security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e41c5378ecf42cc09cb4c538cddcdb438455df0
blue-team-tools/rules/windows/powershell/powershell_script
T
History
Swachchhanda Shrawan Poudel 1e41c5378e Merge PR #5534 from @swachchhanda000 - update PowerShell WebRequest rules 
remove: PowerShell Web Download - deprecate duplicate rule in favour of 9fc51a3c-81b3-4fa7-b35f-7c02cf10fd2d
update: PowerShell Script With File Upload Capabilities - add invoke-restmethod cmdlet
update: Change User Agents with WebRequest - add invoke-restmethod cmdlet
update: Usage Of Web Request Commands And Cmdlets - add invoke-restmethod cmdlet
update: Usage Of Web Request Commands And Cmdlets - ScriptBlock - add invoke-restmethod cmdlet
update: Potential DLL File Download Via PowerShell Invoke-WebRequest - add invoke-restmethod cmdlet
update: PowerShell Download and Execution Cradles - add invoke-restmethod cmdlet
update: Suspicious Invoke-WebRequest Execution With DirectIP - add invoke-restmethod cmdlet
update: Suspicious Invoke-WebRequest Execution - add powershell_ise
update: Potential Data Exfiltration Activity Via CommandLine Tools - add invoke-restmethod cmdlet
update: Obfuscated IP Download Activity - add invoke-restmethod cmdlet
update: Suspicious PowerShell In Registry Run Keys - add invoke-restmethod cmdlet

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
2025-07-28 13:32:57 +02:00
..
posh_ps_aadinternals_cmdlets_execution.yml
Merge PR #5186 from @swachchhanda000 - Increase coverage of AADinternals rules
2025-02-17 12:11:55 +01:00
posh_ps_access_to_browser_login_data.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_active_directory_module_dll_import.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_add_dnsclient_rule.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_add_windows_capability.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_adrecon_execution.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_amsi_bypass_pattern_nov22.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_amsi_null_bits_bypass.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_apt_silence_eda.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_as_rep_roasting.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_audio_exfiltration.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_automated_collection.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_capture_screenshots.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_clear_powershell_history.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_clearing_windows_console_history.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_cmdlet_scheduled_task.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_computer_discovery_get_adcomputer.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_copy_item_system_directory.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_cor_profiler.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_create_local_user.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_create_volume_shadow_copy.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_detect_vm_env.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_directorysearcher.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_directoryservices_accountmanagement.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_disable_psreadline_command_history.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_disable_windows_optional_feature.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_dotnet_assembly_from_file.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_download_com_cradles.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_dsinternals_cmdlets.yml
Merge PR #5397 from @nasbench - Promote older rules status from experimental to test
2025-05-20 22:58:46 +02:00
posh_ps_dump_password_windows_credential_manager.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_enable_psremoting.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_enable_susp_windows_optional_feature.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_enumerate_password_windows_credential_manager.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_etw_trace_evasion.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_exchange_mailbox_smpt_forwarding_rule.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_export_certificate.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_frombase64string_archive.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_get_acl_service.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_get_adcomputer.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_get_adgroup.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_get_adreplaccount.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_get_childitem_bookmarks.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_get_process_security_software_discovery.yml
Merge PR #4991 from @nasbench - Promote older rules status from experimental to test
2024-09-02 10:01:36 +02:00
posh_ps_hktl_rubeus.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_hktl_winpwn.yml
Merge PR #5027 from @nasbench - Promote older rules status from experimental to test
2024-10-01 14:56:09 +02:00
posh_ps_hotfix_enum.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_icmp_exfiltration.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_import_module_susp_dirs.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_install_unsigned_appx_packages.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_command_remote.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_dnsexfiltration.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_clip.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_obfuscated_iex.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_stdin.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_var.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_via_compress.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_via_rundll.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_via_stdin.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_via_use_clip.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_via_use_mhsta.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_via_use_rundll32.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_invoke_obfuscation_via_var.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_keylogging.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_localuser.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_mailboxexport_share.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_malicious_commandlets.yml
Merge PR #5515 from @X-Junior - coverage for Invoke-PowerDPAPI
2025-07-07 12:19:55 +02:00
posh_ps_malicious_keywords.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_memorydump_getstoragediagnosticinfo.yml
Merge PR #5452 from @david-syk - Update the MITRE ATT&CK tags for multiple rules
2025-06-04 14:39:25 +02:00
posh_ps_modify_group_policy_settings.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_msxml_com.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_nishang_malicious_commandlets.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_ntfs_ads_access.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_office_comobject_registerxll.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_packet_capture.yml
