security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #572 from alessiodallapiazza/master

Browse Source 
Add the ability to detect PowerUp - Invoke-AllChecks
This commit is contained in:
Florian Roth
2019-12-23 12:57:55 +01:00
committed by GitHub
parent 04afcccd2c 0ff81cc693
commit 62bd2cc3ab
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_malicious_commandlets.yml
+1
View File
@@ -110,6 +110,7 @@ detection:
- "*Invoke-ReverseDNSLookup*"
- "*Invoke-SMBScanner*"
- "*Invoke-Mimikittenz*"
- "*Invoke-AllChecks*"
false_positives:
- Get-SystemDriveInfo # http://bheltborg.dk/Windows/WinSxS/amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_10.0.10240.16384_none_91ef7543a4514b5e/CL_Utility.ps1
condition: keywords and not false_positives