 frack113
|
63afa0af8d
|
Merge pull request #3414 from frack113/sysmon14
Add file_event_proxy_dropping_executable
|
2022-08-23 06:28:35 +02:00 |
|
|
Florian Roth
|
4f815501fd
|
fix: UUIDs
|
2022-08-22 20:30:15 +02:00 |
|
|
Florian Roth
|
40a802889b
|
fix: typo
|
2022-08-22 20:22:31 +02:00 |
|
|
Florian Roth
|
9f38bce2ca
|
refactor: refactored to 3 rules
|
2022-08-22 20:20:57 +02:00 |
|
|
Florian Roth
|
60512d7749
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 20:13:37 +02:00 |
|
|
Florian Roth
|
848162172a
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 19:49:17 +02:00 |
|
|
Florian Roth
|
bb7539ea56
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 19:48:52 +02:00 |
|
|
Florian Roth
|
69f6993ed7
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 19:48:14 +02:00 |
|
|
frack113
|
911d0fa158
|
Add dll and ocx
|
2022-08-22 19:31:17 +02:00 |
|
|
frack113
|
326eebdc7b
|
Add file_event_proxy_dropping_executable
|
2022-08-22 17:17:32 +02:00 |
|
|
Florian Roth
|
00383708ce
|
Merge pull request #3412 from aaronherman/add-dumpert-hacktools-implashes
add Dumpert and other Imphashes to Windows Hacktools rule
|
2022-08-21 11:00:51 +02:00 |
|
|
Florian Roth
|
a4656f9cb7
|
Merge pull request #3408 from frack113/redcannary_20220820
Redcannary 20220820
|
2022-08-21 09:30:13 +02:00 |
|
|
Florian Roth
|
f0bdb36b18
|
add more imphashes from Sysmon config
|
2022-08-21 09:17:23 +02:00 |
|
|
Florian Roth
|
c99d94766e
|
revert: remove dumpert rule
|
2022-08-21 09:08:19 +02:00 |
|
|
Florian Roth
|
79cd099ff0
|
Merge pull request #3404 from frack113/hotfix
update 20220820
|
2022-08-21 09:04:28 +02:00 |
|
|
frack113
|
42d49d7275
|
Update registry_set_add_hidden_user.yml
|
2022-08-21 08:28:16 +02:00 |
|
|
frack113
|
57e131fe4e
|
Update registry_set_add_hidden_user.yml
|
2022-08-21 07:39:17 +02:00 |
|
|
frack113
|
247edbf967
|
Update dns_query_win_susp_ldap.yml
|
2022-08-21 07:37:56 +02:00 |
|
|
frack113
|
1d8c8be79d
|
Merge pull request #3409 from aaronherman/readme-updates
correct broken link and fix typo
|
2022-08-21 07:34:37 +02:00 |
|
|
frack113
|
dade826008
|
Merge pull request #3410 from aaronherman/update-sigma-mitre-navigator
update MITRE ATT&CK Navigator export
|
2022-08-21 07:34:11 +02:00 |
|
|
AaronHerman
|
2a22cb76d7
|
remove dumpert rule, add to Windows Hacktools Impash
|
2022-08-20 20:23:15 -05:00 |
|
|
AaronHerman
|
2a595eda60
|
update MITRE ATT&CK Navigator export
|
2022-08-20 11:50:25 -05:00 |
|
|
Aaron Herman
|
3b6366b03d
|
correct broken link and fix typo
|
2022-08-20 11:02:26 -05:00 |
|
|
frack113
|
6a7b3e56f3
|
Fix FP
|
2022-08-20 17:19:24 +02:00 |
|
|
frack113
|
9f89d4c8c7
|
Redcannary 20220820
|
2022-08-20 17:12:31 +02:00 |
|
|
frack113
|
3989de3bf9
|
Merge pull request #3406 from wagga40/wagga40-patch-sqlite-backend
