security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
08883c8e3277667ccdba5ff1a2d6648520577bc1
blue-team-tools/rules/windows/process_creation
T
History
Florian Roth 08883c8e32 refactor: removed old rule that uses Message field 
Rules that use the "Message" field are prone to localisation issues and should be avoided whenever possible.

We can build what we call "keyword" rules in these cases and simply combine string values that are searched in the raw data as 1 of them or all of them. (see specs for details)
2021-08-12 09:27:50 +02:00
..
process_creation_automated_collection.yml
add process_creation_automated_collection.yml
2021-07-28 13:17:40 +02:00
process_creation_c3_load_by_rundll32.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
process_creation_clip.yml
add process_creation_clip.yml
2021-07-27 08:50:03 +02:00
process_creation_cobaltstrike_load_by_rundll32.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
process_creation_discover_private_keys.yml
fix files_with_incorrect_mitre_tags
2021-07-20 12:22:31 +02:00
process_creation_dotnet.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
process_creation_infdefaultinstall.yml
fix Error: [colons] too many spaces before colon
2021-07-13 10:09:52 +02:00
process_creation_msdeploy.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
process_creation_protocolhandler_suspicious_file.yml
Add process_creation_protocolhandler_suspicious_file.yml
2021-07-13 12:19:07 +02:00
process_creation_SDelete.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
process_creation_susp_7z.yml
Update process_creation_susp_7z.yml
2021-07-27 16:02:09 +02:00
process_creation_susp_recon.yml
add process_creation_susp_recon.yml
2021-07-30 08:15:13 +02:00
process_creation_susp_winzip.yml
forget date field
2021-07-27 11:09:35 +02:00
process_creation_syncappvpublishingserver_execute_arbitrary_powershell.yml
Add test_optional_related test_optional_fields test_optional_falsepositives
2021-07-24 09:41:04 +02:00
process_creation_syncappvpublishingserver_vbs_execute_powershell.yml
update ref in win_manage-bde_lolbas.yml
2021-07-16 08:34:30 +02:00
process_mailboxexport_share.yml
docs: add space in title
2021-08-07 10:13:05 +02:00
process_susp_esentutl_params.yml
fix file name
2021-08-07 15:54:43 +02:00
sysmon_abusing_debug_privilege.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_accesschk_usage_after_priv_escalation.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_always_install_elevated_windows_installer.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_apt_muddywater_dnstunnel.yml
Merge pull request #989 from oscd-initiative/master
2020-09-08 13:27:58 +02:00
sysmon_apt_sourgrum.yml
fix product sysmon_apt_sourgrum.yml
2021-07-30 16:02:38 +02:00
sysmon_cmstp_execution_by_creation.yml
fix 3 times the same name file
2021-07-02 11:01:07 +02:00
sysmon_creation_mavinject_dll.yml
update ref in sysmon_creation_mavinject_dll.yml
2021-07-30 08:31:37 +02:00
sysmon_cve_2021_26857_msexchange.yml
Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge
2021-03-03 12:46:50 +05:45
sysmon_expand_cabinet_files.yml
Added rule for Cabinet file expansion
2021-07-30 12:36:05 +05:45
sysmon_hack_wce.yml
fix: FP with WCE and Windows Cluster Service
2021-07-15 12:09:28 +02:00
sysmon_high_integrity_sdclt.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_logon_scripts_userinitmprlogonscript_proc.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_long_powershell_commandline.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_netcat_execution.yml
increased level to high
2021-07-23 09:51:00 +02:00
sysmon_proxy_execution_wuauclt.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_rclone_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_remove_windows_defender_definition_files.yml
Add 2 defense-evasion T1562.001 rules
2021-07-07 15:43:55 +02:00
sysmon_sdclt_child_process.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_susp_plink_remote_forward.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_susp_service_modification.yml
Add 2 defense-evasion T1562.001 rules
2021-07-07 15:43:55 +02:00
sysmon_susp_webdav_client_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
sysmon_uninstall_crowdstrike_falcon.yml
test 21 to 24 from https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md
2021-07-12 10:54:44 +02:00
win_ad_find_discovery.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_advanced_ip_scanner.yml
Preserved creation date
2021-05-11 19:17:32 +05:45
win_anydesk_silent_install.yml
fix: condition
2021-08-06 18:45:38 +02:00
win_apt_apt29_thinktanks.yml
Update win_apt_apt29_thinktanks.yml - Links
2021-07-07 20:21:41 +08:00
win_apt_babyshark.yml
att&ck tags review: windows/process_creation part 1, network
2020-08-27 20:43:47 +03:00
win_apt_bear_activity_gtr19.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_bluemashroom.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_chafer_mar18.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_cloudhopper.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_dragonfly.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_elise.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_emissarypanda_sep19.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_empiremonkey.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_equationgroup_dll_u_load.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_evilnum_jul20.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_gallium.yml
logsource change
2020-02-07 15:47:27 +01:00
win_apt_greenbug_may20.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_hafnium.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_hurricane_panda.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_judgement_panda_gtr19.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_ke3chang_regadd.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_lazarus_activity_apr21.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_lazarus_activity_dec20.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_lazarus_loader.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_lazarus_session_highjack.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_mustangpanda.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_revil_kaseya.yml
