security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,994 Commits 1 Branch 57 Tags
01dc930c173e329c191245b76f05de5fa4b5da21
Commit Graph

6 Commits

Author SHA1 Message Date
Florian Roth 46f0e32118 Update process_creation_win_lolbas_dump64.yml 2021-11-27 01:18:56 +01:00
Austin Songer 248dcbe735 Update process_creation_win_lolbas_dump64.yml 2021-11-26 14:34:32 -06:00
Florian Roth 1b8a6b901b docs: change title and description 2021-11-26 21:24:54 +01:00
Florian Roth 83e4236edf fix: tag, changed rule to avoid FP with VS binary 
there is a legitimate binary used in Visual Studio named dump64.exe, we can exclude the original location and only report when we see it in a different location or used with procdump command line flags
https://www.advanceduninstaller.com/Visual-Studio-Professional-2019-dc240beb51a0e41e029278d4ad2a2e87-application.htm
 2021-11-26 21:23:21 +01:00
Austin Songer 18bab18dd9 Update process_creation_win_lolbas_dump64.yml 2021-11-26 14:19:10 -06:00
Austin Songer d485fa9b93 Create process_creation_win_lolbas_dump64.yml 2021-11-26 14:03:10 -06:00