security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to modify FP and UUID

Browse Source
This commit is contained in:
pbssubhash
2022-12-08 12:13:25 +05:30
parent 4bb1df9f6e
commit bea46b2b9e
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/known-FPs.csv
+1
View File
@@ -44,3 +44,4 @@ fdbf0b9d-0182-4c43-893b-a1eaab92d085;Newly Registered Protocol Handler;.*
52a85084-6989-40c3-8f32-091e12e17692;Suspicious Usage of CVE_2021_34484 or CVE 2022_21919;Computer: Agamemnon
573df571-a223-43bc-846e-3f98da481eca;Copy a File Downloaded From Internet;7z\.exe
37774c23-25a1-4adb-bb6d-8bb9fd59c0f8;Image Load of VSS Dll by Uncommon Executable;SetupFrontEnd\.exe
33efc23c-6ea2-4503-8cfe-bdf82ce8f718;Adding of a registry key for LSASS Shtinkering;\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps
1 RuleId RuleName MatchString
44 52a85084-6989-40c3-8f32-091e12e17692 Suspicious Usage of CVE_2021_34484 or CVE 2022_21919 Computer: Agamemnon
45 573df571-a223-43bc-846e-3f98da481eca Copy a File Downloaded From Internet 7z\.exe
46 37774c23-25a1-4adb-bb6d-8bb9fd59c0f8 Image Load of VSS Dll by Uncommon Executable SetupFrontEnd\.exe
47 33efc23c-6ea2-4503-8cfe-bdf82ce8f718 Adding of a registry key for LSASS Shtinkering \\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps
rules/windows/registry/registry_set/registry_set_lsass_usermode_dumping_lsass_shtinkering.yml → rules/windows/registry/registry_set/registry_set_lsass_usermode_dumping.yml
+1 -1
View File
@@ -1,5 +1,5 @@
title: Setting of a registry key's value for LSASS Shtinkering
id: 33efc23c-6ea2-4503-8cfe-bdf82ce8f718
id: 33efc23c-6ea2-4503-8cfe-bdf82ce8f719
status: experimental
description: Detects when an attacker adds a registry key that's required to perform LSASS Shtinkering attack.
references: