Merge PR #5974 from @nasbench - Archive new rule references and update cache file
chore: archive new rule references and update cache file Co-authored-by: nasbench <nasbench@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
committed by
GitHub
GitHub
parent
34c5d66c22
commit
cf68547b29
@@ -174,6 +174,7 @@ https://attackerkb.com/topics/2faW2CxJgQ/cve-2023-4966
|
||||
https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis
|
||||
https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis
|
||||
https://awakesecurity.com/blog/threat-hunting-for-paexec/
|
||||
https://awscli.amazonaws.com/v2/documentation/api/2.14.0/reference/account/enable-region.html
|
||||
https://bad-jubies.github.io/RCE-NOW-WHAT/
|
||||
https://badoption.eu/blog/2023/01/31/code_c2.html
|
||||
https://bazaar.abuse.ch/browse/signature/RaspberryRobin/
|
||||
@@ -449,6 +450,7 @@ https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RegisterTaskDefini
|
||||
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
|
||||
https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBCluster.html
|
||||
https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBCluster.html
|
||||
https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
|
||||
https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations.html
|
||||
https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
|
||||
https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html
|
||||
@@ -482,10 +484,12 @@ https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html#export-inst
|
||||
https://docs.djangoproject.com/en/1.11/ref/exceptions/
|
||||
https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
|
||||
https://docs.fortinet.com/document/fortigate/7.6.4/cli-reference/328136827/config-user-group
|
||||
https://docs.fortinet.com/document/fortigate/7.6.4/fortios-log-message-reference/398/event
|
||||
https://docs.fortinet.com/document/fortigate/7.6.4/fortios-log-message-reference/44546/44546-logid-event-config-attr
|
||||
https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#about-self-hosted-runners
|
||||
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
|
||||
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise
|
||||
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#migration
|
||||
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#private_repository_forking
|
||||
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#ssh_certificate_authority
|
||||
https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning
|
||||
@@ -697,6 +701,7 @@ https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-analytics-alert-r
|
||||
https://docs.python.org/2/library/simplehttpserver.html
|
||||
https://docs.python.org/3/library/site.html
|
||||
https://docs.python.org/3/using/cmdline.html#cmdoption-c
|
||||
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/getting-started-with-nftables_configuring-and-managing-networking
|
||||
https://docs.spring.io/spring-security/site/docs/current/api/overview-tree.html
|
||||
https://documentation.pdq.com/PDQDeploy/13.0.3.0/index.html?windows-services.htm
|
||||
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
|
||||
@@ -895,6 +900,7 @@ https://github.com/codewhitesec/SysmonEnte/
|
||||
https://github.com/codewhitesec/SysmonEnte/blob/main/screens/1.png
|
||||
https://github.com/connormcgarr/LittleCorporal
|
||||
https://github.com/corelight/CVE-2021-1675
|
||||
https://github.com/CoreyCBurton/DripLoaderNG
|
||||
https://github.com/CsEnox/EventViewer-UACBypass
|
||||
https://github.com/cube0x0
|
||||
https://github.com/cube0x0/CVE-2021-1675
|
||||
@@ -1176,6 +1182,7 @@ https://github.com/NetSPI/aws_consoler
|
||||
https://github.com/NetSPI/PowerUpSQL
|
||||
https://github.com/nettitude/Invoke-PowerThIEf
|
||||
https://github.com/nettitude/SharpWSUS
|
||||
https://github.com/Nightmare-Eclipse/RedSun
|
||||
https://github.com/nknorg/nkn-sdk-go
|
||||
https://github.com/nsacyber/Event-Forwarding-Guidance/tree/6e92d622fa33da911f79e7633da4263d632f9624/Events
|
||||
https://github.com/offsecginger/koadic/blob/457f9a3ff394c989cdb4c599ab90eb34fb2c762c/data/stager/js/stdlib.js
|
||||
@@ -2088,6 +2095,7 @@ https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/devcon
|
||||
https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/dtrace
|
||||
https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/pnputil-command-syntax
|
||||
https://learn.microsoft.com/en-us/windows-hardware/drivers/taef/
|
||||
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/reagentc-command-line-options?view=windows-11
|
||||
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse
|
||||
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell
|
||||
https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-sconfig#powershell-is-the-default-shell-on-server-core
|
||||
@@ -2135,6 +2143,7 @@ https://learn.microsoft.com/en-us/windows/security/application-security/applicat
|
||||
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker
|
||||
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac
|
||||
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations
|
||||
https://learn.microsoft.com/en-us/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity
|
||||
https://learn.microsoft.com/en-us/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr
|
||||
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4634
|
||||
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4647
|
||||
@@ -2410,6 +2419,7 @@ https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/container%20
|
||||
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Data%20destruction/
|
||||
