 Anna Pauxberger
|
d0560d1a65
|
Merge pull request #1 from DataDog/add-datadog-backend
Add Datadog Backend
|
2022-01-03 20:19:28 +01:00 |
|
|
Florian Roth
|
bd55bcbee0
|
Merge pull request #2509 from blueteamer8699/feature/sysmon_gathernetworkinfo
windows lolbin 'gathernetworkinfo.vbs' detection
|
2022-01-03 13:53:03 +01:00 |
|
|
Florian Roth
|
872e68d07c
|
Update win_lolbin_cscript_gathernetworkinfo.yml
|
2022-01-03 13:07:32 +01:00 |
|
|
frack113
|
601aa50587
|
Merge pull request #2507 from frack113/redcannary_20220102
Windows Redcannary
|
2022-01-03 12:38:05 +01:00 |
|
|
blueteamer8699
|
27f2029d96
|
updated rule to include the relevant changes from running python3 tests
|
2022-01-03 17:58:30 +11:00 |
|
|
blueteamer8699
|
27eb156e8f
|
added a rule to detect use of windows lolbin 'gathernetworkinfo.vbs' for information gathering
|
2022-01-03 11:49:17 +11:00 |
|
|
Florian Roth
|
c446af1640
|
Merge pull request #2508 from frack113/aurora_2019
Windows 2019 FP
|
2022-01-02 20:35:48 +01:00 |
|
|
frack113
|
d74458a0e0
|
Windows 2019
|
2022-01-02 16:12:30 +01:00 |
|
|
Florian Roth
|
5f37a1e25f
|
Update win_pc_susp_powershell_encode.yml
|
2022-01-02 15:51:55 +01:00 |
|
|
Florian Roth
|
b2bdd66290
|
Merge pull request #2505 from frack113/redcannary_20220101
Windows redcannary
|
2022-01-02 15:46:51 +01:00 |
|
|
Florian Roth
|
d13af7b163
|
Update win_re_change_rdp_port.yml
|
2022-01-02 13:32:46 +01:00 |
|
|
Florian Roth
|
4adf1af606
|
Update win_pc_wmic_reconnaissance.yml
|
2022-01-02 13:32:04 +01:00 |
|
|
Florian Roth
|
2d6613d5e0
|
Merge pull request #2506 from frack113/aurora_fp
Update rule sysmon_raw_disk_access_using_illegitimate_tools.yml
|
2022-01-02 13:30:30 +01:00 |
|
|
frack113
|
757bf95ecb
|
fix detection
|
2022-01-02 11:45:33 +01:00 |
|
|
frack113
|
637ce004ae
|
fix tag
|
2022-01-02 10:50:40 +01:00 |
|
|
frack113
|
8b67ad069e
|
Windows Redcannary
|
2022-01-02 10:36:52 +01:00 |
|
|
frack113
|
b5e14ac48f
|
Update rule
|
2022-01-02 09:50:37 +01:00 |
|
|
frack113
|
e75e3dc1fb
|
fix CommandLine
|
2022-01-02 09:17:10 +01:00 |
|
|
frack113
|
7eebc4d054
|
Windows redcannary
|
2022-01-01 08:42:40 +01:00 |
|
|
frack113
|
2eda4d51d5
|
Merge pull request #2500 from frack113/redcannary_20211229
Windows Redcannary
|
2021-12-31 17:29:09 +01:00 |
|
|
Florian Roth
|
e141770b37
|
Update win_re_outlook_security.yml
|
2021-12-31 15:50:39 +01:00 |
|
|
Florian Roth
|
dc1cd5e6bf
|
Update win_re_chrome_extension.yml
|
2021-12-31 15:49:57 +01:00 |
|
|
Florian Roth
|
07036fd2a7
|
Update powershell_ps_office_comobject_registerxll.yml
|
2021-12-31 15:48:41 +01:00 |
|
|
Florian Roth
|
dde4d25b6b
|
Update powershell_ps_directoryservices_accountmanagement.yml
|
2021-12-31 15:48:15 +01:00 |
|
|
Florian Roth
|
cc0a3a4bca
|
Merge pull request #2504 from elhoim/add-rdp-setting
Added InitialProgram registry key for RDP/TS
|
2021-12-31 15:46:49 +01:00 |
|
|
David ANDRE
|
90f984d255
|
Added InitialProgram registry key for RDP/TS
|