rule: more Kaseya patterns
2021-07-05 12:03:35 +02:00
win_apt_slingshot.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_sofacy.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_ta17_293a_ps.yml
att&ck tags review: windows/process_creation part 1, network
2020-08-27 20:43:47 +03:00
win_apt_ta505_dropper.yml
TA505 Loader Rule
2020-12-08 10:15:30 +01:00
win_apt_taidoor.yml
att&ck tags review: windows/process_creation part 1, network
2020-08-27 20:43:47 +03:00
win_apt_tropictrooper.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_turla_commands.yml
att&ck tags review: windows/process_creation part 1, network
2020-08-27 20:43:47 +03:00
win_apt_turla_comrat_may20.yml
att&ck tags review: windows/process_creation part 1, network
2020-08-27 20:43:47 +03:00
win_apt_unc2452_cmds.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_unc2452_ps.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_unidentified_nov_18.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_winnti_mal_hk_jan20.yml
att&ck tags review: windows/process_creation part 2
2020-08-29 04:39:30 +00:00
win_apt_winnti_pipemon.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_apt_wocao.yml
fix invalid fields name
2021-07-07 09:05:00 +02:00
win_apt_zxshell.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_attrib_hiding_files.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_bad_opsec_sacrificial_processes.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_bootconf_mod.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:30:57 +08:00
win_bypass_squiblytwo.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_change_default_file_association.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:30:57 +08:00
win_CL_Invocation_LOLScript.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_CL_Mutexverifiers_LOLScript.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_class_exec_xwizard.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_cmdkey_recon.yml
refactor: changed cmdkey rule
2021-07-07 14:45:03 +02:00
win_cmstp_com_object_access.yml
att&ck tags review: windows/process_creation part 2
2020-08-29 04:39:30 +00:00
win_cobaltstrike_process_patterns.yml
rule: Cobalt Strike patterns
2021-07-27 11:24:40 +02:00
win_commandline_path_traversal.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_control_panel_item.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_copying_sensitive_files_with_credential_data.yml
fixing test runner issues
2020-09-15 15:45:33 -06:00
win_credential_access_via_password_filter.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_crime_fireball.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_crime_maze_ransomware.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_crime_snatch_ransomware.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_data_compressed_with_rar.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_detecting_fake_instances_of_hxtsr.yml
Fix more windows fields name
2021-07-07 12:28:00 +02:00
win_dns_exfiltration_tools_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_dnscat2_powershell_implementation.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_encoded_frombase64string.yml
att&ck tags review: windows/process_creation part 2
2020-08-29 04:39:30 +00:00
win_encoded_iex.yml
att&ck tags review: windows/process_creation part 2
2020-08-29 04:39:30 +00:00
win_etw_modification_cmdline.yml
att&ck tags review: windows/process_creation part 2
2020-08-29 04:39:30 +00:00
win_etw_trace_evasion.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exchange_transportagent.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exfiltration_and_tunneling_tools_execution.yml
fix tags
2020-08-29 21:34:20 +02:00
win_exploit_cve_2015_1641.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exploit_cve_2017_0261.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exploit_cve_2017_8759.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exploit_cve_2017_11882.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exploit_cve_2019_1378.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exploit_cve_2019_1388.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_exploit_cve_2020_1048.yml
att&ck tags review: windows/process_creation part 2
2020-08-29 04:39:30 +00:00
win_exploit_cve_2020_1350.yml
fix: more FPs based on feedback
2020-07-15 12:05:50 +02:00
win_exploit_cve_2020_10189.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_file_permission_modifications.yml
Convert ART reference links from .yaml to .md
2021-07-06 17:56:38 +08:00
win_grabbing_sensitive_hives_via_reg.yml
Update win_grabbing_sensitive_hives_via_reg.yml
2021-07-24 18:17:27 -05:00
win_hack_adcspwn.yml
rule: ADCSPwn
2021-07-31 10:18:21 +02:00
win_hack_bloodhound.yml
att&ck tags review: windows/process_creation part 3
2020-09-01 17:02:59 +00:00
win_hack_koadic.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_hack_rubeus.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_hack_secutyxploded.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_hh_chm.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_hiding_malware_in_fonts_folder.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_hktl_createminidump.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_html_help_spawn.yml
att&ck tags review: windows/process_creation part 3
2020-09-01 17:02:59 +00:00
win_hwp_exploits.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_impacket_compiled_tools.yml
fix: adding experimental status
2021-07-24 12:34:33 +02:00
