 Florian Roth
|
7ce7095c2c
|
fix: title with lower case letters
|
2021-05-27 15:01:32 +02:00 |
|
|
Florian Roth
|
3cd2730a26
|
rule: process hacker priv esc
|
2021-05-27 12:49:54 +02:00 |
|
|
Florian Roth
|
c0b93a010c
|
NCCGroup rules from rclone blog post
https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/
|
2021-05-27 12:49:40 +02:00 |
|
|
Florian Roth
|
7812a4217c
|
rule: regedit as trustedinstaller
|
2021-05-27 11:36:05 +02:00 |
|
|
Florian Roth
|
b5352ac5f7
|
fix: duplicate UUIDs
|
2021-05-27 10:29:21 +02:00 |
|
|
Florian Roth
|
a5fe7af25f
|
Cobalt Strike Service Installation
|
2021-05-26 18:05:38 +02:00 |
|
|
Florian Roth
|
c1cebe627a
|
refactor: reworked CS pipe rule
|
2021-05-26 17:22:34 +02:00 |
|
|
Florian Roth
|
ba12057919
|
Merge pull request #1505 from WojciechLesicki/master
Update rule regarding other named pipe
|
2021-05-26 14:35:22 +02:00 |
|
|
Florian Roth
|
8aabb58eca
|
Merge pull request #1498 from w0rk3r/otrf
Update broken OTRF Threat Hunter Playbook References
|
2021-05-26 13:06:16 +02:00 |
|
|
WojciechLesicki
|
8b707bc948
|
Added also \status_ pipe.
|
2021-05-25 21:58:22 +02:00 |
|
|
WojciechLesicki
|
f1a0308e73
|
Add one more pipe, references etc.
|
2021-05-25 21:07:23 +02:00 |
|
|
WojciechLesicki
|
38552e98cf
|
Adding some pipes
|
2021-05-25 15:47:34 +02:00 |
|
|
frack113
|
3717c68bb7
|
fix typo of level
|
2021-05-24 10:45:58 +02:00 |
|
|
frack113
|
104a004b3d
|
fix typo of tags
|
2021-05-24 10:41:17 +02:00 |
|
|
frack113
|
afb3d63900
|
fix typo of fields
|
2021-05-24 10:37:14 +02:00 |
|
|
frack113
|
1fcd0bf951
|
fix typo of fields
|
2021-05-24 10:34:56 +02:00 |
|
|
frack113
|
a1bddf51e7
|
fix typo of falsepositives
|
2021-05-24 10:31:28 +02:00 |
|
|
Florian Roth
|
211bf35640
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2021-05-22 15:45:40 +02:00 |
|
|
Florian Roth
|
02323043d7
|
Create web_cve_2021_26814_wzuh_rce.yml
|
2021-05-22 15:45:38 +02:00 |
|
|
Florian Roth
|
576e047e76
|
Delete win_susp_Register_cimprovider.yml
|
2021-05-22 15:43:41 +02:00 |
|
|
Florian Roth
|
4c281d117c
|
fix: bug in rule syntax
|
2021-05-22 15:31:23 +02:00 |
|
|
Florian Roth
|
9b7fb0c0f3
|
Update win_susp_shell_spawn_from_winrm.yml
|
2021-05-22 15:28:50 +02:00 |
|
|
Florian Roth
|
7e1ac347ef
|
Merge branch 'master' into rule-devel
|
2021-05-22 15:27:32 +02:00 |
|
|
Florian Roth
|
c0d58cb7f9
|
PAExec and PSexec rules
|
2021-05-22 10:52:01 +02:00 |
|
|
Jonhnathan
|
687f2d67fc
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:09:30 -03:00 |
|
|
Jonhnathan
|
7f335cbb4a
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:08:23 -03:00 |
|
|
Jonhnathan
|
34e2a81371
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:04:53 -03:00 |
|
|
Jonhnathan
|
89cfef9d49
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:04:20 -03:00 |
|
|
Jonhnathan
|
26ecbea0ba
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:03:49 -03:00 |
|
|
Jonhnathan
|
4ebdcf2f1d
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:03:23 -03:00 |
|
|
Jonhnathan
|
c7f7eb6698
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:02:43 -03:00 |
|
|
Jonhnathan
|
5f6c19f203
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:02:19 -03:00 |
|
|
Jonhnathan
|
627a83914a
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:01:33 -03:00 |
|
|
Jonhnathan
|
3853d71c56
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:01:07 -03:00 |
|
|
Jonhnathan
|
e218c32a4c
|
Update Threat Hunter Playbook Reference
|
2021-05-22 01:00:39 -03:00 |
|
|
Jonhnathan
|
1b32a5c0f3
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:59:54 -03:00 |
|
|
Jonhnathan
|
93087d2130
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:59:35 -03:00 |
|
|
Jonhnathan
|
d3afed53ac
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:59:04 -03:00 |
|
|
Jonhnathan
|
7007287832
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:58:23 -03:00 |
|
|
Jonhnathan
|
2e139b4264
|
Update win_protected_storage_service_access.yml
|
2021-05-22 00:57:25 -03:00 |
|
|
Jonhnathan
|
085218b25a
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:57:01 -03:00 |
|
|
Jonhnathan
|
3fb5f1c47e
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:56:32 -03:00 |
|
|
Jonhnathan
|
943e2c8c88
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:56:03 -03:00 |
|
|
Jonhnathan
|
9765fcbd0c
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:55:29 -03:00 |
|
|
Jonhnathan
|
e23147111b
|
Update Threat Hunter Playbook Reference
|
2021-05-22 00:54:57 -03:00 |
|
|
Florian Roth
|
a0efd7a4dc
|
Merge pull request #1494 from Karneades/patch-1
Add keyword WinRM to remote powershell rules
|
2021-05-21 10:35:18 +02:00 |
|
|
Andreas Hunkeler
|
e58c59dcfd
|
Update modified field in WinRM rule
|
2021-05-21 09:29:11 +02:00 |
|
|
Andreas Hunkeler
|
d8ec5fa6af
|
Add modified field in WinRM rule
|
2021-05-21 09:28:45 +02:00 |
|
|
Florian Roth
|
a30391f3b4
|
Merge pull request #1495 from SigmaHQ/rule-devel
rule refactoring: Cobalt Strike service start
|
2021-05-20 17:43:29 +02:00 |
|
|
Andreas Hunkeler
|
93241e7fc6
|
Add keyword WinRM to remote powershell process rule
|
2021-05-20 17:03:32 +02:00 |
|