blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	b984ee65b3	Update proc_creation_win_webshell_spawn.yml	2022-08-01 23:28:53 +01:00
Nasreddine Bencherchali	d13cba8c4b	Updates	2022-07-27 23:41:11 +01:00
Tim Shelton	fb95703685	False positive when running Manage Engine and elastic	2022-07-25 21:33:39 +00:00
Nasreddine Bencherchali	16b2945027	New Rules + Update	2022-07-14 17:35:50 +01:00
svch0stz	3ec531979a	Update proc_creation_win_webshell_spawn.yml Example pulled from manage engine below: Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ParentImage: C:\Program Files\ManageEngine\SupportCenterPlus\jre\bin\java.exe ParentCommandline: "..\jre\bin\java" -Dcatalina.home=.. -Dserver.home=.. -Dserver.stats=1000 <snip>	2022-05-15 14:57:21 +10:00
phantinuss	f1dcaa02f4	fix: single list element	2022-03-21 12:33:55 +01:00
Florian Roth	e754849425	fix: missing space	2022-03-18 08:37:09 +01:00
Florian Roth	8250dd73a2	refactor: webshell detection rules	2022-03-17 18:24:15 +01:00
$frack113$ frack113	8bb3379b68	Normalization of rule names	2022-02-22 11:16:31 +01:00