win_impacket_lateralization.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_indirect_cmd_compatibility_assistant.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_indirect_cmd.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_install_reg_debugger_backdoor.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_interactive_at.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:30:57 +08:00
win_invoke_obfuscation_clip+.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_obfuscated_iex_commandline.yml
att&ck tags review: windows/process_creation part 3
2020-09-01 17:02:59 +00:00
win_invoke_obfuscation_stdin+.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_var+.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_via_compress.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_via_rundll.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_via_stdin.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_via_use_clip.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_via_use_mhsta.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_via_use_rundll32.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_invoke_obfuscation_via_var++.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_lethalhta.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_local_system_owner_account_discovery.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_lolbas_execution_of_wuauclt.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_lolbin_execution_via_winget.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_lsass_dump.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_mal_adwind.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_dridex.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_dtrack.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_emotet.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_formbook.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_notpetya.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_qbot.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_ryuk.yml
att&ck tags review: windows/process_creation part 3
2020-09-01 17:02:59 +00:00
win_malware_script_dropper.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_trickbot_recon_activity.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_malware_trickbot_wermgr.yml
New Trickbot wermgr rule
2020-11-26 09:54:27 +01:00
win_malware_wannacry.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_manage-bde_lolbas.yml
update ref in win_manage-bde_lolbas.yml
2021-07-16 08:34:30 +02:00
win_mavinject_proc_inj.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_meterpreter_or_cobaltstrike_getsystem_service_start.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_mimikatz_command_line.yml
review windows/process_creation part 4
2020-09-02 02:34:34 +02:00
win_mmc_spawn_shell.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_modif_of_services_for_via_commandline.yml
update modified
2021-08-10 15:12:45 +02:00
win_monitoring_for_persistence_via_bits.yml
escape / in regex
2021-07-15 08:13:49 +02:00
win_mouse_lock.yml
Add missing product in logsource
2020-12-23 15:45:00 -05:00
win_mshta_javascript.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_mshta_spawn_shell.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_multiple_suspicious_cli.yml
Update win_multiple_suspicious_cli.yml
2021-06-14 08:54:07 +02:00
win_net_enum.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_net_user_add.yml
Updated ART reference links from .yaml
2021-07-06 17:39:25 +08:00
win_netsh_allow_port_rdp.yml
review windows/process_creation part 4
2020-09-02 02:34:34 +02:00
win_netsh_fw_add_susp_image.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_netsh_fw_add.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_netsh_packet_capture.yml
review windows/process_creation part 4
2020-09-02 02:34:34 +02:00
win_netsh_port_fwd_3389.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_netsh_port_fwd.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_netsh_wifi_credential_harvesting.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_network_sniffing.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_new_service_creation.yml
Updated ART reference links from .yaml
2021-07-06 17:39:25 +08:00
win_nltest_query.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_non_interactive_powershell.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_non_priv_reg_or_ps.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_office_shell.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_office_spawn_exe_from_users_directory.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_plugx_susp_exe_locations.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_possible_applocker_bypass.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_powershell_amsi_bypass.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_powershell_audio_capture.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_powershell_b64_shellcode.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_powershell_bitsjob.yml
OSCD QA wave 1
2020-01-11 00:11:27 +01:00
win_powershell_defender_exclusion.yml
test 21 to 24 from https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md
2021-07-12 10:54:44 +02:00
win_powershell_disable_windef_av.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_powershell_dll_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_powershell_downgrade_attack.yml
review windows/process_creation part 4
2020-09-02 02:34:34 +02:00
win_powershell_download.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_powershell_frombase64string.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_powershell_reverse_shell_connection.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_powershell_suspicious_parameter_variation.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_powershell_xor_commandline.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_powersploit_empire_schtasks.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_proc_wrong_parent.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_process_creation_bitsadmin_download.yml
