2ac3f5c797
fix: condition
2023-01-30 19:13:11 +05:00
6d377cfb66
Merge pull request #3970 from frack113/issue_3968
...
proc_creation_win_copy_browser_data fix FP
2023-01-30 10:57:56 +01:00
92a23276cf
Merge pull request #3972 from frack113/hijacklibs
...
feat: add additional new dlls for abuse from hijacklibs
2023-01-30 10:49:11 +01:00
0e589eeb08
Merge pull request #3976 from qasimqlf/patch-20
...
fix: Rename registry_set_persistance_xll to registry_set_persistence_
2023-01-30 10:47:11 +01:00
cb1ea104b6
fix: remove unnecessary space
2023-01-30 10:42:48 +01:00
8bcedc7c52
fix: update title and description
2023-01-30 10:41:27 +01:00
4938f9b44c
Rename registry_set_persistance_xll.yml to registry_set_persistence_xll.yml
...
Updated persistance to persistence
2023-01-30 14:33:49 +05:00
a39896f66a
fix: condition
2023-01-30 14:27:59 +05:00
072d6bda9b
Add more dll
2023-01-29 16:50:06 +01:00
bd5e1da89c
Fix FP move
2023-01-29 09:42:48 +01:00
18e9704e2c
Merge pull request #3964 from YamatoSecurity/master
...
update pw spraying via explicit creds rules
2023-01-28 07:59:00 +01:00
6928cdf702
Update win_security_susp_failed_logons_explicit_credentials.yml
2023-01-28 07:53:37 +01:00
1948b1cb6d
Merge pull request #3965 from frack113/pormotion_status
...
change status to test
2023-01-27 17:56:12 +01:00
dabf286c17
Merge pull request #3966 from frack113/PendingFileRenameOperations
...
Add registry_set_susp_pendingfilerenameoperations
2023-01-27 17:55:51 +01:00
7ea3db18f7
Fix test errors
2023-01-27 15:09:43 +01:00
35dabc529c
fix: update metadata
2023-01-27 13:55:19 +01:00
5087b95155
Merge remote-tracking branch 'upstream/master' into pormotion_status
2023-01-27 11:29:27 +01:00
2ba6c3c3f5
Merge pull request #3961 from tropChaud/patch-4
...
Create proc_creation_win_rhadamanthys_dll_launch.yml
2023-01-27 11:23:21 +01:00
0f9ce8de60
Update registry_set_susp_pendingfilerenameoperations.yml
2023-01-27 11:09:45 +01:00
c9d29d5bdd
fix: typo in the description
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-01-27 10:53:59 +01:00
af9b78971e
Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel
2023-01-27 10:50:37 +01:00
0b5a4fd7c9
fix: add missing modified date
2023-01-27 10:50:04 +01:00
40dffb5c92
Add registry_set_susp_pendingfilerenameoperations
2023-01-27 10:49:58 +01:00
432916d3c8
fix: update description
...
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-01-27 10:48:54 +01:00
1033b3f404
change status to test
2023-01-27 06:48:34 +01:00
3a4d447d1e
update pw spraying via explicit creds rules
2023-01-27 10:51:43 +09:00
3536580054
fix: rule filename
2023-01-27 01:15:05 +01:00
6325e75d42
fix: apply suggestions from code review
2023-01-27 00:51:17 +01:00
85c5f21818
feat: more updates, renames and fixes
2023-01-27 00:30:16 +01:00
6a954b6d08
Create proc_creation_win_rhadamanthys_dll_launch.yml
2023-01-26 17:26:18 -05:00
58912f5eda
Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel
2023-01-26 23:01:51 +01:00
242814f3e9
Merge branch 'SigmaHQ:master' into nasbench-rule-devel
2023-01-26 23:01:17 +01:00
c538550b03
feat: updates and fixes
2023-01-26 22:42:56 +01:00
cb67871bd2
Revert "Change status of old rules"
2023-01-26 19:37:18 +01:00
3c846a1c51
Merge branch 'SigmaHQ:master' into nasbench-rule-devel
2023-01-26 17:35:55 +01:00
5323fd4baa
Change status of old rules
2023-01-25 18:41:18 +01:00
725c5ba420
fix: fp found in testing
2023-01-25 16:54:11 +01:00
32c89da010
fix: FPs in testing environment
2023-01-25 16:23:10 +01:00
f7b159350d
Merge pull request #3954 from nasbench/nasbench-rule-devel
...
feat: updates and enhancements
2023-01-25 13:21:44 +01:00
d2575eff64
fix: fp with lsass access rule
...
- Add new filters
- Reorder and rename some filter for clarity
2023-01-25 13:08:20 +01:00
690af599ba
fix: fp with invoke patchingapi rule
2023-01-25 12:54:29 +01:00
10707f307a
Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel
2023-01-24 17:00:04 +01:00
2a53a0b8c8
fix: fp in system file names
2023-01-24 16:59:39 +01:00
9e2c01521a
fix: broken condition
2023-01-24 16:54:15 +01:00
9a03e4e13d
fix: fp found in testing
2023-01-24 16:51:37 +01:00
d7bf5383a4
feat: update wsl related rules and other
2023-01-24 16:50:53 +01:00
a41a374901
fix: FPs found in testing environment
2023-01-24 10:30:43 +01:00
0312c481d9
Change rules using all of required-lists to |all
...
When a Sigma rule writer wants to create a list of values where all of
them must be matched for the rule to trigger, the approach used
previously was to have an `all of` condition for a single selector.
However, this has now changed, and the new approach is to use an empty
key and the |all modifier (i.e., `'|all'`).
This commit (tries to) identify all the rules that used the old
approach and modifies them to use the new approach instead.
See SigmaHQ/sigma-specification#53 for further discussion.
2023-01-23 14:37:25 +00:00
fb1dcc1340
Merge pull request #3950 from nasbench/nasbench-rule-devel
...
feat: updates and new rules
2023-01-23 14:03:43 +01:00
e3f7feeb65
fix: update description
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-01-23 13:38:23 +01:00
Qasim Qlf