 Nasreddine Bencherchali
|
bb51bb4bd4
|
Fix #3407
|
2022-08-22 11:14:08 +01:00 |
|
|
Florian Roth
|
00383708ce
|
Merge pull request #3412 from aaronherman/add-dumpert-hacktools-implashes
add Dumpert and other Imphashes to Windows Hacktools rule
|
2022-08-21 11:00:51 +02:00 |
|
|
Florian Roth
|
a4656f9cb7
|
Merge pull request #3408 from frack113/redcannary_20220820
Redcannary 20220820
|
2022-08-21 09:30:13 +02:00 |
|
|
Florian Roth
|
f0bdb36b18
|
add more imphashes from Sysmon config
|
2022-08-21 09:17:23 +02:00 |
|
|
Florian Roth
|
c99d94766e
|
revert: remove dumpert rule
|
2022-08-21 09:08:19 +02:00 |
|
|
Florian Roth
|
79cd099ff0
|
Merge pull request #3404 from frack113/hotfix
update 20220820
|
2022-08-21 09:04:28 +02:00 |
|
|
frack113
|
42d49d7275
|
Update registry_set_add_hidden_user.yml
|
2022-08-21 08:28:16 +02:00 |
|
|
frack113
|
57e131fe4e
|
Update registry_set_add_hidden_user.yml
|
2022-08-21 07:39:17 +02:00 |
|
|
frack113
|
247edbf967
|
Update dns_query_win_susp_ldap.yml
|
2022-08-21 07:37:56 +02:00 |
|
|
AaronHerman
|
2a22cb76d7
|
remove dumpert rule, add to Windows Hacktools Impash
|
2022-08-20 20:23:15 -05:00 |
|
|
frack113
|
6a7b3e56f3
|
Fix FP
|
2022-08-20 17:19:24 +02:00 |
|
|
frack113
|
9f89d4c8c7
|
Redcannary 20220820
|
2022-08-20 17:12:31 +02:00 |
|
|
Florian Roth
|
268b0a8038
|
Merge pull request #3402 from nasbench/lolbin-update
LOLBIN Updates
|
2022-08-20 13:25:24 +02:00 |
|
|
frack113
|
df8df38414
|
Add proc_creation_win_susp_pester_parent
|
2022-08-20 12:18:49 +02:00 |
|
|
frack113
|
8333671025
|
Fix test error
|
2022-08-20 12:07:01 +02:00 |
|
|
frack113
|
bda5a032c8
|
update 20220820
|
2022-08-20 11:56:18 +02:00 |
|
|
Florian Roth
|
1443adc730
|
Update proc_creation_win_lolbin_customshellhost.yml
|
2022-08-20 10:27:40 +02:00 |
|
|
Florian Roth
|
a82c533d30
|
Merge pull request #3395 from nasbench/nasbench-rule-devel
Update + New Rules
|
2022-08-20 09:46:40 +02:00 |
|
|
Florian Roth
|
5c27980bc6
|
Merge pull request #3403 from SigmaHQ/rule-devel
rule: SharpUp, HandleKatz
|
2022-08-20 09:29:55 +02:00 |
|
|
Florian Roth
|
8648919169
|
change casing to include both casings
|
2022-08-20 09:28:47 +02:00 |
|
|
Florian Roth
|
65cdc9d04d
|
Update proc_creation_win_lolbin_customshellhost.yml
|
2022-08-20 09:22:05 +02:00 |
|
|
Florian Roth
|
34b4249690
|
Merge pull request #3401 from frack113/redcannary_20220819
Redcannary test
|
2022-08-20 09:12:41 +02:00 |
|
|
Florian Roth
|
872a6525dd
|
fix: list with 1 entry
|
2022-08-20 09:01:51 +02:00 |
|
|
frack113
|
0c13d5ee59
|
Merge pull request #3396 from redsand/fp_admanager_again_oof1
FP: another false positive on using cmd exec to query service stats..…
|
2022-08-20 08:36:58 +02:00 |
|
|
frack113
|
93da19a708
|
Merge pull request #3390 from Tomasuh/proxy-dev
Rule for Advanced IP/Port Scanner update check
|
2022-08-20 08:35:52 +02:00 |
|
|
Florian Roth
