security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
45010540d779b0f408b1c8517a6cce0778f65fc8
blue-team-tools/rules/windows/process_creation
T
History
Zeta 45010540d7 proc_creation_win_susp_rundll32_script_run.yml 
Fixed link and removed "RunHTMLApplication" cause it can also use with "Ordinal number".
2023-02-03 15:25:57 +07:00
..
proc_creation_win_7zip_cve_2022_29072.yml
feat: add missing /r to cmd
2022-11-18 13:45:01 +01:00
proc_creation_win_aadinternals_cmdlets_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_abusing_debug_privilege.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_abusing_windows_telemetry_for_persistence.yml
feat: updates and enhancements
2022-12-30 00:56:40 +01:00
proc_creation_win_accesschk_usage_after_priv_escalation.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ads_stored_dll_execution_rundll32.yml
fix: sharpen regex to not match default windows rundll32 usage
2023-01-23 12:57:50 +01:00
proc_creation_win_advanced_ip_scanner.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_advanced_port_scanner.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_alternate_data_streams.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_always_install_elevated_msi_spawned_cmd_powershell.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_always_install_elevated_windows_installer.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_anydesk_execution_from_susp_folders.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_anydesk_execution.yml
Merge remote-tracking branch 'upstream/master' into pormotion_status
2023-01-27 11:29:27 +01:00
proc_creation_win_anydesk_piped_password_via_cli.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_anydesk_silent_install.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_apt_actinium_persistence.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_apt_apt29_thinktanks.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_babyshark.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_bear_activity_gtr19.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_bluemashroom.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_chafer_mar18.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_cloudhopper.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_dragonfly.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_elise.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_emissarypanda_sep19.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_empiremonkey.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_equationgroup_dll_u_load.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_evilnum_jul20.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_gallium_sha1.yml
Update Title (#3733)
2022-11-28 06:43:17 +01:00
proc_creation_win_apt_gallium.yml
Fix related
2022-10-09 17:28:05 +02:00
proc_creation_win_apt_gamaredon_ultravnc.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_apt_greenbug_may20.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_hafnium.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_hurricane_panda.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_judgement_panda_gtr19.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_ke3chang_regadd.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_lazarus_activity_apr21.yml
Update title (#3746)
2022-12-02 18:10:43 +01:00
proc_creation_win_apt_lazarus_activity_dec20.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_lazarus_loader.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_lazarus_session_highjack.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_mercury.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_muddywater_dnstunnel.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_mustangpanda.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_revil_kaseya.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_silence_downloader_v3.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_slingshot.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_sofacy.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_sourgrum.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_apt_ta17_293a_ps.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_ta505_dropper.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_taidoor.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_tropictrooper.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_turla_commands_critical.yml
Update title (#3746)
2022-12-02 18:10:43 +01:00
proc_creation_win_apt_turla_commands_medium.yml
Update title (#3746)
2022-12-02 18:10:43 +01:00
proc_creation_win_apt_turla_comrat_may20.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_unc2452_cmds.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_unc2452_ps.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_unidentified_nov_18.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_apt_winnti_mal_hk_jan20.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_winnti_pipemon.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_wocao.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_apt_zxshell.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_arbitrary_shell_execution_via_settingcontent.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_archiver_iso_phishing.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_atlassian_confluence_cve_2021_26084_exploit.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_attrib_hiding_files.yml
feat: more updates, renames and fixes
2023-01-27 00:30:16 +01:00
proc_creation_win_attrib_system_susp_paths.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_attrib_system.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_automated_collection.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_bad_opsec_sacrificial_processes.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_bearlpe_potential_exploitation.yml
feat: more updates, renames and fixes
2023-01-27 00:30:16 +01:00
proc_creation_win_bitsadmin_download_susp_domain.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_bitsadmin_download_susp_ext.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_bitsadmin_download_susp_ip.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_bitsadmin_download_susp_targetfolder.yml
feat: more updates
2023-02-02 00:24:35 +01:00
proc_creation_win_bitsadmin_download_uncommon_targetfolder.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_bitsadmin_download.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_bootconf_mod.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_browser_remote_debugging.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_bypass_squiblytwo.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_c2_sliver.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_c3_load_by_rundll32.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_certoc_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_certutil_ntlm_coercion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_change_default_file_assoc_susp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_change_default_file_association.yml
feat: add missing /r to cmd
2022-11-18 13:45:01 +01:00
proc_creation_win_chisel_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_chrome_load_extension.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_chromium_headless_debugging.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_cleanwipe.yml
Fix after review
2022-09-02 17:44:53 +02:00
proc_creation_win_clip.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_cmd_delete.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_cmd_dosfuscation.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_cmd_read_contents.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_cmd_redirect.yml
feat: updates and enhancements
2023-01-11 01:03:52 +01:00
proc_creation_win_cmd_redirection_susp_folder.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_cmdkey_recon.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_cmstp_com_object_access.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_cmstp_execution_by_creation.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_cobaltstrike_bloopers_cmd.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_cobaltstrike_bloopers_modules.yml
fix: apply suggestions from code review
2023-01-31 11:16:29 +01:00
proc_creation_win_cobaltstrike_load_by_rundll32.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_cobaltstrike_process_patterns.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_commandline_path_traversal_evasion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_commandline_path_traversal.yml
feat: add missing /r to cmd
2022-11-18 13:45:01 +01:00
proc_creation_win_computer_discovery_get_adcomputer.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_conhost_path_traversal.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_conti_cmd_ransomware.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_conti_sqlcmd.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_control_panel_item.yml
Remove mitre url
2023-01-10 18:24:22 +01:00
proc_creation_win_copy_browser_data.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_copy_dmp_from_share.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_copying_sensitive_files_with_credential_data.yml
fix: fixed broken condition
2022-11-15 00:02:19 +01:00
proc_creation_win_crackmapexec_patterns.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_create_link_osk_cmd.yml
docs: change modified date
2022-12-21 08:57:05 +01:00
proc_creation_win_creative_cloud_node_abuse.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_credential_access_via_password_filter.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_credential_acquisition_registry_hive_dumping.yml
feat: add missing OriginalFileName field
2022-11-14 23:08:19 +01:00
proc_creation_win_crime_fireball.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_crime_maze_ransomware.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_crime_snatch_ransomware.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_crypto_mining_monero.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_curl_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_cve_2021_26857_msexchange.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_data_compressed_with_rar.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_delete_systemstatebackup.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_detecting_fake_instances_of_hxtsr.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_deviceenroller_evasion.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_dinjector.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_dirlister.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_disable_defender_av_security_monitoring.yml
fix: rename rule to be conform to the title
2022-11-18 17:54:13 +01:00
proc_creation_win_disable_service.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_discover_private_keys.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_dll_sideload_defender.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_dll_sideload_vmware_xfer.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_dns_exfiltration_tools_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_dns_serverlevelplugindll.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_dnscat2_powershell_implementation.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_dnscmd_discovery.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_dotnet.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_double_ext_parent.yml
Add related
2023-01-06 18:22:36 +01:00
proc_creation_win_driverquery_recon.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_driverquery_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_dsacls_abuse_permissions.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_dsacls_password_spray.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_dsim_remove.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_dumpstack_log_evasion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_email_exfil_via_powershell.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_embed_exe_lnk.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_enable_susp_windows_optional_feature.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_enumeration_for_credentials_cli.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_enumeration_for_credentials_in_registry.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_esentutl_webcache.yml
Update proc_creation_win_esentutl_webcache.yml
2022-10-31 20:56:29 +01:00
proc_creation_win_etw_modification_cmdline.yml
fix: update title to reflect logic
2022-12-09 19:37:53 +01:00
proc_creation_win_etw_trace_evasion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_evil_winrm.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_execution_mssql_xp_cmdshell_stored_procedure.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_exfil_data_via_cli.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exfiltration_and_tunneling_tools_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_expand_cabinet_files.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_exploit_cve_2015_1641.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_cve_2017_0261.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_cve_2017_8759.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_cve_2017_11882.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_cve_2019_1378.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_cve_2019_1388.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_cve_2020_1048.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_exploit_cve_2020_1350.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_cve_2020_10189.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_lpe_cve_2021_41379.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_exploit_systemnightmare.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_false_sysinternalsuite.yml
fix: update metadata
2022-12-09 10:34:06 +01:00
proc_creation_win_file_permission_modifications.yml
fix: fix typo in title and add FP comment
2022-11-21 12:27:54 +01:00
proc_creation_win_findstr_gpp_passwords.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_findstr_lsass.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_findstr_recon_everyone.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_firewall_disabled_via_powershell.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_frombase64string_archive.yml
Apply suggestions from code review
2022-12-23 12:34:56 +01:00
proc_creation_win_frp.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_fsutil_drive_enumeration.yml
Remove mitre url
2023-01-10 18:09:04 +01:00
proc_creation_win_fsutil_symlinkevaluation.yml
fix: update broken selection
2023-01-19 21:33:29 +01:00
proc_creation_win_get_localgroup_member_recon.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_gmer_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_gotoopener.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_gpg4win_susp_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_grabbing_sensitive_hives_via_reg.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_hack_adcspwn.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_bloodhound.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_cube0x0_tools.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_dumpert.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_htran.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_hydra.yml
Remove mitre url
2023-01-10 18:09:04 +01:00
proc_creation_win_hack_inveigh.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_koadic.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_hack_krbrelay.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_krbrelayup.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_rubeus.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_safetykatz.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_secutyxploded.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_sharpersist.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_sharpldapwhoami.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_sysmoneop.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hack_wce.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hacktool_imphashes.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_handlekatz.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hashcat.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_headless_browser_file_download.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_hh_chm_http.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hh_chm.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_hiding_malware_in_fonts_folder.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_high_integrity_sdclt.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_hktl_createminidump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_hktl_uacme_uac_bypass.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_html_help_spawn.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_hwp_exploits.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_icacls_deny.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_iis_appcmd_http_logging.yml
feat: updates and new rules
2023-01-22 23:31:02 +01:00
proc_creation_win_iis_appcmd_service_account_password_dumped.yml
feat: updates and new rules
2023-01-22 23:31:02 +01:00
proc_creation_win_iis_appcmd_susp_module_install.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_iis_appcmd_susp_rewrite_rule.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_iis_connection_strings_decryption.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_imaging_devices_unusual_parents.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_impacket_compiled_tools.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_impacket_lateralization.yml
feat: wmiprvse rule updates and merger
2023-01-19 23:10:06 +01:00
proc_creation_win_impersonate_tool.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_import_cert_susp_locations.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_import_module_susp_dirs.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_infdefaultinstall.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_inline_base64_mz_header.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_inline_win_api_access.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_install_reg_debugger_backdoor.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_install_unsigned_appx_packages.yml
fix: apply suggestions from code review
2023-02-02 10:52:04 +01:00
proc_creation_win_interactive_at.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_invoke_obfuscation_clip.yml
fix: rename links from old repo to SigmaHQ
2022-12-27 21:05:16 +01:00
proc_creation_win_invoke_obfuscation_obfuscated_iex_commandline.yml
fix: typo modified
2022-12-31 21:57:05 +09:00
proc_creation_win_invoke_obfuscation_stdin.yml
fix: rename links from old repo to SigmaHQ
2022-12-27 21:05:16 +01:00
proc_creation_win_invoke_obfuscation_var.yml
fix: rename links from old repo to SigmaHQ
2022-12-27 21:05:16 +01:00
proc_creation_win_invoke_obfuscation_via_compress.yml
feat: updates and enhancements
2022-12-30 00:56:40 +01:00
proc_creation_win_invoke_obfuscation_via_rundll.yml
fix: rename links from old repo to SigmaHQ
2022-12-27 21:05:16 +01:00
proc_creation_win_invoke_obfuscation_via_stdin.yml
fix: Windows Defender detection
2022-12-28 20:52:53 +01:00
proc_creation_win_invoke_obfuscation_via_use_clip.yml
fix: rename links from old repo to SigmaHQ
2022-12-27 21:05:16 +01:00
proc_creation_win_invoke_obfuscation_via_use_mhsta.yml
fix: rename links from old repo to SigmaHQ
2022-12-27 21:05:16 +01:00
proc_creation_win_invoke_obfuscation_via_var.yml
fix: rename links from old repo to SigmaHQ
2022-12-27 21:05:16 +01:00
proc_creation_win_iox.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_jlaive_batch_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ldifde_file_load.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lethalhta.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_local_system_owner_account_discovery.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
proc_creation_win_logmein.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_logon_scripts_userinitmprlogonscript_proc.yml
fix: value
2023-01-31 12:25:32 +05:00
proc_creation_win_lolbin_adplus.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_agentexecutor_susp_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_agentexecutor.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_appvlp.yml
fix: broken selection
2022-12-30 10:30:15 +01:00
proc_creation_win_lolbin_aspnet_compiler.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_lolbin_bash.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_cdb.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
proc_creation_win_lolbin_certoc_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_cl_invocation.yml
feat: updates and enhancements
2023-01-11 01:03:52 +01:00
proc_creation_win_lolbin_cl_loadassembly.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_cl_mutexverifiers.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_class_exec_xwizard.yml
fix: explicitly escape { to make it clear that it is a literal (#3737)
2022-11-30 11:43:49 +01:00
proc_creation_win_lolbin_cmdl32.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_configsecuritypolicy.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_cscript_gathernetworkinfo.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_lolbin_customshellhost.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_data_exfiltration_by_using_datasvcutil.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_defaultpack.yml
Last lolbin (#3845)
2022-12-31 19:53:44 +01:00
proc_creation_win_lolbin_device_credential_deployment.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_diantz_ads.yml
fix: remove unneeded backslash escape in character class.
