security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2364 from redsand/fix_omgosh_syntax_err

Browse Source 
Fixes a syntax error in submitted change where : was intended to be |
This commit is contained in:
frack113
2021-12-02 06:27:54 +01:00
committed by GitHub
parent 30a5838514 0e55a06e6e
commit da844da2a4
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_script/powershell_malicious_commandlets.yml
+3 -2
View File
@@ -114,8 +114,9 @@ detection:
- "Invoke-Mimikittenz"
- "Invoke-AllChecks"
false_positives:
ScriptBlockText|contains: Get-SystemDriveInfo # http://bheltborg.dk/Windows/WinSxS/amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_10.0.10240.16384_none_91ef7543a4514b5e/CL_Utility.ps1
ScriptBlockText:contains: C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1 # false positive form Amazon EC2
ScriptBlockText|contains:
- Get-SystemDriveInfo # http://bheltborg.dk/Windows/WinSxS/amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_10.0.10240.16384_none_91ef7543a4514b5e/CL_Utility.ps1
- C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1 # false positive form Amazon EC2
condition: select_Malicious and not false_positives
falsepositives:
- Penetration testing