security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix yml

Browse Source
This commit is contained in:
frack113
2022-03-07 19:37:33 +01:00
parent f9c0e21323
commit 143f5fe4e2
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_compress.yml
+1 -1
View File
@@ -21,7 +21,7 @@ logsource:
definition: PowerShell Module Logging must be enabled
detection:
selection_4103:
Payload|conatins|all:
Payload|contains|all:
- 'new-object'
- 'text.encoding]::ascii'
Payload|contains:
rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml
+1 -1
View File
@@ -13,7 +13,7 @@ logsource:
detection:
selection:
CommandLine|contains|all:
- 'wuauclt.exe
- 'wuauclt.exe'
- '/UpdateDeploymentProvider'
- '/Runhandlercomserver'
filter: