Merge PR #5890 from @nasbench - chore: archive new rule references and update cache file
chore: archive new rule references and update cache file Co-authored-by: nasbench <nasbench@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
committed by
GitHub
GitHub
parent
1aae4b0603
commit
37fe8969ae
@@ -88,6 +88,7 @@ https://any.run/report/68bc255f9b0db6a0d30a8f2dadfbee3256acfe12497bf93943bc1eab0
|
||||
https://anydesk.com/en/changelog/windows
|
||||
https://app.any.run/tasks/17f2d378-6d11-4d6f-8340-954b04f35e83/
|
||||
https://app.any.run/tasks/1df999e6-1cb8-45e3-8b61-499d1b7d5a9b/
|
||||
https://app.any.run/tasks/1efb3ed4-cc0f-4690-a0ed-24516809bc72/
|
||||
https://app.any.run/tasks/210244b9-0b6b-4a2c-83a3-04bd3175d017/
|
||||
https://app.any.run/tasks/214094a7-0abc-4a7b-a564-1b757faed79d/
|
||||
https://app.any.run/tasks/25970bb5-f864-4e9e-9e1b-cc8ff9e6386a
|
||||
@@ -333,6 +334,7 @@ https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injecti
|
||||
https://cloud.google.com/access-context-manager/docs/audit-logging
|
||||
https://cloud.google.com/binary-authorization
|
||||
https://cloud.google.com/blog/topics/threat-intelligence/alphv-ransomware-backup/
|
||||
https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/
|
||||
https://cloud.google.com/dlp/docs/reference/rest/v2/projects.content/reidentify
|
||||
https://cloud.google.com/dns/docs/reference/v1/managedZones
|
||||
https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts
|
||||
@@ -344,6 +346,7 @@ https://cloud.google.com/logging/docs/reference/audit/auditlog/rest/Shared.Types
|
||||
https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users/update
|
||||
https://cloud.google.com/storage/docs/json_api/v1/buckets
|
||||
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-privilege-escalation/aws-lambda-privesc
|
||||
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-privilege-escalation/aws-rds-privesc#rds-modifydbinstance
|
||||
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing/
|
||||
https://cobalt.io/blog/kerberoast-attack-techniques
|
||||
https://cocomelonc.github.io/malware/2022/11/02/malware-pers-18.html
|
||||
@@ -477,6 +480,7 @@ https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html
|
||||
https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html#export-instance
|
||||
https://docs.djangoproject.com/en/1.11/ref/exceptions/
|
||||
https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
|
||||
https://docs.fortinet.com/document/fortigate/7.6.4/cli-reference/328136827/config-user-group
|
||||
https://docs.fortinet.com/document/fortigate/7.6.4/fortios-log-message-reference/44546/44546-logid-event-config-attr
|
||||
https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#about-self-hosted-runners
|
||||
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
|
||||
@@ -688,6 +692,7 @@ https://docs.microsoft.com/pt-br/windows/win32/secauthz/sid-strings
|
||||
https://docs.nginx.com/nginx/admin-guide/monitoring/debugging/#enabling-core-dumps
|
||||
https://docs.oracle.com/cd/E19683-01/816-4883/6mb2joatd/index.html
|
||||
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-analytics-alert-reference/cortex-xdr-analytics-alert-reference/scrcons-exe-rare-child-process.html
|
||||
https://docs.python.org/2/library/simplehttpserver.html
|
||||
https://docs.python.org/3/library/site.html
|
||||
https://docs.python.org/3/using/cmdline.html#cmdoption-c
|
||||
https://docs.spring.io/spring-security/site/docs/current/api/overview-tree.html
|
||||
@@ -756,6 +761,7 @@ https://forensicitguy.github.io/agenttesla-vba-certutil-download/
|
||||
https://forensicitguy.github.io/analyzing-magnitude-magniber-appx/
|
||||
https://forensicitguy.github.io/xloader-formbook-velvetsweatshop-spreadsheet/
|
||||
https://forums.veeam.com/veeam-backup-replication-f2/recover-esxi-password-in-veeam-t34630.html
|
||||
https://fourcore.io/blogs/threat-hunting-browser-credential-stealing
|
||||
https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/
|
||||
https://fr.slideshare.net/codeblue_jp/cb19-recent-apt-attack-on-crypto-exchange-employees-by-heungsoo-kang
|
||||
https://ghoulsec.medium.com/misc-series-4-forensics-on-edrsilencer-events-428b20b3f983
|
||||
@@ -878,6 +884,7 @@ https://github.com/CheraghiMilad/bypass-Neo23x0-auditd-config/blob/f1c478a37911a
|
||||
https://github.com/CICADA8-Research/RemoteKrbRelay
|
||||
https://github.com/CICADA8-Research/RemoteKrbRelay/blob/19ec76ba7aa50c2722b23359bc4541c0a9b2611c/Exploit/RemoteKrbRelay/Relay/Attacks/RemoteRegistry.cs#L31-L40
|
||||
https://github.com/Cisco-Talos/IOCs/tree/80caca039988252fbb3f27a2e89c2f2917f582e0/2022/11
|
||||
https://github.com/clearvector/lambda-spy
|
||||
https://github.com/cloudflare/cloudflared
|
||||
https://github.com/cloudflare/cloudflared/releases
|
||||
https://github.com/codewhitesec/HandleKatz
|
||||
@@ -918,6 +925,7 @@ https://github.com/dotnet/runtime/blob/ee2355c801d892f2894b0f7b14a20e6cc50e0e54/
|
||||
https://github.com/dotnet/runtime/blob/f62e93416a1799aecc6b0947adad55a0d9870732/src/coreclr/src/inc/clrconfigvalues.h#L35-L38
|
||||
https://github.com/dotnet/runtime/search?p=1&q=COMPlus_&unscoped_q=COMPlus_
|
||||
https://github.com/dsnezhkov/TruffleSnout
|
||||
https://github.com/dsnezhkov/TruffleSnout/blob/7c2f22e246ef704bc96c396f66fa854e9ca742b9/TruffleSnout/Docs/USAGE.md
|
||||
https://github.com/dsnezhkov/TruffleSnout/blob/master/TruffleSnout/Docs/USAGE.md
|
||||
https://github.com/EddieIvan01/iox
|
||||
https://github.com/ehang-io/nps
|
||||
@@ -1626,6 +1634,7 @@ https://github.com/staaldraad/go-ntlm/blob/cd032d41aa8ce5751c07cb7945400c0f5c81e
|
||||
https://github.com/stamparm/maltrail/blob/3ea70459b9559134449423c0a7d8b965ac5c40ea/trails/static/suspicious/crypto_mining.txt
|
||||
https://github.com/surya-dev-singh/AmsiBypass-OpenSession
|
||||
https://github.com/swagkarna/Defeat-Defender-V1.2.0
|
||||
https://github.com/swagkarna/Defeat-Defender-V1.2.0/tree/ae4059c4276da6f6303b8f53cdff085ecae88a91
|
||||
https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files
|
||||
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/c95a0a1a2855dc0cd7f7327614545fe30482a636/Upload%20Insecure%20Files/README.md
|
||||
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/d9921e370b7c668ee8cc42d09b1932c1b98fa9dc/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
|
||||
@@ -1717,6 +1726,7 @@ https://gtfobins.github.io/gtfobins/apt/
|
||||
https://gtfobins.github.io/gtfobins/awk/#shell
|
||||
https://gtfobins.github.io/gtfobins/c89/#shell
|
||||
https://gtfobins.github.io/gtfobins/c99/#shell
|
||||
https://gtfobins.github.io/gtfobins/curl/
|
||||
https://gtfobins.github.io/gtfobins/env/#shell
|
||||
https://gtfobins.github.io/gtfobins/find/#shell
|
||||
https://gtfobins.github.io/gtfobins/flock/#shell
|
||||
@@ -1809,6 +1819,7 @@ https://kb.eventtracker.com/evtpass/evtpages/EventId_6004_Microsoft-Windows-DNS-
|
||||
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784
|
||||
https://kb.vmware.com/s/article/85717
|
||||
https://klausjochem.me/2016/02/03/netsh-the-cyber-attackers-tool-of-choice/
|
||||
https://kostas-ts.medium.com/detecting-abuse-of-openedrs-permissive-edr-trial-a-security-researcher-s-perspective-fc55bf53972c
|
||||
https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/
|
||||
https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
|
||||
https://kubernetes.io/docs/concepts/workloads/controllers/job/
|
||||
@@ -1850,6 +1861,7 @@ https://learn.microsoft.com/en-us/archive/blogs/jonathantrull/detecting-sticky-k
|
||||
https://learn.microsoft.com/en-us/archive/blogs/pki/basic-crl-checking-with-certutil
|
||||
https://learn.microsoft.com/en-us/azure/active-directory/architecture/security-operations-user-accounts#unusual-sign-ins
|
||||
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
|
||||
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-monitor-federation-changes
|
||||
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#activity-from-anonymous-ip-address
|
||||
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#anomalous-token
|
||||
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#anomalous-user-activity
|
||||
@@ -2104,6 +2116,7 @@ https://learn.microsoft.com/en-us/windows-server/identity/software-restriction-p
|
||||
https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
|
||||
https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist#disable-quick-assist-within-your-organization
|
||||
https://learn.microsoft.com/en-us/windows/client-management/manage-recall
|
||||
https://learn.microsoft.com/en-us/windows/compatibility/ntvdm-and-16-bit-app-support
|
||||
https://learn.microsoft.com/en-us/windows/msix/package/package-support-framework
|
||||
https://learn.microsoft.com/en-us/windows/msix/package/unsigned-package
|
||||
https://learn.microsoft.com/en-us/windows/package-manager/winget/source
|
||||
@@ -2334,6 +2347,7 @@ https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/230935
|
||||
https://medium.com/@7a616368/can-you-track-processes-accessing-the-camera-and-microphone-7e6885b37072
|
||||
https://medium.com/@ahmed.moh.farou2/fake-captcha-campaign-on-arabic-pirated-movie-sites-delivers-lumma-stealer-4f203f7adabf
|
||||
https://medium.com/@blueteamops/shimcache-flush-89daff28d15e
|
||||
https://medium.com/@boutnaru/the-windows-foreniscs-journey-run-mru-run-dialog-box-most-recently-used-57375a02d724
|
||||
https://medium.com/@cyberjyot/lolbin-execution-via-diskshadow-f6ff681a27a4
|
||||
https://medium.com/@cyberjyot/t1218-008-dll-execution-using-odbcconf-exe-803fa9e08dac
|
||||
https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01
|
||||
@@ -2367,6 +2381,7 @@ https://medium.com/falconforce/falconfriday-direct-system-calls-and-cobalt-strik
|
||||
https://medium.com/geekculture/text4shell-exploit-walkthrough-ebc02a01f035
|
||||
https://medium.com/mitre-engenuity/att-ck-for-containers-now-available-4c2359654bf1
|
||||
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
|
||||
https://medium.com/r3d-buck3t/red-teaming-in-cloud-leverage-azure-frontdoor-cdn-for-c2-redirectors-79dd9ca98178
|
||||
https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3
|
||||
https://medium.com/system-weakness/detecting-as-rep-roasting-attacks-b5b3965f9714
|
||||
https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
|
||||
@@ -2450,6 +2465,7 @@ https://nvd.nist.gov/vuln/detail/cve-2021-34527
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2021-41773
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2023-2283
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2024-3400
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2025-2825
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2025-30406
|
||||
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
|
||||
https://nwgat.ninja/getting-system-information-with-wmic-on-windows/
|
||||
@@ -2884,11 +2900,13 @@ https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomw
|
||||
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
|
||||
https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/#detections
|
||||
https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/
|
||||
https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment/
|
||||
https://thehackernews.com/2023/10/experts-warn-of-severe-flaws-affecting.html
|
||||
https://thehackernews.com/2024/01/systembc-malwares-c2-server-analysis.html
|
||||
https://thehackernews.com/2024/03/github-rolls-out-default-secret.html
|
||||
https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html
|
||||
https://thehackernews.com/2024/12/cisa-and-fbi-raise-alerts-on-exploited.html
|
||||
https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html
|
||||
https://therecord.media/cisa-warns-of-zoho-server-zero-day-exploited-in-the-wild/
|
||||
https://therecord.media/revil-ransomware-executes-supply-chain-attack-via-malicious-kaseya-update/
|
||||
https://thewover.github.io/Introducing-Donut/
|
||||
@@ -3529,6 +3547,7 @@ https://www.cadosecurity.com/blog/spinning-yarn-a-new-linux-malware-campaign-tar
|
||||
https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/
|
||||
https://www.carbonblack.com/2014/06/10/screenshot-demo-hunt-evil-faster-than-ever-with-carbon-black/
|
||||
https://www.carbonblack.com/blog/tau-threat-intelligence-notification-lockergoga-ransomware/
|
||||
https://www.chrisfarris.com/post/effective-aws-ransomware/
|
||||
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-302a
|
||||
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
|
||||
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
|
||||
|
||||
Reference in New Issue
Block a user