 frack113
|
010a988fe5
|
Merge pull request #2318 from austinsonger/clearing_windows_console_history.yml
clearing_windows_console_history.yml
|
2021-11-27 07:43:52 +01:00 |
|
|
Austin Songer
|
48d9aec318
|
Update powershell_clearing_windows_console_history.yml
|
2021-11-26 09:18:37 -06:00 |
|
|
Florian Roth
|
d91b925873
|
fix: FPs
|
2021-11-26 14:42:21 +01:00 |
|
|
Austin Songer
|
25df58702a
|
Update powershell_clearing_windows_console_history.yml
|
2021-11-25 19:08:55 -06:00 |
|
|
Austin Songer
|
a9ab7f4e13
|
Update powershell_clearing_windows_console_history.yml
|
2021-11-25 19:08:27 -06:00 |
|
|
Austin Songer
|
f8fd44d92a
|
Update powershell_clearing_windows_console_history.yml
|
2021-11-25 19:06:18 -06:00 |
|
|
Austin Songer
|
c3d5d1c231
|
clearing_windows_console_history.yml
|
2021-11-25 19:04:30 -06:00 |
|
|
frack113
|
ab663f9bcf
|
Add MITTRE Technique
|
2021-11-20 10:56:41 +01:00 |
|
|
frack113
|
1cfca93354
|
Missing status in rules (#2284)
* add missing status
|
2021-11-19 22:32:26 +01:00 |
|
|
frack113
|
9f7a027913
|
Fix category and EventID
|
2021-11-12 12:18:44 +01:00 |
|
|
Austin Songer
|
923391224a
|
Create powershell_azurehound_commands.yml
|
2021-10-23 18:27:36 -05:00 |
|
|
frack113
|
217ac5c9a3
|
Merge pull request #2170 from frack113/redcanary_T1564_003
add rule powershell_suspicious_windowstyle
|
2021-10-21 18:07:48 +02:00 |
|
|
frack113
|
a9bc26f37c
|
add powershell_suspicious_windowstyle
|
2021-10-20 13:57:24 +02:00 |
|
|
frack113
|
f9efc127de
|
add powershell_set_policies_to_unsecure_level
|
2021-10-20 12:58:43 +02:00 |
|
|
frack113
|
faa407dacc
|
cleanup list
|
2021-10-18 14:52:35 +02:00 |
|
|
frack113
|
0e1c156ddf
|
fix related
|
2021-10-18 14:26:06 +02:00 |
|
|
frack113
|
d866b10590
|
add ps_script verison
|
2021-10-18 14:13:29 +02:00 |
|
|
frack113
|
19da3ac07f
|
add ps_module version
|
2021-10-18 14:12:52 +02:00 |
|
|
frack113
|
278c01c59f
|
move to deprecated
|
2021-10-18 14:12:10 +02:00 |
|
|
frack113
|
4149fa8632
|
change to category: ps_classic_*
|
2021-10-16 08:26:51 +02:00 |
|
|
frack113
|
f6b0a89161
|
change to category: ps_script
|
2021-10-16 08:18:49 +02:00 |
|
|
frack113
|
0ca16b18f4
|
Change to category: ps_module
|
2021-10-16 08:05:15 +02:00 |
|
|
Austin Songer
|
4e43fce629
|
Update powershell_windows_firewall_profile_disabled.yml
|
2021-10-13 07:01:04 -05:00 |
|
|
Austin Songer
|
40eed2ec59
|
Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml
|
2021-10-12 11:57:37 -05:00 |
|
|
Austin Songer
|
d273bc25ea
|
Create powershell_windows_firewall_disabled.yml
|
2021-10-12 11:56:37 -05:00 |
|
|
frack113
|
1337116d84
|
Cleanup selection name
|
2021-10-10 10:17:24 +02:00 |
|
|
Florian Roth
|
2379907f26
|
docs: extended the description by a word
|
2021-10-09 16:42:42 +02:00 |
|
|
Florian Roth
|
f475b90ee3
|
fix: typo in description
|
2021-10-09 16:41:48 +02:00 |
|
|
frack113
|
5c68c42058
|
order powershell_script
|
2021-10-09 10:30:36 +02:00 |
|
|
frack113
|
77749510b7
|
fix yml
|
2021-10-09 10:01:40 +02:00 |
|
|
frack113
|
41d098b253
|
fix yml error
|
2021-10-09 09:59:21 +02:00 |
|
|
frack113
|
9b0f744f75
|
order powershell_script
|
2021-10-09 09:57:45 +02:00 |
|
|
frack113
|
fe7fbfd5fc
|
order powershell_module
|
2021-10-09 09:50:49 +02:00 |
|
|
frack113
|
0d04b469f7
|
order powershell_classic
|
2021-10-07 07:40:53 +02:00 |
|
|
frack113
|
1c842037cf
|
Merge pull request #2109 from Karneades/patch-1
Add fp note to powershell winapi rule
|
2021-09-30 17:45:03 +02:00 |
|
|
Andreas Hunkeler
|
82ba266a53
|
Add fp note to powershell winapi rule
|
2021-09-30 16:38:39 +02:00 |
|
|
frack113
|
29d66a965c
|
add 4104
|
2021-09-30 10:03:11 +02:00 |
|
|
frack113
|
c59b0eb543
|
Merge pull request #2063 from frack113/last_global
Split Last Global Rules
|
2021-09-23 13:54:57 +02:00 |
|
|
frack113
|
6e6d57b019
|
fix filename
|
2021-09-22 18:45:08 +02:00 |
|
|
frack113
|
3c906b52a0
|
fix filename
|
2021-09-22 16:21:07 +02:00 |
|
|
frack113
|
045e87058b
|
add definition
|
2021-09-22 08:40:08 +02:00 |
|
|
Florian Roth
|
d884f774f9
|
Update powershell_memorydump_getstoragediagnosticinfo.yml
|
2021-09-21 18:01:46 +02:00 |
|
|
Max Altgelt
|
bf9bc03258
|
chore: properly name and describe rules
|
2021-09-21 15:59:01 +02:00 |
|
|
Max Altgelt
|
8c3faa390c
|
feat: Add rule for live memory dumping
|
2021-09-21 15:09:12 +02:00 |
|
|
frack113
|
8c13bd23b9
|
split global win_powershell_web_request
|
2021-09-21 13:44:19 +02:00 |
|
|
frack113
|
0a6ac0b171
|
split global powershell_alternate_powershell_hosts.yml
|
2021-09-21 09:52:35 +02:00 |
|
|
frack113
|
f5d58a0cb1
|
split powershell_remote_powershell_session.yml
|
2021-09-21 09:48:50 +02:00 |
|
|
frack113
|
95af26f963
|
split powershell_suspicious_download.yml
|
2021-09-21 09:46:02 +02:00 |
|
|
frack113
|
2223afb6fe
|
split global rules
|
2021-09-11 20:30:32 +02:00 |
|
|
frack113
|
e712d9696b
|
Merge pull request #2000 from frack113/split_global
Split frack113 global rules
|
2021-09-08 06:26:35 +02:00 |
|