|
e546862635
|
rule: sharpup
|
2022-08-20 00:49:39 +02:00 |
|
|
Nasreddine Bencherchali
|
544e06ee33
|
Update proc_creation_win_proc_dump_createdump.yml
|
2022-08-19 23:09:40 +01:00 |
|
|
Nasreddine Bencherchali
|
0dc4704f05
|
LOLBIN Updates
|
2022-08-19 23:05:46 +01:00 |
|
|
frack113
|
3dcb4c195b
|
Add t1484.001
|
2022-08-19 19:12:40 +02:00 |
|
|
frack113
|
f88d2befa7
|
Update ref
|
2022-08-19 17:20:34 +02:00 |
|
|
frack113
|
0938659f94
|
Redcannary test
|
2022-08-19 14:06:08 +02:00 |
|
|
Nasreddine Bencherchali
|
b45316cf8b
|
Update driver_load_vuln_drivers.yml
|
2022-08-19 09:29:20 +01:00 |
|
|
Florian Roth
|
207b6a3ae6
|
Update proxy_adv_ip_port_scanner_upd_check.yml
|
2022-08-19 09:10:32 +02:00 |
|
|
Florian Roth
|
60b7c0a407
|
Update proc_creation_win_webshell_spawn.yml
|
2022-08-19 09:08:31 +02:00 |
|
|
Ali Saad Jaffer(ali42201)
|
f62f2bb902
|
fix case on author for consistency
|
2022-08-18 17:48:44 -04:00 |
|
|
Nasreddine Bencherchali
|
ed907f36d1
|
Update ID
|
2022-08-18 18:57:14 +01:00 |
|
|
Nasreddine Bencherchali
|
0e40cee045
|
Update rules
|
2022-08-18 18:22:28 +01:00 |
|
|
frack113
|
66c61877ed
|
Merge pull request #3398 from redsand/fp_missellings_again
Fixing spelling mistake. same as found the other day
|
2022-08-18 18:51:04 +02:00 |
|
|
frack113
|
1675f50eb8
|
Merge pull request #3394 from danielgottt/patch-5
Create web_cve_2022_27925_exploit.yml
|
2022-08-18 18:45:35 +02:00 |
|
|
frack113
|
4316d9c500
|
Update condition
|
2022-08-18 18:38:14 +02:00 |
|
|
frack113
|
991560a746
|
Merge pull request #3392 from ionsor/patch-5
Create net_connection_win_dead_drop_resolvers.yml
|
2022-08-18 18:29:45 +02:00 |
|
|
Gott
|
a9f22696d8
|
Update web_cve_2022_27925_exploit.yml
consolidated selection logic and stripped "cs-cookie: 'ZM_AUTH_TOKEN'", as it is most likely not logged
|
2022-08-18 12:27:58 -04:00 |
|
|
frack113
|
d94a538347
|
Merge pull request #3384 from sorchaa/patch-1
Create win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-18 18:24:15 +02:00 |
|
|
frack113
|
1cb8e91487
|
Update win_susp_vuln_cve_2022_21919_or_cve_2021_34484.yml
|
2022-08-18 18:17:30 +02:00 |
|
|
Tim Shelton
|
9ddf0ce735
|
spelling mistake
|
2022-08-18 15:51:43 +00:00 |
|
|
Tim Shelton
|
65db776a9b
|
Fixing spelling mistake. same as found the other day
|
2022-08-18 15:49:23 +00:00 |
|
|
Nasreddine Bencherchali
|
234484c399
|
Add rules
|
2022-08-18 15:30:17 +01:00 |
|
|
Nasreddine Bencherchali
|
faa3f6b636
|
Create driver_load_vuln_drivers.yml
|
2022-08-18 13:45:25 +01:00 |
|
|
Gott
|
c1dc90f9ed
|
Update web_cve_2022_27925_exploit.yml
Added additional logic looking for a call to an uploaded webshell, with a 200 response
|
2022-08-18 07:30:23 -04:00 |
|
|
Gott
|
224e30c3f4
|
Update web_cve_2022_27925_exploit.yml
corrected issues surrounding the sigma checks and added an additional reference
|
2022-08-18 07:25:29 -04:00 |
|