 Nasreddine Bencherchali
|
f42eb77f29
|
fix: rule logic
|
2023-01-25 12:03:11 +01:00 |
|
|
Nasreddine Bencherchali
|
d47215d469
|
fix: single element selection
|
2023-01-25 01:35:47 +01:00 |
|
|
Nasreddine Bencherchali
|
7d2b70cb91
|
feat: add bpf related rules
|
2023-01-25 01:14:49 +01:00 |
|
|
Nasreddine Bencherchali
|
10707f307a
|
Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel
|
2023-01-24 17:00:04 +01:00 |
|
|
Nasreddine Bencherchali
|
2a53a0b8c8
|
fix: fp in system file names
|
2023-01-24 16:59:39 +01:00 |
|
|
Nasreddine Bencherchali
|
9e2c01521a
|
fix: broken condition
|
2023-01-24 16:54:15 +01:00 |
|
|
Nasreddine Bencherchali
|
9a03e4e13d
|
fix: fp found in testing
|
2023-01-24 16:51:37 +01:00 |
|
|
Nasreddine Bencherchali
|
d7bf5383a4
|
feat: update wsl related rules and other
|
2023-01-24 16:50:53 +01:00 |
|
|
Nasreddine Bencherchali
|
fb1dcc1340
|
Merge pull request #3950 from nasbench/nasbench-rule-devel
feat: updates and new rules
|
2023-01-23 14:03:43 +01:00 |
|
|
Nasreddine Bencherchali
|
e3f7feeb65
|
fix: update description
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
|
2023-01-23 13:38:23 +01:00 |
|
|
phantinuss
|
628f616dbe
|
fix: sharpen regex to not match default windows rundll32 usage
|
2023-01-23 12:57:50 +01:00 |
|
|
phantinuss
|
231e87e316
|
fix: FP in testing environment
|
2023-01-23 12:05:28 +01:00 |
|
|
Nasreddine Bencherchali
|
58fbe4a100
|
feat: update wsl lolbin
|
2023-01-23 01:05:28 +01:00 |
|
|
Nasreddine Bencherchali
|
2f6161619b
|
fix: add missing filter
|
2023-01-22 23:45:22 +01:00 |
|
|
Nasreddine Bencherchali
|
47fa1dff54
|
fix: fp with iissetup
|
2023-01-22 23:41:56 +01:00 |
|
|
Nasreddine Bencherchali
|
f2cf68cf14
|
fix: broken condition
|
2023-01-22 23:32:14 +01:00 |
|
|
Nasreddine Bencherchali
|
1c2b6f40a6
|
feat: updates and new rules
|
2023-01-22 23:31:02 +01:00 |
|
|
frack113
|
f25ad0f1a3
|
Merge pull request #3949 from frack113/import_module_dll
Import module dll
|
2023-01-22 20:54:00 +01:00 |
|
|
Nasreddine Bencherchali
|
c9b230de6d
|
feat: update pwsh ad module rules
|
2023-01-22 20:07:42 +01:00 |
|
|
frack113
|
40592f463f
|
Add Microsoft.ActiveDirectory.Management.dll
|
2023-01-22 19:34:09 +01:00 |
|
|
frack113
|
fa593dc4c4
|
Merge pull request #3942 from faisalusuf/master
|
2023-01-22 18:49:55 +01:00 |
|
|
frack113
|
6d535e032f
|
Remove operation
|
2023-01-22 18:42:54 +01:00 |
|
|
frack113
|
c7537c5d2a
|
Add import_module dll
|
2023-01-22 17:39:28 +01:00 |
|
|
frack113
|
75c01db53b
|
Add import_module dll
|
2023-01-22 17:38:59 +01:00 |
|
|
Florian Roth
|
a11051447e
|
Merge pull request #3948 from SigmaHQ/rule-devel
doc: adding another reference
|
2023-01-22 11:18:59 +01:00 |
|
|
Florian Roth
|
e95f0d03b4
|
doc: adding another reference
|
2023-01-22 11:03:59 +01:00 |
|
|
Florian Roth
|
1820b04917
|
