From c213aac7f40fc95e29c87c3ba7bb07f991aa333f Mon Sep 17 00:00:00 2001
From: Matthew Green <mgreen27@users.noreply.github.com>
Date: Sat, 24 Feb 2024 01:27:12 +1100
Subject: [PATCH] Update ScreenConnect.yaml (#801)

---
 content/exchange/artifacts/ScreenConnect.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/exchange/artifacts/ScreenConnect.yaml b/content/exchange/artifacts/ScreenConnect.yaml
index f9d498420ae..e0084e4b14b 100644
--- a/content/exchange/artifacts/ScreenConnect.yaml
+++ b/content/exchange/artifacts/ScreenConnect.yaml
@@ -11,16 +11,16 @@ description: |
    
    2. Parse ```C:\Program Files\ScreenConnect\App_data\User.Xml``` file.   
    Usually this file is set during first use and reset during exploit. 
-   Check for timestamp discrepencies and obviously evil usernames/email 
+   Check for timestamp discrepancies and obviously evil usernames/email 
    (@poc.com).  
    
    3. Parse ```security.db```.   
    Add time filter. Results are stacked, check for unusual access patterns 
    and malicious IPs.
    
-   4. List and update (optionally) all ScreenConnect files.
+   4. List and upload (optionally) all ScreenConnect files.
    
-   Collect additoinal artifacts as desired for support.
+   Collect additional artifacts as desired for support.
 
 reference:
     - https://www.rapid7.com/blog/post/2024/02/20/etr-high-risk-vulnerabilities-in-connectwise-screenconnect/