security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,344 Commits 1 Branch 57 Tags
e5cd850640355a32f4cfeaac0355b32477b80098
Commit Graph

3 Commits

Author SHA1 Message Date
grikos 9df6608239 Remove asterisk from condition 
Change 
        ParentCommandLine:
            - 'setupapi.dll*InstallHinfSection'
to
        ParentCommandLine|contains|all:
            - 'setupapi.dll'
            - 'InstallHinfSection'

because some LM/SIEM systems don't process '*' as Splunk or Elasticsearch
 2020-10-07 14:54:13 +03:00
grikos 391af43708 Update description & references 2020-10-07 10:32:51 +03:00
grikos a5478950c7 Create win_susp_rundll32_setupapi_installhinfsection.yml 2020-10-07 00:34:00 +03:00