security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
7,533 Commits 1 Branch 57 Tags
bc246ff59da2d587fa501ea2176960d3200858bc
Commit Graph

6 Commits

Author SHA1 Message Date
frack113 f040725dd8 fix EventID: 4104 ScriptBlockText 2021-08-04 14:49:50 +02:00
aw350m3 399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3 ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
Thomas Patzke 7eb499ad85 Added rule id 2020-07-07 22:54:55 +02:00
Thomas Patzke 360b5714a8 Splitted and improved new rule 2020-07-07 22:47:14 +02:00
4A616D6573 fdbdca003b Create win_powershell_web_request.yml 
Broader rule for detecting web requests via various methods using Windows PowerShell, slightly crosses over the below rules but caters for different methods:

https://github.com/Neo23x0/sigma/blob/99b15edf8add183543ca5738ec93f87416c34bd9/rules/windows/process_creation/win_powershell_download.yml
https://github.com/Neo23x0/sigma/blob/0fa914139ca85966b49f0a8eda40a3f26608e86b/rules/windows/powershell/powershell_suspicious_download.yml
 2019-10-24 11:57:37 +11:00