security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Title (#3733)

Browse Source
This commit is contained in:
frack113
2022-11-28 06:43:17 +01:00
committed by GitHub
parent c536b262c9
commit c820216541
34 changed files with 66 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_clip.yml
+2 -2
View File
@@ -1,4 +1,4 @@
title: Invoke-Obfuscation CLIP+ Launcher
title: Invoke-Obfuscation CLIP+ Launcher - PowerShell
id: 73e67340-0d25-11eb-adc1-0242ac120002
status: experimental
description: Detects Obfuscated use of Clip.exe to execute PowerShell
@@ -6,7 +6,7 @@ references:
- https://github.com/Neo23x0/sigma/issues/1009 #(Task 26)
author: Jonathan Cheong, oscd.community
date: 2020/10/13
modified: 2021/10/16
modified: 2022/11/27
tags:
- attack.defense_evasion
- attack.t1027
rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_obfuscated_iex.yml
+2 -2
View File
@@ -1,4 +1,4 @@
title: Invoke-Obfuscation Obfuscated IEX Invocation
title: Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
id: 1b9dc62e-6e9e-42a3-8990-94d7a10007f7
status: experimental
description: Detects all variations of obfuscated powershell IEX invocation code generated by Invoke-Obfuscation framework from the following code block \u2014
@@ -6,7 +6,7 @@ references:
- https://github.com/danielbohannon/Invoke-Obfuscation/blob/f20e7f843edd0a3a7716736e9eddfa423395dd26/Out-ObfuscatedStringCommand.ps1#L873-L888
author: 'Daniel Bohannon (@Mandiant/@FireEye), oscd.community'
date: 2019/11/08
modified: 2022/01/27
modified: 2022/11/27
tags:
- attack.defense_evasion
- attack.t1027