security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
7,749 Commits 1 Branch 57 Tags
f00aaf8461f97abec19f81aa4fc0edaa76ff6cf1
Commit Graph

11 Commits

Author SHA1 Message Date
frack113 68237dffc4 fix HostApplication 2021-08-28 08:18:47 +02:00
frack113 2dbf9af27d add definition to powershell-classic 2021-08-16 12:56:24 +02:00
aw350m3 eb6b9be5a2 added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes 2020-08-25 23:51:22 +00:00
aw350m3 399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3 ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
Harish SEGAR 649e4eaa63 Added new rule for pwsh_xor_cmd 2020-06-29 22:09:58 +02:00
Thomas Patzke 96eb460944 Converted Sysmon/1 and Security/4688 to generic process creation rules 2019-01-16 23:36:31 +01:00
Roberto Rodriguez 328762ed67 Update powershell_xor_commandline.yml 
Ducplicate names again for https://github.com/Neo23x0/sigma/search?q=Suspicious+Encoded+PowerShell+Command+Line&unscoped_q=Suspicious+Encoded+PowerShell+Command+Line . This brakes elastalert integration since each rule needs to have its own unique name.
 2018-12-05 05:51:41 +03:00
Sherif Eldeeb 23eddafb39 Replace "logsource: description" with "definition" to match the specs 2018-11-15 09:00:06 +03:00
Thomas Patzke ff98991c80 Fixed rule 2018-10-18 16:20:51 +02:00
Lurkkeli 30fc4bd030 powershell xor commandline 
New rule to detect -bxor usage in a powershell commandline.
 2018-09-05 09:21:15 +02:00