238e0ecd7d
Update Ref+Selection
2022-07-11 14:11:53 +01:00
97856b562a
Add "\" to "Image|endswith" modifier
...
- Added the "\\" (backslash) for the "(Parent)Image|endswith" modifiers to avoid possible confusion.
- The modification were mostly done on default windows binaries to avoid changing logic of other rules.
2022-06-02 13:39:07 +01:00
32169dbc33
chore: harmonization of generic 'nt system' user checks
...
also a simple (non-commprehensive) test case to find
usages of localized user names
2022-05-27 15:16:31 +02:00
b23eee6ebf
fix: unknown --> Unknown
2022-03-16 13:43:54 +01:00
ec7319be21
Name Normalization
...
Name Normalization
2022-02-27 07:39:46 +01:00
3ec9f6d252
Merge pull request #2569 from frack113/red_20220116
...
Windows Redcannary defense_evasion
2022-01-17 06:36:41 +01:00
12f0d6dfab
Windows Redcannary
2022-01-16 14:47:56 +01:00
c4f4b55920
Add french user
2022-01-15 23:33:36 +01:00
38ddf07291
Add french user
2022-01-15 23:31:51 +01:00
cb938c14df
Windows Redcannary
2022-01-15 17:04:03 +01:00
8b67ad069e
Windows Redcannary
2022-01-02 10:36:52 +01:00
01dc930c17
Change status for old rules
2021-11-27 11:33:14 +01:00
f8574fcd81
Add cve tags
2021-10-25 18:40:50 +02:00
17ad95cd12
Update sysmon_delete_prefetch.yml
2021-09-29 10:58:00 +02:00
da4a8a0ffd
Fix title field error
2021-09-29 09:49:58 +02:00
d3fc6b118d
Add new rule - sysmon_delete_prefetch - AntiForensic
2021-09-29 09:42:17 +02:00
ace46c17be
Update cve tags
2021-08-24 10:27:27 +02:00
08a7886621
Added rule for deletion of DLLs by PrintNightmare
2021-07-01 16:33:55 +05:45
206adbb2b6
Merging upstream updates
2021-07-01 12:18:30 +05:45
Nasreddine Bencherchali