 4.2.1 (2024-01-22) Bug fixes irc: fix random date displayed when a received message contains tags but no "time" ( issue #2064 Ve…

…g] irc: add server option "autojoin_delay" (delay before autojoin), use option "command_delay" before execution of the command ( issue #862 [breaking] irc: rename option irc.color.item_channel_modes to weechat.color.status_modes [breaking] irc: add option -all in command /allchan…

…echat.color.eval_syntax_colors ( issue #2042 core: add option search_history in command /input , add key Ctrl to search in commands history, add key context "histsearch" ( issue #2040 core: add option weechat.look.buffer_search_history ( issue #2040 core: add key Ctrl to send com…

…echat.color.eval_syntax_colors ( issue #2042 core: add option search_history in command /input , add key Ctrl to search in commands history, add key context "histsearch" ( issue #2040 core: add option weechat.look.buffer_search_history ( issue #2040 core: add key Ctrl to send com…