blue-team-tools

security-tools/blue-team-tools

Fork 0

Commit Graph

Author	SHA1	Message	Date
Nasreddine Bencherchali	4cd51a3dd5	Merge PR #4937 from @nasbench - Multiple updates and fixes fix: Bad Opsec Defaults Sacrificial Processes With Improper Arguments - Exclude additional edge cases fix: Relevant Anti-Virus Signature Keywords In Application Log - Exclude common keywords found in legitimate programs fix: Suspicious Child Process Of Wermgr.EXE - Add new exclusions fix: Uncommon Sigverif.EXE Child Process - Exclude werfault.exe fix: Wusa.EXE Executed By Parent Process Located In Suspicious Location - Exclude ".msu" files fix: Xwizard.EXE Execution From Non-Default Location - Exclude "WinSxS" update: Cab File Extraction Via Wusa.EXE - Move to TH folder update: COM Object Execution via Xwizard.EXE - Update logic update: Potential DLL Injection Via AccCheckConsole - Enhance coverage and logic update: Potential DLL Sideloading Activity Via ExtExport.EXE - Metadata and logic update update: Potentially Suspicious EventLog Recon Activity Using Log Query Utilities - Increase coverage update: Process Memory Dump via RdrLeakDiag.EXE - Enhance coverage	2024-08-29 14:43:32 +02:00

Author

SHA1

Message

Date

Nasreddine Bencherchali

4cd51a3dd5

Merge PR #4937 from @nasbench - Multiple updates and fixes

fix: Bad Opsec Defaults Sacrificial Processes With Improper Arguments - Exclude additional edge cases
fix: Relevant Anti-Virus Signature Keywords In Application Log - Exclude common keywords found in legitimate programs
fix: Suspicious Child Process Of Wermgr.EXE - Add new exclusions
fix: Uncommon Sigverif.EXE Child Process - Exclude werfault.exe
fix: Wusa.EXE Executed By Parent Process Located In Suspicious Location - Exclude ".msu" files
fix: Xwizard.EXE Execution From Non-Default Location - Exclude "WinSxS"
update: Cab File Extraction Via Wusa.EXE - Move to TH folder
update: COM Object Execution via Xwizard.EXE - Update logic
update: Potential DLL Injection Via AccCheckConsole - Enhance coverage and logic
update: Potential DLL Sideloading Activity Via ExtExport.EXE - Metadata and logic update
update: Potentially Suspicious EventLog Recon Activity Using Log Query Utilities - Increase coverage
update: Process Memory Dump via RdrLeakDiag.EXE - Enhance coverage

2024-08-29 14:43:32 +02:00

1 Commits