2022-12-31 00:33:00 +09:00
proc_creation_win_lolbin_diantz_remote_cab.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_dll_sideload_xwizard.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_dump64.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_lolbin_execution_via_winget.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_extexport.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_extrac32_ads.yml
fix: add missing modified date
2022-12-30 20:56:21 +01:00
proc_creation_win_lolbin_extrac32.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_findstr.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_forfiles.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_fsharp_interpreters.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_ftp.yml
fix: rename ftp.exe rule to lolbin rule
2022-11-10 17:06:28 +01:00
proc_creation_win_lolbin_gpscript.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_ie4uinit.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_ieexec_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_ilasm.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_installutil_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_jsc.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_kavremover.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_launch_vsdevshell.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_mavinject_process_injection.yml
feat: new rules and fixes (#3759)
2022-12-06 12:13:20 +01:00
proc_creation_win_lolbin_mftrace.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_msdt_answer_file.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_msohtmed_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_mspub_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_not_from_c_drive.yml
fix: condition
2023-01-31 12:50:28 +05:00
proc_creation_win_lolbin_offlinescannershell.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_lolbin_openconsole.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_pcalua.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_pcwrun_follina.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_pcwrun.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_pktmon.yml
Update proc_creation_win_lolbin_pktmon.yml
2023-01-31 13:41:54 +01:00
proc_creation_win_lolbin_presentationhost_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_presentationhost.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_printbrm.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_protocolhandler_download.yml
Last lolbin (#3845)
2022-12-31 19:53:44 +01:00
proc_creation_win_lolbin_pubprn.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_rasautou_dll_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_regasm.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_register_app.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_remote.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_replace.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_rundll32_installscreensaver.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_runexehelper.yml
Add missing lolbin OSBinaries (#3835)
2022-12-29 14:36:33 +01:00
proc_creation_win_lolbin_scriptrunner.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_setres.yml
Update proc_creation_win_lolbin_setres.yml
2022-12-12 17:09:26 -05:00
proc_creation_win_lolbin_settingsynchost.yml
feat: rename rule to fit convention
2022-11-18 13:45:18 +01:00
proc_creation_win_lolbin_sftp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_sideload_link_binary.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_sigverif.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_squirrel.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_ssh.yml
feat: updates and fixes
2023-01-26 22:42:56 +01:00
proc_creation_win_lolbin_susp_acccheckconsole.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_susp_atbroker.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_lolbin_susp_certreq_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_susp_driver_installed_by_pnputil.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_susp_dxcap.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_susp_grpconv.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_susp_mpcmdrun_download.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_susp_sqldumper_activity.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_susp_wsl.yml
feat: update wsl related rules and other
2023-01-24 16:50:53 +01:00
proc_creation_win_lolbin_syncappvpublishingserver_execute_psh.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_syncappvpublishingserver_vbs_execute_psh.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_tracker.yml
feat: updates and enhancements
2023-01-10 00:13:37 +01:00
proc_creation_win_lolbin_ttdinject.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_tttracer_mod_load.yml
Fix related
2022-10-09 17:28:05 +02:00
proc_creation_win_lolbin_type.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_unregmp2.yml
Add missing lolbin OSBinaries (#3835)
2022-12-29 14:36:33 +01:00
proc_creation_win_lolbin_utilityfunctions.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_visual_basic_compiler.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_visualuiaverifynative.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_vsiisexelauncher.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_wfc.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lolbin_winword.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_lolbin_wlrmdr.yml
feat: new rules and fixes (#3759)
2022-12-06 12:13:20 +01:00
proc_creation_win_lolbins_by_office_applications.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_long_powershell_commandline.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_lsa_disablerestrictedadmin.yml
fix: add related metadata
2023-01-13 17:21:21 +01:00
proc_creation_win_lsass_dump.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_lsass_shtinkering.yml
fix: rename rule to follow convention
2022-12-14 15:37:28 +01:00
proc_creation_win_mailboxexport_share.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_mal_adwind.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_mal_blue_mockingbird.yml
Fix related
2022-10-09 17:28:05 +02:00
