fix: apply suggestions from code review

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>

rules/windows/process_creation/proc_creation_win_cobaltstrike_bloopers_modules.yml

@@ -23,10 +23,6 @@ detection:
         - OriginalFileName: 'Cmd.Exe'
         - Image|endswith: '\cmd.exe'
     selection_cli:
-        CommandLine|startswith:
-            - 'cmd '
-            - 'cmd.exe'
-            - 'c:\windows\system32\cmd.exe'
         CommandLine|contains:
             - 'Invoke-UserHunter'
             - 'Invoke-ShareFinder'

rules/windows/process_creation/proc_creation_win_powershell_base64_frombase64string.yml

@@ -4,7 +4,7 @@ status: test
 description: Detects usage of a base64 encoded "FromBase64String" cmdlet in a process command line
 author: Florian Roth
 date: 2019/08/24
-modified: 2022/03/07
+modified: 2023/01/31
 tags:
     - attack.defense_evasion
     - attack.t1140

rules/windows/process_creation/proc_creation_win_powershell_base64_reflective_assembly_load.yml

@@ -10,7 +10,7 @@ references:
     - https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
 author: Christian Burkard, pH-T
 date: 2022/03/01
-modified: 2022/05/20
+modified: 2023/01/30
 tags:
     - attack.execution
     - attack.t1059.001

rules/windows/process_creation/proc_creation_win_reg_lsa_ppl_protection_disabled.yml

@@ -1,7 +1,7 @@
-title: LSA PPL Protection Disabled Via Reg
+title: LSA PPL Protection Disabled Via Reg.EXE
 id: 8c0eca51-0f88-4db2-9183-fdfb10c703f9
 status: experimental
-description: Detects usage of the "reg.exe" utility to disable PPL protection on the LSA process
+description: Detects the usage of the "reg.exe" utility to disable PPL protection on the LSA process
 references:
     - https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/
 author: Florian Roth