Merge PR #5249 from @nasbench - Promote older rules status from experimental to test
2025-04-17 00:41:35 +02:00
posh_ps_potential_invoke_mimikatz.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_potential_unconstrained_delegation_discovery.yml
Merge PR #4886 from @frack113 - Add Potential Unconstrained Delegation Discovery Via Get-ADComputer - ScriptBlock
2025-04-07 11:02:17 +02:00
posh_ps_powershell_web_access_installation.yml
Merge PR #5452 from @david-syk - Update the MITRE ATT&CK tags for multiple rules
2025-06-04 14:39:25 +02:00
posh_ps_powerview_malicious_commandlets.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_prompt_credentials.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_psasyncshell.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_psattack.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_remote_session_creation.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_remotefxvgpudisablement_abuse.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_request_kerberos_ticket.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_resolve_list_of_ip_from_file.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_root_certificate_installed.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_run_from_mount_diskimage.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_script_with_upload_capabilities.yml
Merge PR #5534 from @swachchhanda000 - update PowerShell WebRequest rules
2025-07-28 13:32:57 +02:00
posh_ps_sensitive_file_discovery.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_set_acl_susp_location.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_set_acl.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_set_policies_to_unsecure_level.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_shellcode_b64.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_shellintel_malicious_commandlets.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_software_discovery.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_store_file_in_alternate_data_stream.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_ace_tampering.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_ad_group_reco.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_alias_obfscuation.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_clear_eventlog.yml
Merge PR #5228 from @swachchhanda000 - Update Eventlog clearing related rules
2025-04-17 00:45:10 +02:00
posh_ps_susp_directory_enum.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_download.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_execute_batch_script.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_extracting.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_follina_execution.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_get_addefaultdomainpasswordpolicy.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_get_current_user.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_get_gpo.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_get_process.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_getprocess_lsass.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_gettypefromclsid.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_hyper_v_condlet.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_invocation_generic.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_invocation_specific.yml
Merge PR #5196 from @swachchhanda000 - Updated and Added rules related to Autorun Registry
2025-05-12 13:28:51 +02:00
posh_ps_susp_invoke_webrequest_useragent.yml
Merge PR #5534 from @swachchhanda000 - update PowerShell WebRequest rules
2025-07-28 13:32:57 +02:00
posh_ps_susp_iofilestream.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_keylogger_activity.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_keywords.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_local_group_reco.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_mail_acces.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_mount_diskimage.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_mounted_share_deletion.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_networkcredential.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_new_psdrive.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_proxy_scripts.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_recon_export.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_remove_adgroupmember.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_service_dacl_modification_set_service.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_set_alias.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_smb_share_reco.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_ssl_keyword.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_start_process.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_unblock_file.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_wallpaper.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_win32_pnpentity.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_win32_shadowcopy_deletion.yml
Merge PR #5424 from @phantinuss - Some housekeeping
2025-05-20 23:12:55 +02:00
posh_ps_susp_windowstyle.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_write_eventlog.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_susp_zip_compress.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_syncappvpublishingserver_exe.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_tamper_windows_defender_rem_mp.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_tamper_windows_defender_set_mp.yml
Merge PR #5065 from @nasbench - Promote older rules status from experimental to test
2024-11-01 10:21:04 +01:00
posh_ps_test_netconnection.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_timestomp.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_token_obfuscation.yml
Merge PR #4967 from @nasbench - Revert accidental change introduced in #4950
2024-08-13 02:59:39 +02:00
posh_ps_user_discovery_get_aduser.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_user_profile_tampering.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_using_set_service_to_hide_services.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_veeam_credential_dumping_script.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_web_request_cmd_and_cmdlets.yml
Merge PR #5534 from @swachchhanda000 - update PowerShell WebRequest rules
2025-07-28 13:32:57 +02:00
posh_ps_win32_nteventlogfile_usage.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_win32_product_install_msi.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_win_api_susp_access.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_win_defender_exclusions_added.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_windows_firewall_profile_disabled.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_winlogon_helper_dll.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_wmi_persistence.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_wmi_unquoted_service_search.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_wmimplant.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_x509enrollment.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
posh_ps_xml_iex.yml
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00