proc_creation_win_mal_darkside_ransomware.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_mal_hermetic_wiper_activity.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_mal_lockergoga_ransomware.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_mal_ryuk.yml
Update title (#3746)
2022-12-02 18:10:43 +01:00
proc_creation_win_malicious_cmdlets.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_conti_7zip.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_conti_shadowcopy.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_conti.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_dridex.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_dtrack.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_emotet.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_formbook.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_notpetya.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_qbot.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_ryuk.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_script_dropper.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_trickbot_recon_activity.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_malware_trickbot_wermgr.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_malware_wannacry.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_manage_bde_lolbas.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
proc_creation_win_meterpreter_or_cobaltstrike_getsystem_service_start.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_mimikatz_command_line.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_mmc20_lateral_movement.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_mmc_spawn_shell.yml
fix: broken single item lists
2022-12-08 16:23:58 +01:00
proc_creation_win_modif_of_services_for_via_commandline.yml
fix: update selections
2023-01-31 11:10:53 +01:00
proc_creation_win_modify_group_policy_settings.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_monitoring_for_persistence_via_bits.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_mouse_lock.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_msdeploy.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_msdt_diagcab.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_msdt_susp_cab_options.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_msdt_susp_parent.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_msdt.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_msedge_minimized_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_msexchange_transport_agent.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_mshta_http.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_mshta_javascript.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_mshta_spawn_shell.yml
fix: broken single item lists
2022-12-08 16:23:58 +01:00
proc_creation_win_msiexec_dll.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_msiexec_embedding.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_msiexec_execute_dll.yml
fix: syntax error, additional comma
2022-12-08 17:34:56 +01:00
proc_creation_win_msiexec_install_quiet.yml
fix: fp in msiexec rule
2023-01-16 10:28:15 +01:00
proc_creation_win_msiexec_install_remote.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_msra_process_injection.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_mstsc.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_multiple_susp_cli.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_net_default_accounts_manipulation.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_net_groups_and_accounts_recon.yml
fix: typos in titles and descriptions of rules
2023-02-02 19:40:01 +01:00
proc_creation_win_net_share_and_sessions_enum.yml
fix: typos in titles and descriptions of rules
2023-02-02 19:40:01 +01:00
proc_creation_win_net_start_service.yml
fix: typos in titles and descriptions of rules
2023-02-02 19:40:01 +01:00
proc_creation_win_net_use_mount_admin_share.yml
fix: wrong escape
2023-02-02 20:07:13 +01:00
proc_creation_win_net_use_mount_share.yml
fix: apply escape suggestion
2023-02-02 21:34:54 +01:00
proc_creation_win_net_user_add_never_expire.yml
feat: more updates
2023-02-02 00:24:35 +01:00
proc_creation_win_net_user_add.yml
fix: add missing modified field
2023-02-02 00:28:32 +01:00
proc_creation_win_netcat_execution.yml
feat: updates and enhancements
2023-01-02 14:49:45 +01:00
proc_creation_win_netsh_allow_port_rdp.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_netsh_fw_add_susp_image.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_netsh_fw_add.yml
fix: fp found in testing
2023-01-25 16:54:11 +01:00
proc_creation_win_netsh_fw_delete.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_netsh_fw_enable_group_rule.yml
fix: selection
2023-01-31 14:59:57 +05:00
proc_creation_win_netsh_packet_capture.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_netsh_port_fwd_3389.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_netsh_port_fwd.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_netsh_wifi_credential_harvesting.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_netsupport.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_network_scan_loop.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_network_sniffing.yml
feat: more updates
2023-02-02 00:24:35 +01:00
proc_creation_win_new_network_provider.yml
fix: add missing modified field
2023-02-02 00:28:32 +01:00
proc_creation_win_new_service_creation.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_nimgrab.yml
fix: typos in titles and descriptions of rules
2023-02-02 19:40:01 +01:00
proc_creation_win_nltest_recon.yml
feat: more updates
2023-02-02 00:24:35 +01:00
proc_creation_win_nmap_zenmap.yml
feat: updates and enhancements
2023-01-02 14:49:45 +01:00
proc_creation_win_node_abuse.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_non_interactive_powershell.yml
fix: filter fp found in testing
2023-01-20 11:39:08 +01:00
proc_creation_win_non_priv_reg_or_ps.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_nps.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_nslookup_poweshell_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_ntdsutil_usage.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ntfs_short_name_path_use_cli.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ntfs_short_name_path_use_image.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ntfs_short_name_use_cli.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ntfs_short_name_use_image.yml
