 Wagga
|
9db9d25b68
|
Update file_event_win_susp_winword_startup.yml
|
2022-08-29 20:16:41 +02:00 |
|
|
Wagga
|
6c42bfb64b
|
Update file_event_win_powershell_startup_shortcuts.yml
|
2022-08-29 20:15:54 +02:00 |
|
|
Wagga
|
8dbeedf728
|
Update file_event_win_powershell_startup_shortcuts.yml
|
2022-08-29 20:14:47 +02:00 |
|
|
Florian Roth
|
61657f50e6
|
Update file_event_win_msdt_autorun.yml
|
2022-08-25 08:38:43 +02:00 |
|
|
Vadim Varganov
|
4a8d4041ee
|
Update file_event_win_msdt_autorun.yml
|
2022-08-25 09:25:30 +03:00 |
|
|
vadim
|
1c536e0698
|
Add new rules for detection msdt.exe create file to autorun
|
2022-08-24 22:18:13 +03:00 |
|
|
frack113
|
f324148291
|
Merge pull request #3424 from nasbench/nasbench-rule-devel
Rule Dev - Update + New Rules
|
2022-08-24 19:59:08 +02:00 |
|
|
Nasreddine Bencherchali
|
728a7ccb66
|
Fix after review
|
2022-08-24 18:35:23 +01:00 |
|
|
Tim Shelton
|
e310bda6ad
|
FP: sentinel one performs this
|
2022-08-24 15:34:36 +00:00 |
|
|
Nasreddine Bencherchali
|
be2ec96dc2
|
Update file_event_win_susp_vscode_powershell_profile.yml
|
2022-08-24 12:29:54 +01:00 |
|
|
Nasreddine Bencherchali
|
918cf94c1b
|
Add + Rename
|
2022-08-24 12:29:35 +01:00 |
|
|
Nasreddine Bencherchali
|
10c5b51c5f
|
Update file_event_win_susp_powershell_profile_create.yml
|
2022-08-24 12:23:20 +01:00 |
|
|
Nasreddine Bencherchali
|
9f02e37dfa
|
Update
|
2022-08-24 12:23:00 +01:00 |
|
|
frack113
|
7248c4e6b7
|
Merge pull request #3415 from nasbench/nasbench-rule-devel
Rule Dev (Update + New Rules)
|
2022-08-23 06:28:51 +02:00 |
|
|
Florian Roth
|
4f815501fd
|
fix: UUIDs
|
2022-08-22 20:30:15 +02:00 |
|
|
Florian Roth
|
40a802889b
|
fix: typo
|
2022-08-22 20:22:31 +02:00 |
|
|
Florian Roth
|
9f38bce2ca
|
refactor: refactored to 3 rules
|
2022-08-22 20:20:57 +02:00 |
|
|
Florian Roth
|
60512d7749
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 20:13:37 +02:00 |
|
|
Florian Roth
|
848162172a
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 19:49:17 +02:00 |
|
|
Florian Roth
|
bb7539ea56
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 19:48:52 +02:00 |
|
|
Florian Roth
|
69f6993ed7
|
Update file_event_proxy_dropping_executable.yml
|
2022-08-22 19:48:14 +02:00 |
|
|
frack113
|
911d0fa158
|
Add dll and ocx
|
2022-08-22 19:31:17 +02:00 |
|
|
frack113
|
326eebdc7b
|
Add file_event_proxy_dropping_executable
|
2022-08-22 17:17:32 +02:00 |
|
|
Nasreddine Bencherchali
|
17aa5fec6d
|
Update
|
2022-08-22 14:52:41 +01:00 |
|
|
frack113
|
07004f0252
|
Merge pull request #3380 from redsand/fp_landesk_adsi_cache_usage
Filter out FP for LANDesk app
|
2022-08-16 20:48:05 +02:00 |
|
|
phantinuss
|
bc2188c72b
|
Merge pull request #3375 from nasbench/nasbench-rule-devel
Rule Dev [New Rules+Updates]
|
2022-08-16 16:46:27 +02:00 |
|
|
Tim Shelton
|
b6c5967443
|
Filter out FP for LANDesk app
|
2022-08-16 13:45:20 +00:00 |
|
|
Nasreddine Bencherchali
|
6798d69d00
|
Update
|
2022-08-15 00:22:08 +01:00 |
|
|
frack113
|
3426dfb6e9
|
Update backslash
|
2022-08-13 09:59:31 +02:00 |
|
|
frack113
|
bd7f0fdf5d
|
Merge pull request #3369 from frack113/temas
Cyble blog
|
2022-08-13 08:00:47 +02:00 |
|
|
frack113
|
2e438a5312
|
Add file_event_win_iphlpapi_dll_sideloading
|
2022-08-12 17:16:17 +02:00 |
|
|
Nasreddine Bencherchali
|
b6fda3e758
|
Fix FP
|
2022-08-12 16:09:20 +01:00 |
|
|
Nasreddine Bencherchali
|
cf2a817801
|
New Rules
|
2022-08-12 13:44:16 +01:00 |
|
|
Nasreddine Bencherchali
|
d7bc975c71
|
Update meta
|
2022-08-12 13:42:52 +01:00 |
|
|
frack113
|
1a57509e85
|
Merge pull request #3346 from nasbench/nasbench-rule-devel
Updates + New Rules
|
2022-08-11 06:26:57 +02:00 |
|
|
Nasreddine Bencherchali
|
80ee1192e6
|
Update file_event_win_error_handler_cmd_persistence.yml
|
2022-08-10 17:45:25 +01:00 |
|
|
Nasreddine Bencherchali
|
405ed7e6d2
|
Update file_event_win_error_handler_cmd_persistence.yml
|
2022-08-10 13:02:08 +01:00 |
|
|
Nasreddine Bencherchali
|
b5c15c5137
|
More additions and updates
|
2022-08-10 12:52:49 +01:00 |
|
|
C.J. May
|
d1b123c16a
|
removed slashes from strings
|
2022-08-09 17:56:28 -05:00 |
|
|
C.J. May
|
402882c764
|
Create file_event_bloodhound_collection.yml
|
2022-08-09 17:49:06 -05:00 |
|
|
Nasreddine Bencherchali
|
b4472132a4
|
Fix after review
|
2022-08-05 18:40:12 +01:00 |
|
|
Nasreddine Bencherchali
|
f704feaf69
|
New Rules
|
2022-08-05 17:11:42 +01:00 |
|
|
Florian Roth
|
83efce33e9
|
Rename sysmon_file_event_iso.yml to file_event_win_iso_file_mount.yml
|
2022-07-31 13:58:55 +02:00 |
|
|
Florian Roth
|
d37bc651c2
|
fix: missing upper tick
|
2022-07-31 13:39:34 +02:00 |
|
|
Florian Roth
|
4747dbfe90
|
Update and rename sysmon_file_event_ISO.yml to sysmon_file_event_iso.yml
|
2022-07-31 13:38:40 +02:00 |
|
|
Sam0x90
|
dd392854a9
|
Merge branch 'SigmaHQ:master' into master
|
2022-07-31 13:20:15 +02:00 |
|
|
Sam0x90
|
15a7755338
|
Updated condition
|
2022-07-31 12:41:21 +02:00 |
|
|
frack113
|
67c5b110f4
|
Sideloading DLL with space path
|
2022-07-31 08:36:19 +02:00 |
|
|
Sam0x90
|
c9b6c0b08f
|
Updated title
|
2022-07-30 13:13:03 +02:00 |
|
|
Sam0x90
|
2cbafe7c3f
|
Update author
|
2022-07-30 12:13:59 +02:00 |
|