2021-12-31 14:12:02 +01:00 |
|
|
Florian Roth
|
f5f613f371
|
Update README.md
|
2021-12-30 16:53:04 +01:00 |
|
|
frack113
|
b3e49358fa
|
Merge pull request #2503 from frack113/redcannary_20211230
Windows persistence
|
2021-12-30 14:22:00 +01:00 |
|
|
frack113
|
5d5b3e83b1
|
Windows persistence
|
2021-12-30 11:58:10 +01:00 |
|
|
frack113
|
058e7b9f9d
|
Merge pull request #2499 from redsand/allow_passwordstate_remote_rdp
Allows PasswordState to initiate rdp connections
|
2021-12-30 08:33:43 +01:00 |
|
|
frack113
|
03be527790
|
Merge pull request #2501 from redsand/hawk_add_spring
hawk backend: adding spring application to config
|
2021-12-29 22:25:39 +01:00 |
|
|
Tim Shelton
|
a4f601f53f
|
adding spring to config
|
2021-12-29 19:53:57 +00:00 |
|
|
frack113
|
6c5275253b
|
Set level to medium
|
2021-12-29 19:00:07 +01:00 |
|
|
frack113
|
d8f5d3cca3
|
Windows Redcannay
|
2021-12-29 17:47:43 +01:00 |
|
|
Tim Shelton
|
e596dab472
|
Allows PasswordState to initiate rdp connections, per feature "Passwordstate Remote Session Launcher" https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Launcher_Gateway_Install_Guide.pdf
|
2021-12-29 14:27:22 +00:00 |
|
|
Florian Roth
|
274edc0c4d
|
Merge pull request #2498 from redsand/filter_win_Defender
filter windows defender in list
|
2021-12-28 19:01:07 +01:00 |
|
|
Tim Shelton
|
30b328489b
|
filter windows defender in list
|
2021-12-28 17:08:56 +00:00 |
|
|
frack113
|
1a877a5ccd
|
Merge pull request #2495 from frack113/redcannary_20211227
Windows redcannary rules
|
2021-12-28 12:52:07 +01:00 |
|
|
frack113
|
1f1b0dc656
|
Merge pull request #2492 from frack113/redcannary_20211216
Windows Redcannary impact
|
2021-12-28 12:51:40 +01:00 |
|
|
Florian Roth
|
ee0f216929
|
Update win_pc_hashcat.yml
|
2021-12-28 12:09:59 +01:00 |
|
|
Florian Roth
|
345aab18cb
|
Update win_pc_susp_taskkill.yml
|
2021-12-28 12:05:20 +01:00 |
|
|
Florian Roth
|
6edd497bf6
|
Update win_pc_susp_taskkill.yml
|
2021-12-28 12:04:51 +01:00 |
|
|
Florian Roth
|
01021a585d
|
Update powershell_ps_susp_win32_shadowcopy.yml
|
2021-12-28 12:04:14 +01:00 |
|
|
Florian Roth
|
af3462f7e6
|
Update powershell_ps_susp_remove_adgroupmember.yml
|
2021-12-28 12:03:40 +01:00 |
|
|
Florian Roth
|
97600513bb
|
Update win_fe_susp_desktop_txt.yml
|
2021-12-28 12:03:11 +01:00 |
|
|
Florian Roth
|
30d5a59165
|
Merge pull request #2497 from SigmaHQ/rule-devel
rule: Suspicious Kernel Dump Using Dtrace
|
2021-12-28 10:54:55 +01:00 |
|
|
Florian Roth
|
992237c9aa
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2021-12-28 10:01:14 +01:00 |
|
|
Florian Roth
|
bfd8b62dfa
|
rule: kernel dump using dtrace
|
2021-12-28 10:01:11 +01:00 |
|
|
Florian Roth
|
45d746c024
|
Merge pull request #2496 from SigmaHQ/aurora-false-positive-fixing
fix: FPs noticed with Aurora
|
2021-12-27 21:14:36 +01:00 |
|
|
frack113
|
f79e8ab449
|
Merge pull request #2494 from frack113/aurora_fp
image_load_wsman_provider_image_load FP
|
2021-12-27 21:09:03 +01:00 |
|