fix: bug in author field (cannot be a list)
2021-07-27 10:14:53 +02:00
win_process_dump_rundll32_comsvcs.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_psexesvc_start.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_purplesharp_indicators.yml
change OriginalFilename case
2021-07-06 10:09:47 +02:00
win_query_registry.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_rasautou_dll_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_rdp_hijack_shadowing.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_redmimicry_winnti_proc.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_reg_add_run_key.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_regedit_export_critical_keys.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_regedit_export_keys.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_regedit_import_keys_ads.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_regedit_import_keys.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_regini_ads.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_regini.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_remote_powershell_session_process.yml
Update win_remote_powershell_session_process.yml
2021-07-15 11:20:25 +08:00
win_remote_time_discovery.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_renamed_binary_highly_relevant.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_renamed_binary.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_renamed_jusched.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_renamed_megasync.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_renamed_paexec.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_renamed_powershell.yml
Tune detection in win_renamed_powershell.yml
2021-07-03 15:18:01 +02:00
win_renamed_procdump.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_renamed_psexec.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_run_powershell_script_from_ads.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_run_powershell_script_from_input_stream.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_run_virtualbox.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_rundll32_without_parameters.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_script_event_consumer_spawn.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_sdbinst_shim_persistence.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_service_execution.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_service_stop.yml
fix false positive on taskkill.exe not related to service stop at all
2020-02-24 03:03:46 -05:00
win_shadow_copies_access_symlink.yml
att&ck tags review: windows/process_creation part 5
2020-09-07 02:00:41 +04:00
win_shadow_copies_creation.yml
Initial round of subtechnique updates
2020-06-16 14:46:08 -06:00
win_shadow_copies_deletion.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_shell_spawn_mshta.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_shell_spawn_susp_program.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_silenttrinity_stage_use.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_soundrec_audio_capture.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_spn_enum.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_sticky_keys_unauthenticated_privileged_console_access.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_sus_auditpol_usage.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_adfind.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_atbroker.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_bcdedit.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_bginfo.yml
att&ck tags review: windows/process_creation part 6
2020-09-05 20:35:21 +03:00
win_susp_calc.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_cdb.yml
att&ck tags review: windows/process_creation part 6
2020-09-05 20:35:21 +03:00
win_susp_certutil_command.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_certutil_encode.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_cli_escape.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_cmd_http_appdata.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_codepage_switch.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_commands_recon_activity.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_compression_params.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_comsvcs_procdump.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_conhost.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_control_dll_load.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_copy_lateral_movement.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_copy_system32.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_covenant.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_crackmapexec_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_crackmapexec_powershell_obfuscation.yml
att&ck tags review: windows/process_creation part 6
2020-09-05 20:35:21 +03:00
win_susp_csc_folder.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_csc.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_csi.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_curl_download.yml
att&ck tags review: windows/process_creation part 6
2020-09-05 20:35:21 +03:00
win_susp_curl_fileupload.yml
att&ck tags review: windows/process_creation part 6
2020-09-05 20:35:21 +03:00
win_susp_curl_start_combo.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_dctask64_proc_inject.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_desktopimgdownldr.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_devtoolslauncher.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_direct_asep_reg_keys_modification.yml
Updated ART reference links from .yaml
2021-07-06 17:39:25 +08:00
win_susp_disable_eventlog.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_disable_ie_features.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_disable_raccine.yml
refactor: improved Raccine uninstall rule
