Tag: AI-generated Decision Tree

Visualizing Malicious curl Proxy Activity in CrowdStrike with Uncoder AI
Visualizing Malicious curl Proxy Activity in CrowdStrike with Uncoder AI

Adversaries frequently repurpose trusted tools like curl.exe to tunnel traffic through SOCKS proxies and even reach .onion domains. Whether it’s for data exfiltration or command-and-control communication, such activity often flies under the radar—unless you’re explicitly detecting for it. This is exactly what CrowdStrike Endpoint Security Query Language allows teams to do. But when logic grows […]

Read More
Detecting Covert curl Usage with Uncoder AI’s Decision Tree in Carbon Black
Detecting Covert curl Usage with Uncoder AI’s Decision Tree in Carbon Black

When attackers repurpose legitimate binaries like curl.exe to tunnel through SOCKS proxies and access .onion domains, it poses a major visibility gap for defenders. These behaviors can signal C2 activity, data staging, or use of a backdoor like Kalambur. VMware Carbon Black allows you to detect these patterns with detailed command-line monitoring, but parsing the […]

Read More
Visualizing clfs.sys Threat Activity in Microsoft Defender with Uncoder AI’s Decision Tree
Visualizing clfs.sys Threat Activity in Microsoft Defender with Uncoder AI’s Decision Tree

Loading legitimate system drivers from illegitimate or suspicious directories is a known tactic for persistence, evasion, or execution by adversaries. One high-value target in this category is clfs.sys — a legitimate Windows driver tied to the Common Log File System. To detect this activity, Microsoft Defender for Endpoint supports advanced KQL-based detection logic. But to […]

Read More
Detecting Covert TOR Access in Microsoft Sentinel with Uncoder AI’s Decision Tree
Detecting Covert TOR Access in Microsoft Sentinel with Uncoder AI’s Decision Tree

When malware like the Kalambur backdoor leverages native tools like curl.exe to route traffic through TOR, defenders need visibility at the process and command-line level. But in tools like Microsoft Sentinel, queries for such activity—written in Kusto Query Language (KQL)—can quickly grow difficult to interpret. That’s where Uncoder AI’s AI-generated Decision Tree delivers immediate value. […]

Read More