fix: fix FP found in testing
2022-12-12 13:40:55 +01:00
proc_creation_win_obfuscated_ip_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_obfuscated_ip_via_cli.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_office_dir_traversal_cli.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_office_shell.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_office_spawn_exe_from_users_directory.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_office_spawning_wmi_commandline.yml
Update title (#3746)
2022-12-02 18:10:43 +01:00
proc_creation_win_office_svchost_child.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_outlook_shell.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_pdqdeploy_runner_susp_children.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_pdqdeploy.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_perl_inline_command_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_persistence_typed_paths.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_php_inline_command_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_pingback_backdoor.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_plugx_susp_exe_locations.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_possible_privilege_escalation_via_service_reg_perm.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_powershell_active_directory_module_dll_import.yml
feat: update pwsh ad module rules
2023-01-22 20:07:42 +01:00
proc_creation_win_powershell_add_windows_capability.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_amsi_init_failed_bypass.yml
fix: rule filename
2023-01-27 01:15:05 +01:00
proc_creation_win_powershell_amsi_null_bits_bypass.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_audio_capture.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_powershell_base64_frombase64string.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_base64_iex.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_base64_invoke.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_base64_mppreference.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_base64_reflective_assembly_load.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_base64_shellcode.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_base64_wmi_classes.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_cmdline_convertto_securestring.yml
feat: more updates
2023-02-02 00:24:35 +01:00
proc_creation_win_powershell_cmdline_reversed_strings.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_powershell_cmdline_special_characters.yml
Refractor (#3794)
2022-12-18 21:00:14 +01:00
proc_creation_win_powershell_defender_disable_feature.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_defender_exclusion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_dll_execution.yml
feat: updates and fixes
2023-01-26 22:42:56 +01:00
proc_creation_win_powershell_downgrade_attack.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
proc_creation_win_powershell_download_patterns.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_encoding_patterns.yml
feat: updates and fixes
2023-01-26 22:42:56 +01:00
proc_creation_win_powershell_frombase64string.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_get_clipboard.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_public_folder.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_reverse_shell_connection.yml
feat: updates and enhancements
2023-01-10 00:13:37 +01:00
proc_creation_win_powershell_snapins_hafnium.yml
feat: enhance pssnapin rule
2022-12-09 16:38:32 +01:00
proc_creation_win_powershell_susp_download_patterns.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_susp_parameter_variation.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_powershell_token_obfuscation.yml
fix regex escape
2022-12-30 00:11:52 +09:00
proc_creation_win_powershell_xor_commandline.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_powersploit_empire_schtasks.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_powertool_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_priv_escalation_via_named_pipe.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_proc_dump_createdump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_proc_dump_dumpminitool.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_proc_dump_rdrleakdiag.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_proc_dump_susp_dumpminitool.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_proc_wrong_parent.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_procdump_evasion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_procdump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_process_dump_rdrleakdiag.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_process_dump_rundll32_comsvcs.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_proxy_execution_wuauclt.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_ps_download_com_cradles.yml
Rules for Issue 575 (#3820)
2022-12-27 15:17:45 +01:00
proc_creation_win_ps_exec_data_file.yml
Rules for Issue 575 (#3820)
2022-12-27 15:17:45 +01:00
proc_creation_win_psexesvc_start.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_psh_amsi_bypass_pattern_nov22.yml
rule: amsi bypass
2022-11-09 09:44:31 +01:00
proc_creation_win_pua_defendercheck.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_pua_seatbelt.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_public_folder_parent.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_purplesharp_indicators.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_pypykatz.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_python_inline_command_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_python_pty_spawn.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_quarks_pwdump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_query_registry.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_query_session_exfil.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_ransom_blackbyte.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_rar_susp_greedy.yml
fix: indentation and selection names for clarity
2022-12-27 16:26:20 +01:00
