blue-team-tools

Author	SHA1	Message	Date
Florian Roth	016b15a2a9	Added quotation marks I've added quotation marks to make it clearer (leading dash looks weird)	2018-07-26 18:10:21 +02:00
Lurkkeli	7796492c2b	Update powershell_NTFS_Alternate_Data_Streams	2018-07-26 08:54:08 -07:00
Florian Roth	cf7f5c7473	Changes I think that this is what you've wanted, right? If both keywords appear in a single log entry, right? Don't you think that this still causes false positives? Could "set-content" and "stream" be more common than expected?	2018-07-25 07:35:59 +02:00
Lurkkeli	db82322d17	Update powershell_NTFS_Alternate_Data_Streams	2018-07-24 20:03:07 +02:00
Lurkkeli	fd8c5c5bf6	Update powershell_NTFS_Alternate_Data_Streams	2018-07-24 20:00:21 +02:00
Lurkkeli	ad580635ea	Create powershell_NTFS_Alternate_Data_Streams	2018-07-24 19:49:08 +02:00