 frack113
|
b897015300
|
Merge pull request #3312 from nasbench/nasbench-rule-devel
Update proc_creation_win_file_permission_modifications.yml
|
2022-08-02 12:50:54 +02:00 |
|
|
Florian Roth
|
ff6e50bc43
|
Merge pull request #3306 from nasbench/nasbench-rule-devel
Update + New Rules
|
2022-08-02 12:18:47 +02:00 |
|
|
Nasreddine Bencherchali
|
87ab157844
|
Update proc_creation_win_file_permission_modifications.yml
|
2022-08-02 11:17:27 +01:00 |
|
|
frack113
|
4ce8600749
|
Merge pull request #3310 from frack113/issue_3309
Update option
|
2022-08-02 09:46:46 +02:00 |
|
|
Florian Roth
|
46147bb4af
|
Merge pull request #3303 from danielgottt/patch-3
Create proc_creation_win_dnscmd_discovery.yml
|
2022-08-02 09:35:53 +02:00 |
|
|
Florian Roth
|
abc9aeb829
|
Update proc_creation_win_reg_delete_services.yml
|
2022-08-02 09:21:56 +02:00 |
|
|
Florian Roth
|
8399760902
|
Merge pull request #3307 from nasbench/webshell-children
Update Children Of Web Shell Rules
|
2022-08-02 09:12:00 +02:00 |
|
|
frack113
|
211bb6a760
|
Update option
|
2022-08-02 09:06:10 +02:00 |
|
|
G Y
|
ebb753814b
|
Update proc_creation_win_false_sysinternalsuite.yml
Typo + grammatical correction in description field
|
2022-08-02 11:19:14 +08:00 |
|
|
Nasreddine Bencherchali
|
7f1207957c
|
Update proc_creation_win_sc_delete_av_services.yml
|
2022-08-01 23:39:08 +01:00 |
|
|
Nasreddine Bencherchali
|
b984ee65b3
|
Update proc_creation_win_webshell_spawn.yml
|
2022-08-01 23:28:53 +01:00 |
|
|
Nasreddine Bencherchali
|
921af82587
|
Update proc_creation_win_reg_import_from_suspicious_paths.yml
|
2022-08-01 20:25:29 +01:00 |
|
|
Nasreddine Bencherchali
|
7a326e9b32
|
Create proc_creation_win_reg_import_from_suspicious_paths.yml
|
2022-08-01 20:12:40 +01:00 |
|
|
Nasreddine Bencherchali
|
d62d3cc4e0
|
Update proc_creation_win_sc_delete_av_services.yml
|
2022-08-01 19:39:58 +01:00 |
|
|
Nasreddine Bencherchali
|
cd7539d7e6
|
Create proc_creation_win_sc_delete_av_services.yml
|
2022-08-01 17:52:09 +01:00 |
|
|
Nasreddine Bencherchali
|
1764b51c0b
|
Update + New Rules
|
2022-08-01 17:37:16 +01:00 |
|
|
Nasreddine Bencherchali
|
8d615c9d78
|
Update rules
|
2022-08-01 16:02:07 +01:00 |
|
|
Daniel Gott
|
a645371e8b
|
Update proc_creation_win_dnscmd_discovery.yml
implemented suggestions from frack113
|
2022-08-01 09:02:04 -04:00 |
|
|
wikijm
|
7a67564dfd
|
Update proc_creation_win_powershell_susp_parameter_variation.yml
|
2022-08-01 06:45:53 +02:00 |
|
|
Daniel Gott
|
f6f1175413
|
Update proc_creation_win_dnscmd_discovery.yml
update to selection name
|
2022-07-31 19:03:38 -04:00 |
|
|
Daniel Gott
|
78ca0d324c
|
Update proc_creation_win_dnscmd_discovery.yml
Modified selection name
|
2022-07-31 18:54:34 -04:00 |
|
|
Daniel Gott
|
7155eb999b
|
Create proc_creation_win_dnscmd_discovery.yml
|
2022-07-31 18:19:49 -04:00 |
|
|
Florian Roth
|
e98d86dd6d
|
Merge pull request #3300 from SigmaHQ/aurora-false-positive-fixing
Aurora false positive fixing
|
2022-07-31 13:35:57 +02:00 |
