 frack113
|
cb95582077
|
Update PowerShell rule
|
2021-08-21 09:08:38 +02:00 |
|
|
frack113
|
44254038d3
|
fix human error : test-sigmac Error 4
|
2021-07-21 10:01:46 +02:00 |
|
|
frack113
|
b9b0ef2066
|
convert keywords to correct field name Payload
|
2021-07-21 09:44:26 +02:00 |
|
|
Florian Roth
|
85582c540e
|
docs: changed modification date
|
2021-04-23 14:55:04 +02:00 |
|
|
Florian Roth
|
ce03ca9485
|
fix: Jitter keyword prone to FPs
|
2021-04-23 14:54:32 +02:00 |
|
|
jaegeral
|
e1f43f17c2
|
fixed various spelling errors all over rules and source code
|
2021-02-24 14:43:13 +00:00 |
|
|
Florian Roth
|
aaeb72a2b6
|
fix: FPs
|
2021-02-01 11:47:23 +01:00 |
|
|
Florian Roth
|
540039cbc3
|
fix: Malicious Nishang PowerShell Commandlets FP with MDATP
|
2020-12-05 09:33:42 +01:00 |
|
|
Florian Roth
|
ee789a309c
|
fix: FP with expression
|
2020-10-20 13:11:10 +02:00 |
|
|
aw350m3
|
eb6b9be5a2
|
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
|
2020-08-25 23:51:22 +00:00 |
|
|
aw350m3
|
399f378269
|
att&ck tags review: windows/powershell, windows/process_access, windows/network_connection
|
2020-08-24 23:31:26 +00:00 |
|
|
aw350m3
|
ba2e891433
|
windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future.
|
2020-08-24 00:01:50 +00:00 |
|
|
Ivan Kirillov
|
0fbfcc6ba9
|
Initial round of subtechnique updates
|
2020-06-16 14:46:08 -06:00 |
|
|
Florian Roth
|
a4c210ed16
|
rule: remove keywords in powershell rule prone to FPs
|
2020-02-11 16:26:17 +01:00 |
|
|
Florian Roth
|
7a222920df
|
added 'date'
|
2020-01-31 15:27:30 +01:00 |
|
|
Florian Roth
|
913c839780
|
added 'id'
|
2020-01-31 15:26:43 +01:00 |
|
|
Alec Costello
|
886de39814
|
Small edits
Got trigger happy, first time doing this, please dont cruicify me.
|
2019-05-17 17:40:32 +03:00 |
|
|
Alec Costello
|
d90c0ea990
|
Create powershell_nishang_malicious_commandlets.yml
|
2019-05-16 17:51:45 +03:00 |
|