security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,344 Commits 1 Branch 57 Tags
e5cd850640355a32f4cfeaac0355b32477b80098
Commit Graph

3 Commits

Author SHA1 Message Date
Florian Roth 39900bb7c5 refactor: re-add exec seldction 2021-05-27 19:24:20 +02:00
Jeff Beley f675ac36b1 Modified win_susp_rclone_exec.yml to detect renamed rclone executables and rclone executed from inside of other programs (BEACON) 2021-05-27 15:03:52 +00:00
Florian Roth c0b93a010c NCCGroup rules from rclone blog post 
https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/
 2021-05-27 12:49:40 +02:00