security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge PR #4776 from @security-companion - Fix broken reference links

Browse Source 
chore: fix some broken reference links

Thanks: @security-companion
This commit is contained in:
security-companion
2024-03-21 02:38:12 +01:00
committed by GitHub
parent 49adcf9a00
commit ba2baa1cec
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/file/file_change/file_change_win_unusual_modification_by_dns_exe.yml
+1 -1
View File
@@ -6,7 +6,7 @@ related:
status: test
description: Detects an unexpected file being modified by dns.exe which my indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
references:
- https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns.exe.html
- https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns-exe.html
author: Tim Rauch (Nextron Systems), Elastic (idea)
date: 2022/09/27
tags:
rules/windows/file/file_delete/file_delete_win_unusual_deletion_by_dns_exe.yml
+1 -1
View File
@@ -6,7 +6,7 @@ related:
status: test
description: Detects an unexpected file being deleted by dns.exe which my indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
references:
- https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns.exe.html
- https://www.elastic.co/guide/en/security/current/unusual-file-modification-by-dns-exe.html
author: Tim Rauch (Nextron Systems), Elastic (idea)
date: 2022/09/27
modified: 2023/02/15
rules/windows/process_creation/proc_creation_win_dns_susp_child_process.yml
+1 -1
View File
@@ -3,7 +3,7 @@ id: a4e3d776-f12e-42c2-8510-9e6ed1f43ec3
status: test
description: Detects an unexpected process spawning from dns.exe which may indicate activity related to remote code execution or other forms of exploitation as seen in CVE-2020-1350 (SigRed)
references:
- https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns.exe.html
- https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns-exe.html
author: Tim Rauch, Elastic (idea)
date: 2022/09/27
modified: 2023/02/05
tests/rule-references.txt
+1 -1
View File
@@ -2711,7 +2711,7 @@ https://github.com/elastic/detection-rules/pull/1214
https://twitter.com/Hexacorn/status/1420053502554951689
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1&viewFallbackFrom=powershell-7
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns.exe.html
https://www.elastic.co/guide/en/security/current/unusual-child-process-of-dns-exe.html
https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor
https://www.securonix.com/blog/detecting-microsoft-msdt-dogwalk/
https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/Advanced%20IP%20Scanner