|
|
Nasreddine Bencherchali
|
43f9522691
|
New Rules
|
2022-07-29 14:07:14 +02:00 |
|
|
Florian Roth
|
777d0f39a1
|
Merge pull request #3290 from pH-T/master
new rule: browser remote debugging
|
2022-07-28 21:11:26 +02:00 |
|
|
Nasreddine Bencherchali
|
dabc74af0c
|
Qbot rules
|
2022-07-28 19:33:09 +02:00 |
|
|
Florian Roth
|
623a3a6430
|
Merge pull request #3288 from nasbench/avast-vuln-driver
Avast vuln driver
|
2022-07-28 17:41:30 +02:00 |
|
|
Florian Roth
|
a954de89d7
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-07-28 16:58:31 +02:00 |
|
|
Florian Roth
|
9ca043863e
|
fix: FPs noticed with Aurora
|
2022-07-28 16:58:24 +02:00 |
|
|
Paul Hager
|
571e82ef3c
|
new rules: browser remote debugging
|
2022-07-28 15:48:59 +02:00 |
|
|
Nasreddine Bencherchali
|
d4c0c79ee4
|
Create proc_creation_win_susp_new_kernel_driver_via_sc.yml
|
2022-07-28 12:40:26 +01:00 |
|
|
Nasreddine Bencherchali
|
06ae038add
|
Update proc_creation_win_schtasks_appdata_local_system.yml
|
2022-07-28 10:28:57 +01:00 |
|
|
Nasreddine Bencherchali
|
bc5bc9fcdf
|
Update proc_creation_win_schtasks_appdata_local_system.yml
|
2022-07-28 01:49:12 +01:00 |
|
|
Nasreddine Bencherchali
|
5b3b87581d
|
Update proc_creation_win_schtasks_appdata_local_system.yml
|
2022-07-28 01:41:53 +01:00 |
|
|
Nasreddine Bencherchali
|
0038ead60d
|
Update proc_creation_win_schtasks_appdata_local_system.yml
|
2022-07-28 01:39:33 +01:00 |
|
|
Nasreddine Bencherchali
|
d2401304d4
|
Update proc_creation_win_schtasks_appdata_local_system.yml
|
2022-07-28 01:28:06 +01:00 |
|
|
Nasreddine Bencherchali
|
df524d8592
|
Update 3
|
2022-07-28 01:05:04 +01:00 |
|
|
Nasreddine Bencherchali
|
9d958dbf94
|
Updates 2
|
2022-07-28 00:38:33 +01:00 |
|
|
Nasreddine Bencherchali
|
d13cba8c4b
|
Updates
|
2022-07-27 23:41:11 +01:00 |
|
|
Nasreddine Bencherchali
|
ff6e991346
|
Delete duplicate rule + merge
|
2022-07-27 22:53:58 +01:00 |
|
|
Nasreddine Bencherchali
|
88e395aca4
|
Renamed SelectMyParent Rule
|
2022-07-27 22:43:49 +01:00 |
|
|
Tareq Alkhatib
|
416cc5f26b
|
Typo Fix. Added additional reference
|
2022-07-27 10:27:46 -04:00 |
|
|
Florian Roth
|
1fcdeffada
|
Merge pull request #3283 from Yaxxine7/master
Replace commandline by parentcommandline and add fp
|
2022-07-27 15:08:35 +02:00 |
|
|
Florian Roth
|
1b824982ed
|
fix: wrong modifier
|
2022-07-27 14:58:27 +02:00 |
|
|
Florian Roth
|
9da0386119
|
make filter more generic
|
2022-07-27 14:58:02 +02:00 |
|
|
Florian Roth
|
f5571b65af
|
Merge pull request #3279 from SigmaHQ/rule-devel
refactor: UACME Akagi
|
2022-07-27 14:56:16 +02:00 |
|
|
Yaxxine7
|
706a83868c
|
Replace commandline by parentcommandline and add fp
|
2022-07-27 14:37:58 +02:00 |
|
|
Nasreddine Bencherchali
|
f80d8a83da
|
Fix typos
|
2022-07-27 12:52:51 +01:00 |
|
|
Florian Roth
|
ff6cea7ae5
|
fix: another list with 1 element
|
2022-07-27 12:14:18 +02:00 |
|
|
Florian Roth
|
b8700b7a72
|
fix: list with 1 element
|
2022-07-27 11:51:34 +02:00 |
|