2021-07-14 09:56:35 +02:00
win_susp_diskshadow.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_ditsnap.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_dnx.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_double_extension.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_dxcap.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_emotet_rudll32_execution.yml
Update win_susp_emotet_rudll32_execution.yml
2020-12-25 09:05:55 +01:00
win_susp_eventlog_clear.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:30:57 +08:00
win_susp_execution_path_webserver.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_execution_path.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_explorer_break_proctree.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_explorer.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_file_characteristics.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_file_download_via_gfxdownloadwrapper.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_findstr_lnk.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_findstr.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_finger_usage.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_firewall_disable.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_fsutil_usage.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_susp_ftp.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_gup.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_iss_module_install.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_mounted_share_deletion.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_mpcmdrun_download.yml
docs: added MITRE ATT&CK tags
2020-09-05 09:17:23 +02:00
win_susp_mshta_pattern.yml
Suspicious mshta patterns
2021-07-17 09:04:41 +02:00
win_susp_msiexec_cwd.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_msiexec_web_install.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_msoffice.yml
fix: fixed casing and long rule titles
2020-01-30 17:26:09 +01:00
win_susp_net_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_netsh_dll_persistence.yml
fix some typo error
2021-07-12 09:40:18 +02:00
win_susp_ngrok_pua.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_ntdsutil.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_odbcconf.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_openwith.yml
att&ck tags review: windows/process_creation part 7
2020-08-30 19:17:38 +03:00
win_susp_outlook_temp.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_outlook.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_pcwutl.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_pester.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_ping_hex_ip.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_powershell_empire_launch.yml
refactor: widened PS1 Empire cmdlines rule
2021-07-20 11:26:22 +02:00
win_susp_powershell_empire_uac_bypass.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_powershell_enc_cmd.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_powershell_encoded_param.yml
att&ck tags review: windows/process_creation part 8
2020-08-28 17:14:26 +03:00
win_susp_powershell_getprocess_lsass.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_powershell_hidden_b64_cmd.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_powershell_parent_combo.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_powershell_parent_process.yml
att&ck tags review: windows/process_creation part 8
2020-08-28 17:14:26 +03:00
win_susp_powershell_sam_access.yml
SeriousSAM PowerShell rule
2021-07-29 18:12:10 +02:00
win_susp_print.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_procdump_lsass.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_procdump.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_procs_req_dlls.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_ps_appdata.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_ps_downloadfile.yml
att&ck tags review: windows/process_creation part 8
2020-08-28 17:14:26 +03:00
win_susp_psexec_eula.yml
Update win_susp_psexec_eula.yml
2020-11-29 17:45:29 +05:30
win_susp_psexex_paexec_flags.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_psr_capture_screenshots.yml
update ref win_susp_psr_capture_screenshots.yml
2021-07-30 08:40:21 +02:00
win_susp_rar_flags.yml
update detection
2021-07-27 10:34:46 +02:00
win_susp_rasdial_activity.yml
att&ck tags review: windows/process_creation part 8
2020-08-28 17:14:26 +03:00
win_susp_rclone_exec.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_recon_activity.yml
ryuk changes
2020-10-30 13:15:11 +05:30
win_susp_reg_disable_sec_services.yml
rule: reg disable security services
2021-07-14 15:52:35 +02:00
win_susp_regedit_trustedinstaller.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_register_cimprovider.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_regsvr32_anomalies.yml
fix: bug in regsvr anomaly rule
2021-07-18 12:59:31 +02:00
win_susp_regsvr32_flags_anomaly.yml
att&ck tags review: windows/process_creation part 8
2020-08-28 17:14:26 +03:00
win_susp_regsvr32_no_dll.yml
regsvr32 anomaly rule update
2021-07-20 21:14:48 +02:00
win_susp_renamed_dctask64.yml
att&ck tags review: windows/process_creation part 8
2020-08-28 17:14:26 +03:00
win_susp_renamed_debugview.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_renamed_paexec.yml
change OriginalFilename case
2021-07-06 10:09:47 +02:00
win_susp_rpcping.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_run_locations.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_rundll32_activity.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_rundll32_by_ordinal.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_rundll32_inline_vbs.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_rundll32_no_params.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_rundll32_setupapi_installhinfsection.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_rundll32_sys.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_runonce_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_runscripthelper.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_schtask_creation_temp_folder.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_schtask_creation.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_screenconnect_access.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_script_exec_from_temp.yml
