blue-team-tools

security-tools/blue-team-tools

Fork 0

Commit Graph

Author	SHA1	Message	Date
Karneades	42e6c9149b	Remove unneeded event code	2019-08-05 19:13:39 +02:00
Karneades	5caa951b8f	Add new rule for detecting MMC spawning a shell Add (analog to win_mshta_spawn_shell.yml) a dedicated rule for dedecting MMC spawning a shell. See https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_mshta_spawn_shell.yml. And it should cover the (removed) cmd part from the existing rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_mmc_source.yml.	2019-08-05 18:42:31 +02:00

Author

SHA1

Message

Date

Karneades

42e6c9149b

Remove unneeded event code

2019-08-05 19:13:39 +02:00

Karneades

5caa951b8f

Add new rule for detecting MMC spawning a shell

Add (analog to win_mshta_spawn_shell.yml) a dedicated rule for dedecting MMC spawning a shell. See https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_mshta_spawn_shell.yml. And it should cover the (removed) cmd part from the existing rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_mmc_source.yml.

2019-08-05 18:42:31 +02:00

2 Commits