 Karneades
|
18bbec4bcd
|
improve(rule): add Empire links and userland match
Add default task name and powershell task command to match what the rule name says: detects default config.
|
2019-08-09 11:58:43 +02:00 |
|
|
Michael Wade
|
f70549ec54
|
First Pass
|
2019-06-13 23:15:38 -05:00 |
|
|
Tareq AlKhatib
|
ecffe28933
|
Correct MITRE tag
|
2019-01-22 21:26:07 +03:00 |
|
|
megan201296
|
b0983047eb
|
Update sysmon_powersploit_schtasks.yml
|
2018-10-09 19:10:37 -05:00 |
|
|
Suleyman Ozarslan
|
8d9b12be07
|
ATT&CK tagging of Default PowerSploit Schtasks Persistence
|
2018-07-22 15:53:56 +03:00 |
|
|
yt0ng
|
c59d0c7dca
|
Added additional options
|
2018-06-23 15:54:31 +02:00 |
|
|
yt0ng
|
cc3fd9f5d0
|
Detects the creation of a schtask via PowerSploit Default Configuration
https://github.com/0xdeadbeefJERKY/PowerSploit/blob/8690399ef70d2cad10213575ac67e8fa90ddf7c3/Persistence/Persistence.psm1
|
2018-06-23 15:45:58 +02:00 |
|