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Exec%20into%20container/
|
||||
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Pod%20or%20container%20name%20similarily/
|
||||
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Privileged%20container/
|
||||
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Sidecar%20Injection/
|
||||
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Writable%20hostPath%20mount/
|
||||
https://mikefrobbins.com/2017/06/15/simple-obfuscation-with-powershell-using-base64-encoding/
|
||||
@@ -2458,6 +2468,7 @@ https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-
|
||||
https://news.sophos.com/en-us/2022/11/03/family-tree-dll-sideloading-cases-may-be-related/
|
||||
https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
|
||||
https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-a-technical-deep-dive
|
||||
https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/
|
||||
https://newtonpaul.com/analysing-fileless-malware-cobalt-strike-beacon/
|
||||
https://ngrok.com/
|
||||
https://ngrok.com/docs
|
||||
@@ -2724,9 +2735,11 @@ https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/
|
||||
https://securityintelligence.com/x-force/x-force-hive0129-targeting-financial-institutions-latam-banking-trojan/
|
||||
https://securityjosh.github.io/2020/04/23/Mute-Sysmon.html
|
||||
https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
|
||||
https://securitylabs.datadoghq.com/cloud-security-atlas/vulnerabilities/iam-user-without-mfa/
|
||||
https://securityliterate.com/how-malware-abuses-the-zone-identifier-to-circumvent-detection-and-analysis/
|
||||
https://securityscorecard.com/research/deep-dive-into-alphv-blackcat-ransomware
|
||||
https://securityxploded.com/
|
||||
https://semgrep.dev/blog/2025/digging-for-secrets-sha1-hulud-the-second-coming-of-the-npm-worm/
|
||||
https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/
|
||||
https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
|
||||
https://sergiusechel.medium.com/improving-the-network-based-detection-of-cobalt-strike-c2-servers-in-the-wild-while-reducing-the-6964205f6468
|
||||
@@ -3485,6 +3498,7 @@ https://windows-internals.com/faxing-your-way-to-system/
|
||||
https://windows-internals.com/printdemon-cve-2020-1048/
|
||||
https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
|
||||
https://wojciechregula.blog/post/macos-red-teaming-initial-access-via-applescript-url/
|
||||
https://woshub.com/disable-credential-guard-windows/
|
||||
https://www-fsb-ru.translate.goog/fsb/press/message/single.htm!id=10439739@fsbMessage.html?_x_tr_sch=http&_x_tr_sl=ru&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp
|
||||
https://www.13cubed.com/downloads/windows_process_genealogy_v2.pdf
|
||||
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
|
||||
@@ -3736,6 +3750,7 @@ https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screen
|
||||
https://www.huntress.com/blog/attacking-mssql-servers
|
||||
https://www.huntress.com/blog/confluence-to-cerber-exploitation-of-cve-2023-22518-for-ransomware-deployment
|
||||
https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software
|
||||
https://www.huntress.com/blog/curling-for-data-a-dive-into-a-threat-actors-malicious-ttps
|
||||
https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response
|
||||
https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
|
||||
https://www.huntress.com/blog/the-unwanted-guest
|
||||
@@ -4099,6 +4114,7 @@ https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats
|
||||
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte
|
||||
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.azoruit.a
|
||||
https://www.trendmicro.com/vinfo/vn/threat-encyclopedia/malware/ransom.bat.zarlock.a
|
||||
https://www.trendmicro.com/zh_hk/research/26/c/axios-npm-package-compromised.html
|
||||
https://www.trimarcsecurity.com/single-post/TrimarcResearch/Detecting-Kerberoasting-Activity
|
||||
https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/
|
||||
https://www.trustedsec.com/blog/art_of_kerberoast/
|
||||
@@ -4149,6 +4165,7 @@ https://www.virustotal.com/gui/file/05a2adb266ec6c0ba9ed176d87d8530e71e845348c13
|
||||
https://www.virustotal.com/gui/file/0e2854753d17b1bb534de8e765d5813c9fb584a745978b3d92bc6ca78e3e7735/relations
|
||||
https://www.virustotal.com/gui/file/13828b390d5f58b002e808c2c4f02fdd920e236cc8015480fa33b6c1a9300e31
|
||||
https://www.virustotal.com/gui/file/13ae8bfbc02254b389ab052aba5e1ba169b16a399d9bc4cb7414c4a73cd7dc78/detection
|
||||
https://www.virustotal.com/gui/file/14d886517fff2cc8955844b252c985ab59f2f95b2849002778f03a8f07eb8aef
|
||||
https://www.virustotal.com/gui/file/15b57c1b68cd6ce3c161042e0f3be9f32d78151fe95461eedc59a79fc222c7ed
|
||||
https://www.virustotal.com/gui/file/16bafdf741e7a13137c489f3c8db1334f171c7cb13b62617d691b0a64783cc48/behavior
|
||||
https://www.virustotal.com/gui/file/1c547a064494a35d6b5e6b459de183ab2720a22725e082bed6f6629211f7abc1/behavior
|
||||
@@ -4287,6 +4304,7 @@ https://www.zscaler.com/blogs/security-research/onenote-growing-threat-malware-d
|
||||
https://www.zscaler.com/blogs/security-research/steal-it-campaign
|
||||
https://www.zscaler.com/blogs/security-research/technical-analysis-crytox-ransomware
|
||||
https://www.zscaler.com/blogs/security-research/unintentional-leak-glimpse-attack-vectors-apt37
|
||||
https://x.com/0x534c/status/1944694507787710685
|
||||
https://x.com/_st0pp3r_/status/1742203752361128162?s=20
|
||||
https://x.com/cyb3rops/status/1862406110365245506
|
||||
https://x.com/defusedcyber/status/1971492272966598683
|
||||
|
||||
Reference in New Issue
Block a user