Merge pull request #3947 from SigmaHQ/rule-devel
docs: authors extended
|
2023-01-22 11:02:31 +01:00 |
|
|
Florian Roth
|
f2d633ad1a
|
docs: authors extended
|
2023-01-22 10:57:11 +01:00 |
|
|
Florian Roth
|
9739cb1c69
|
Merge pull request #3946 from SigmaHQ/rule-devel
rule: susp svchost sub process
|
2023-01-22 10:32:06 +01:00 |
|
|
frack113
|
2bd14e4953
|
Small update
- Change service to audit
- Add operation
|
2023-01-22 08:55:24 +01:00 |
|
|
Nasreddine Bencherchali
|
f1c9112413
|
fix: update filename
|
2023-01-22 01:04:27 +01:00 |
|
|
Nasreddine Bencherchali
|
a530e7ad36
|
fix: add more detail
|
2023-01-22 01:00:55 +01:00 |
|
|
Florian Roth
|
52a4985dce
|
rule: susp svchost sub process
|
2023-01-21 23:45:22 +01:00 |
|
|
Nasreddine Bencherchali
|
ecaf89dd91
|
fix: fp with powercat
|
2023-01-21 18:15:37 +01:00 |
|
|
frack113
|
63045048e3
|
Merge pull request #3910 from cyb3rjy0t/patch-3
ADS stored DLL execution using Rundll32
|
2023-01-21 13:24:22 +01:00 |
|
|
Nasreddine Bencherchali
|
585f3a2f36
|
fix: update regex
|
2023-01-21 13:02:11 +01:00 |
|
|
Nasreddine Bencherchali
|
72fe5040f9
|
Merge pull request #3944 from nasbench/nasbench-rule-devel
feat: new rules and fp fixes
|
2023-01-21 12:46:46 +01:00 |
|
|
frack113
|
4df3a09ce8
|
Merge pull request #3943 from SigmaHQ/rule-devel
Extended some rules with suspicious sub processes
|
2023-01-21 12:37:29 +01:00 |
|
|
Nasreddine Bencherchali
|
ae0fe8393e
|
fix: optimize pwsh reg logging tamper rule
|
2023-01-21 12:28:28 +01:00 |
|
|
Nasreddine Bencherchali
|
dfdc232f55
|
fix: optimize "Invoke-Sharp" coverage
|
2023-01-21 12:28:08 +01:00 |
|
|
Nasreddine Bencherchali
|
7bce67f940
|
fix: file extension
|
2023-01-21 11:52:13 +01:00 |
|
|
Nasreddine Bencherchali
|
928e77881f
|
feat: new rule related to psexec key file
|
2023-01-21 11:48:40 +01:00 |
|
|
Nasreddine Bencherchali
|
9ef8565556
|
fix: filename
|
2023-01-21 11:41:44 +01:00 |
|
|
Nasreddine Bencherchali
|
9f3537498c
|
fix: remove net
|
2023-01-21 11:28:27 +01:00 |
|
|
Nasreddine Bencherchali
|
2ad9d65f75
|
fix: filter and add missing modified
|
2023-01-21 11:26:13 +01:00 |
|
|
Nasreddine Bencherchali
|
933cd0df7d
|
fix: apply suggestions from code review
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
|
2023-01-21 11:23:17 +01:00 |
|
|
frack113
|
d16c756ee8
|
Merge pull request #3936 from nikitah4x/master
Add new rule to detect a new admin role assignment in Okta
|
2023-01-21 11:12:44 +01:00 |
|
|
Florian Roth
|
9aeb191999
|
Merge branch 'master' into rule-devel
|
2023-01-21 08:55:12 +01:00 |
|
|
Florian Roth
|
8c14f9cddb
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2023-01-21 08:55:06 +01:00 |
|
|
Florian Roth
|
18600eaef4
|
refactor: extended some exploitation rules - sub procs
https://twitter.com/skept1kal/status/1616647571904020481
|
2023-01-21 08:55:04 +01:00 |
|