fix: error in selector
2021-07-14 15:58:55 +02:00
win_susp_script_execution.yml
att&ck tags review: windows/process_creation part 8
2020-08-28 17:14:26 +03:00
win_susp_service_dacl_modification.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_service_dir.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_service_path_modification.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00
win_susp_servu_exploitation_cve_2021_35211.yml
rule: Serv-U exploitation
2021-07-14 08:35:25 +02:00
win_susp_servu_process_pattern.yml
fix missing references and duplicate UUID
2021-07-15 11:06:54 +02:00
win_susp_shell_spawn_from_mssql.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_shimcache_flush.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_spoolsv_child_processes.yml
New rule: suspicious spoolsv child process
2021-07-12 08:48:59 +02:00
win_susp_sqldumper_activity.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_squirrel_lolbin.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_svchost_no_cli.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_svchost.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_sysprep_appdata.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_sysvol_access.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_taskmgr_localsystem.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_taskmgr_parent.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_tracker_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_tscon_localsystem.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_tscon_rdp_redirect.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_use_of_csharp_console.yml
fix: fixed several issues
2020-03-09 17:43:16 +01:00
win_susp_use_of_sqlps_bin.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_use_of_sqltoolsps_bin.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_use_of_te_bin.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_use_of_vsjitdebugger_bin.yml
childimage do not exist in sysmon schema
2021-07-06 09:26:43 +02:00
win_susp_userinit_child.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_vboxdrvInst.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_vbscript_unc2452.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_volsnap_disable.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_whoami.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_winrm_AWL_bypass.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_winrm_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_wmi_execution.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_wmic_eventconsumer_create.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_wmic_proc_create_rundll32.yml
fix: rule title casing
2020-10-12 09:51:35 +02:00
win_susp_wmic_security_product_uninstall.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_wsl_lolbin.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_susp_wuauclt.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_syncappvpublishingserver_exe.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_sysmon_driver_unload.yml
att&ck tags review: windows/process_creation part 9
2020-08-29 19:22:09 +03:00
win_system_exe_anomaly.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_tap_installer_execution.yml
Rule fixes
2020-02-20 23:00:16 +01:00
win_task_folder_evasion.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_termserv_proc_spawn.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_tools_relay_attacks.yml
HiveNightmare and Relay attack tools adjustments
2021-07-26 10:59:35 +02:00
win_trust_discovery.yml
combines 2 rules
2021-07-09 16:41:03 +02:00
win_uac_cmstp.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_uac_fodhelper.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_uac_wsreset.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_using_sc_to_change_sevice_image_path_by_non_admin.yml
fixed typo in tag
2020-08-29 20:19:46 +03:00
win_using_settingsynchost_as_lolbin.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_verclsid_runs_com.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_visual_basic_compiler.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_vul_java_remote_debugging.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_webshell_detection.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_webshell_recon_detection.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_webshell_spawn.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_whoami_as_system.yml
att&ck tags review: windows/process_creation part 9
2020-08-29 19:22:09 +03:00
win_whoami_priv.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_win10_sched_task_0day.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_winword_dll_load.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_wmi_backdoor_exchange_transport_agent.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_wmi_persistence_script_event_consumer.yml
att&ck tags review: windows/process_creation part 9
2020-08-29 19:22:09 +03:00
win_wmi_spwns_powershell.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_wmiprvse_spawning_process.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_workflow_compiler.yml
update win_workflow_compiler.yml
2021-07-13 13:55:27 +02:00
win_write_protect_for_storage_disabled.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
win_wsreset_uac_bypass.yml
att&ck tags review: windows/process_creation part 9
2020-08-29 19:22:09 +03:00
win_xsl_script_processing.yml
Updated ART reference links from .yaml to .md and sub-technique links.
2021-07-06 17:21:22 +08:00