80098113d0
Update image_load_susp_cmstp.yml
2022-08-31 09:53:07 +02:00
ea183cae13
Updates+New Rules
2022-08-31 09:39:16 +02:00
6494e185cf
Update image_load_vmware_xfer_load_dll_from_nondefault_path.yml
2022-08-29 18:46:34 +02:00
dc9f4fbb49
Update image_load_defender_load_dll_from_nondefault_path.yml
2022-08-29 07:28:07 +02:00
781c69e04c
Fix FP
2022-08-24 01:17:53 +01:00
88295a305c
Rule Dev
2022-08-24 01:05:40 +01:00
ed907f36d1
Update ID
2022-08-18 18:57:14 +01:00
0e40cee045
Update rules
2022-08-18 18:22:28 +01:00
af765e6055
Update image_load_side_load_third_party_location.yml
2022-08-17 20:33:44 +01:00
52f26a14a2
Rule Update
2022-08-17 20:27:55 +01:00
bc2188c72b
Merge pull request #3375 from nasbench/nasbench-rule-devel
...
Rule Dev [New Rules+Updates]
2022-08-16 16:46:27 +02:00
a0f8e508b5
Update image_load_side_load_from_non_system_location.yml
2022-08-15 12:49:46 +01:00
1bb24879fe
Update image_load_side_load_from_non_system_location.yml
2022-08-15 00:42:46 +01:00
2879329818
Update image_load_side_load_from_non_system_location.yml
2022-08-15 00:34:58 +01:00
8869bc6cff
New rules
2022-08-15 00:22:16 +01:00
6798d69d00
Update
2022-08-15 00:22:08 +01:00
3426dfb6e9
Update backslash
2022-08-13 09:59:31 +02:00
342ec1c9cc
fix: FP with wrongly matching folders
2022-08-10 11:23:42 +02:00
7ff91656ed
fix: remove duplicate filter
2022-08-09 10:56:58 +02:00
a90ba27a1c
fix: do not use wildcard, where not needed
2022-08-09 10:55:05 +02:00
ef1f2b13ec
fix: use wildcard * instead of plaintext *
...
the changed files seem like they used an esacped * by mistake
2022-08-08 17:54:46 +02:00
d46d89e403
Merge pull request #3315 from nasbench/nasbench-rule-devel
...
New Rules + Update
2022-08-04 13:34:26 +02:00
30a43d5110
Update image_load_susp_dll_load_system_process.yml
2022-08-02 21:23:15 +01:00
d99c92b726
Update image_load_susp_dll_load_system_process.yml
2022-08-02 21:18:07 +01:00
d7d8a8fbc0
Fix typo
2022-08-02 21:06:52 +01:00
37b97c4e66
New Rules
2022-08-02 21:05:07 +01:00
5ca7846450
Renamed rule
2022-08-02 21:04:18 +01:00
845b5c1b5d
Update
2022-08-02 21:04:03 +01:00
8174ca9108
Removing list with only value to pass test
2022-08-02 22:34:45 +05:45
1c0c9bfbe3
Added the missing backslash
2022-08-02 22:26:32 +05:45
249e20b741
Added image_load rule
2022-08-02 22:25:06 +05:45
bbf07649b1
MS Update FP
2022-07-27 08:09:11 +02:00
da1ad54a41
refactor: vulnerable driver loads
2022-07-26 14:56:28 +02:00
524ea4bfeb
Fix typo
2022-07-25 11:12:00 +01:00
e1afd68f40
docs: wording
2022-07-25 10:22:36 +02:00
2cbdd50927
rule: vulnerable gigabyte driver load
2022-07-25 10:08:05 +02:00
fd30a06112
Merge pull request #3240 from nasbench/uac-bypass-image-load
...
Iscsicpl UAC Bypass + Generic Rule
2022-07-19 16:38:34 +02:00
44b424e3cf
refactor: WSMAN Provider Image Loads & empty cmdline
2022-07-18 13:55:14 +02:00
d32816f7a2
Iscsicpl UAC Bypass + Generic Rule
2022-07-18 11:50:55 +01:00
238e0ecd7d
Update Ref+Selection
2022-07-11 14:11:53 +01:00
c2c25acbb6
docs: rules adjusted
2022-06-21 17:21:55 +02:00
f728893364
refactor: rule level adjustments - critical to high
2022-06-18 17:43:22 +02:00
fda9c753e2
Update image_load_msdt_sdiageng.yml
2022-06-17 18:46:14 +02:00
725cadc902
Update image_load_msdt_sdiageng.yml
2022-06-17 08:49:17 +02:00
764dbc4e3c
Fix: Sigma title error
2022-06-17 14:40:01 +08:00
e4ab54d60f
Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll
2022-06-17 09:41:08 +08:00
7444869de3
Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll
2022-06-17 09:29:20 +08:00
21edcafa36
Rule: Follina or DogWalk exploit sdiageng.dll
2022-06-17 09:21:57 +08:00
97856b562a
Add "\" to "Image|endswith" modifier
...
- Added the "\\" (backslash) for the "(Parent)Image|endswith" modifiers to avoid possible confusion.
- The modification were mostly done on default windows binaries to avoid changing logic of other rules.
2022-06-02 13:39:07 +01:00
465886d6e3
fix: FP found in testing
2022-05-27 15:16:30 +02:00
Nasreddine Bencherchali