a0bad54dbd
Merge pull request #592 from 2d4d/fix_web_citrix_cve_2019_19781_exploit.yml
...
add newbm.pl
2020-01-13 14:48:38 +01:00
7216fe400f
Merge branch 'ala-rule'
2020-01-13 13:49:53 +01:00
d95a2606f0
Merge branch 'socprime-master' into ala-rule
2020-01-13 13:48:19 +01:00
638d461b16
Added ala-rule backend to CI testing
2020-01-13 13:47:11 +01:00
7b62b931ce
Moved ala-rule backend code into ala backend module
2020-01-13 11:24:46 +01:00
e89b4b1c1f
Merge pull request #595 from sbousseaden/patch-1
...
Update win_lm_namedpipe.yml
2020-01-13 11:21:24 +01:00
de690cbfbf
Merge branch 'master' of https://github.com/socprime/sigma into socprime-master
2020-01-13 11:19:39 +01:00
b60671397d
Update win_lm_namedpipe.yml
2020-01-13 10:50:35 +01:00
53d76a69c1
Merge pull request #593 from neu5ron/updates_to_sigma_master
...
HELK SIGMAC fix name of network_initiated
2020-01-13 09:51:13 +01:00
d8b703462d
fix name of network_initiated
2020-01-13 00:12:04 -05:00
364e859a6b
add newbm.pl
2020-01-12 00:29:10 +01:00
a29c832b6a
rule: updated netscaler rule
2020-01-07 14:42:16 +01:00
c9a75a8371
fix: shortened path in Citrix Netscaler rule
2020-01-07 13:00:28 +01:00
b03a43ca1b
Merge pull request #589 from 2d4d/add_cve_2019-19781
...
add rule for Citrix Netscaler CVE-2019-19781
2020-01-06 14:15:46 +01:00
35fbdd1248
add rule for Citrix Netscaler CVE-2019-19781
2020-01-03 01:48:29 +01:00
b98e57603e
add rule for Citrix Netscaler CVE-2019-19781
2020-01-03 00:34:52 +01:00
ed5c77e1be
Merge pull request #587 from refractionPOINT/internal-name
...
Adding LimaCharlie support for OriginalFileName field.
2019-12-31 08:32:51 +01:00
a3ad7cb1c5
Fixed actual event tag
2019-12-30 18:15:12 -08:00
9b32086d92
Mapping OriginalFileName to event/INTERNAL_NAME now that it's available.
2019-12-30 15:58:18 -08:00
92bc96a308
Update ala-rule.py
2019-12-30 16:26:30 +02:00
f015c97dff
Update ala-rule.py
2019-12-30 16:13:27 +02:00
d42409372c
Azure Sentinel backend (ala) - Fixed path in query
...
Added new backend Azure Sentinel Rule (ala-rule)
2019-12-30 16:09:19 +02:00
c007ecf90c
Merge pull request #585 from Neo23x0/devel
...
Devel
2019-12-30 15:08:43 +01:00
9c18f20e7b
Merge pull request #3 from Neo23x0/master
...
latest sigmac
2019-12-30 16:02:46 +02:00
5980cb8d0c
rule: copy from admin share - lateral movement
2019-12-30 14:25:43 +01:00
86e6b92903
rule: SecurityXploded tool
2019-12-30 14:25:29 +01:00
5ad793e04a
Merge pull request #582 from tvjust/patch-1
...
Added new sticky key attack binary
2019-12-30 14:14:20 +01:00
948af2993b
Merge pull request #583 from msec1203/msec1203-submit-rule1
...
MS Office Doc Load WMI DLL Rule
2019-12-30 14:13:58 +01:00
dbdf6680e0
Update win_susp_winword_wmidll_load.yml
...
Update x2
2019-12-30 18:49:39 +09:00
a45f877712
Update win_susp_winword_wmidll_load.yml
...
Fix to error on incorrect mitre tags used.
2019-12-30 18:41:16 +09:00
e043bc2193
Merge pull request #584 from GelosSnake/master
...
FP in win_system_exe_anomaly.yml
2019-12-29 18:52:43 +01:00
f574c20432
Update win_system_exe_anomaly.yml
...
fixing to much original fork.
2019-12-29 18:02:49 +02:00
7e7f6d1182
Update win_system_exe_anomaly.yml
...
Following sigma event I've noticed my twitter account was referenced:
https://twitter.com/GelosSnake/status/934900723426439170
Rule:
https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_system_exe_anomaly.yml
Seems like - '\SystemRoot\System32\\*' is missing and hence triggering an FP.
2019-12-29 18:01:19 +02:00
845d67f1f3
Initial Upload
...
Submit Sigma Rule For Detecting Word Loading WMI DLL's.
2019-12-29 23:14:29 +09:00
a1f07cdb4b
Added new sticky key attack binary
2019-12-29 08:32:23 -05:00
042c58dfc1
Merge pull request #581 from david-burkett/master
...
Trickbot behavioral recon activity / svchost spawned without CLI
2019-12-28 18:11:34 +01:00
4a65a25070
svchost spawned without cli
2019-12-28 10:28:08 -05:00
5e59bbb3c3
Added MITRE ATT&CK Technique T1482
...
https://attack.mitre.org/techniques/T1482/
2019-12-28 16:02:26 +01:00
35b4806104
corrected logic
2019-12-28 09:55:39 -05:00
474a8617e5
Trickbot behavioral recon activity
2019-12-27 21:25:53 -05:00
62bd2cc3ab
Merge pull request #572 from alessiodallapiazza/master
...
Add the ability to detect PowerUp - Invoke-AllChecks
2019-12-23 12:57:55 +01:00
0ff81cc693
Merge pull request #1 from alessiodallapiazza/alessiodallapiazza-patch-1
...
Add the ability to detect PowerUp - Invoke-AllChecks
2019-12-23 11:51:34 +01:00
f45587074b
Add the ability to detect PowerUp - Invoke-AllChecks
...
PowerUp allow attackers to check if is possible to have a local privilege escalation attacks against Windows systems. The main function is called "Invoke-AllChecks" and check possible path of escalation.
2019-12-23 11:50:57 +01:00
04afcccd2c
Merge pull request #571 from Neo23x0/devel
...
rule: whoami as local system
2019-12-22 19:23:50 +01:00
fc8607bbea
rule: whoami as local system
2019-12-22 18:50:26 +01:00
a7ca386a1b
Merge pull request #570 from Neo23x0/devel
...
CreateMiniDump
2019-12-22 08:40:45 +01:00
fb76f2b9ac
rule: CreateMiniDump
2019-12-22 08:29:12 +01:00
511229c0b6
rule: modified Bloodhound rule
2019-12-21 21:22:13 +01:00
530ac854df
Added sigma2attack to CI testing
2019-12-20 22:53:22 +01:00
781f53332b
Merge pull request #566 from christophetd/sigma2attack
...
Add sigma2attack
2019-12-20 21:57:02 +01:00
Florian Roth