Detection & Response
Detection queries, response playbooks, and remediation procedures.
T1218.005 - msxsl Abuse - Host Recovery & Mitigation Plan
Remediation steps for cleaning up msxsl.exe and more_eggs persistence, including registry cleanup, file removal, and credential reset procedures.
→T1068 - gdrv.sys - Removal and Blocklist Validation
Remediation checklist for removing the vulnerable gdrv.sys driver, validating EDR quarantine, and enforcing the Microsoft kernel-mode driver blocklist.
→