Update Sqlite backend to handle null values
|
2022-08-20 14:18:25 +02:00 |
|
|
Florian Roth
|
268b0a8038
|
Merge pull request #3402 from nasbench/lolbin-update
LOLBIN Updates
|
2022-08-20 13:25:24 +02:00 |
|
|
Wagga
|
03a6a5b48b
|
Update Sqlite backend to handle null values
|
2022-08-20 12:23:00 +02:00 |
|
|
frack113
|
df8df38414
|
Add proc_creation_win_susp_pester_parent
|
2022-08-20 12:18:49 +02:00 |
|
|
frack113
|
8333671025
|
Fix test error
|
2022-08-20 12:07:01 +02:00 |
|
|
frack113
|
bda5a032c8
|
update 20220820
|
2022-08-20 11:56:18 +02:00 |
|
|
Florian Roth
|
1443adc730
|
Update proc_creation_win_lolbin_customshellhost.yml
|
2022-08-20 10:27:40 +02:00 |
|
|
Florian Roth
|
a82c533d30
|
Merge pull request #3395 from nasbench/nasbench-rule-devel
Update + New Rules
|
2022-08-20 09:46:40 +02:00 |
|
|
Florian Roth
|
5c27980bc6
|
Merge pull request #3403 from SigmaHQ/rule-devel
rule: SharpUp, HandleKatz
|
2022-08-20 09:29:55 +02:00 |
|
|
Florian Roth
|
8648919169
|
change casing to include both casings
|
2022-08-20 09:28:47 +02:00 |
|
|
Florian Roth
|
65cdc9d04d
|
Update proc_creation_win_lolbin_customshellhost.yml
|
2022-08-20 09:22:05 +02:00 |
|
|
Florian Roth
|
34b4249690
|
Merge pull request #3401 from frack113/redcannary_20220819
Redcannary test
|
2022-08-20 09:12:41 +02:00 |
|
|
Florian Roth
|
872a6525dd
|
fix: list with 1 entry
|
2022-08-20 09:01:51 +02:00 |
|
|
frack113
|
0c13d5ee59
|
Merge pull request #3396 from redsand/fp_admanager_again_oof1
FP: another false positive on using cmd exec to query service stats..…
|
2022-08-20 08:36:58 +02:00 |
|
|
frack113
|
93da19a708
|
Merge pull request #3390 from Tomasuh/proxy-dev
Rule for Advanced IP/Port Scanner update check
|
2022-08-20 08:35:52 +02:00 |
|
|
Florian Roth
|
e546862635
|
rule: sharpup
|
2022-08-20 00:49:39 +02:00 |
|
|
Nasreddine Bencherchali
|
544e06ee33
|
Update proc_creation_win_proc_dump_createdump.yml
|
2022-08-19 23:09:40 +01:00 |
|
|
Nasreddine Bencherchali
|
0dc4704f05
|
LOLBIN Updates
|
2022-08-19 23:05:46 +01:00 |
|
|
frack113
|
3dcb4c195b
|
Add t1484.001
|
2022-08-19 19:12:40 +02:00 |
|
|
frack113
|
f88d2befa7
|
Update ref
|
2022-08-19 17:20:34 +02:00 |
|
|
frack113
|
0938659f94
|
Redcannary test
|
2022-08-19 14:06:08 +02:00 |
|
|
Nasreddine Bencherchali
|
b45316cf8b
|
Update driver_load_vuln_drivers.yml
|
2022-08-19 09:29:20 +01:00 |
|
|
Florian Roth
|
207b6a3ae6
|
Update proxy_adv_ip_port_scanner_upd_check.yml
|
2022-08-19 09:10:32 +02:00 |
|
|
Florian Roth
|
3584496d41
|
Merge pull request #3399 from ali-saad-jaffer/ali/patch-1-author-consistency
Fix case on author for consistency
|
2022-08-19 09:09:20 +02:00 |
|
|
Florian Roth
|
60b7c0a407
|
Update proc_creation_win_webshell_spawn.yml
|
2022-08-19 09:08:31 +02:00 |
|