proc_creation_win_raspberry_robin_single_dot_ending_file.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_rdp_hijack_shadowing.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_rdp_session_hijacking.yml
rewrite issue 1555 (#3818)
2022-12-27 19:28:34 +01:00
proc_creation_win_redirect_local_admin_share.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_redirect_to_stream.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_redmimicry_winnti_proc.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_reg_add_run_key.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_reg_add_safeboot.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_reg_defender_exclusion.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_reg_defender_tampering.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_reg_delete_safeboot.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_reg_delete_services.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_reg_dump_sam.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_reg_enable_rdp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_reg_import_from_suspicious_paths.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_reg_lsa_ppl_protection_disabled.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_reg_service_imagepath_change.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_regedit_export_critical_keys.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_regedit_export_keys.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_regedit_import_keys_ads.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_regedit_import_keys.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_regini_ads.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_regini.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_remote_desktop_tunneling.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_remote_file_download_desktopimgdownldr.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_remote_powershell_session_process.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_remote_time_discovery.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_remove_windows_defender_definition_files.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_renamed_binary_highly_relevant.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_binary.yml
fix: rename rules to show importance
2023-01-19 13:39:13 +01:00
proc_creation_win_renamed_browsercore.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_ftp.yml
fix: apply suggestions from code review
2022-11-11 10:03:24 +01:00
proc_creation_win_renamed_jusched.yml
Refractor (#3794)
2022-12-18 21:00:14 +01:00
proc_creation_win_renamed_mavinject.yml
feat: new rules and fixes (#3759)
2022-12-06 12:13:20 +01:00
proc_creation_win_renamed_megasync.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_renamed_msdt.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_netsupport_rat.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_office_processes.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_paexec.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_renamed_plink.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_procdump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_rundll32_dllregisterserver.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_rurat.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_sdelete.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_renamed_vmnat.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_renamed_whoami.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_rhadamanthys_dll_launch.yml
fix: typo in the description
2023-01-27 10:53:59 +01:00
proc_creation_win_root_certificate_installed.yml
Fix related
2022-10-09 17:28:05 +02:00
proc_creation_win_rpcss_anomalies.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_ruby_inline_command_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_run_executable_invalid_extension.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_run_from_zip.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_run_powershell_script_from_ads.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_run_powershell_script_from_input_stream.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_run_virtualbox.yml
Remove mitre url
2023-01-10 18:09:04 +01:00
proc_creation_win_rundll32_parent_explorer.yml
Remove Windows 10 volume control false positive
2022-12-21 23:41:39 -08:00
proc_creation_win_rundll32_registered_com_objects.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_rundll32_unc_path.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_rundll32_without_parameters.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_sc_delete_av_services.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sc_query.yml
fix: apply suggestions from code review
2022-11-11 10:03:24 +01:00
proc_creation_win_schtasks_appdata_local_system.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_schtasks_once_0000.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_schtasks_powershell_windowsapps_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_schtasks_reg_loader.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_schtasks_system.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_screenconnect_anomaly.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_screenconnect.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_script_event_consumer_spawn.yml
New Rules + Update
2022-07-14 17:35:50 +01:00
proc_creation_win_sdbinst_shim_persistence.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_sdclt_child_process.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_sdelete.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_sdiagnhost_susp_child.yml
Add more lolbins
2022-10-31 20:57:57 +01:00
proc_creation_win_selectmyparent.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_service_stop.yml
fix: update modified field
2022-12-22 10:31:25 +01:00
proc_creation_win_set_policies_to_unsecure_level.yml
fix: fp and add related fields
2023-01-11 23:39:15 +01:00
proc_creation_win_set_unsecure_powershell_policy.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_shadow_copies_access_symlink.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_shadow_copies_creation.yml
fix: add missing quotes and OriginalFileName field
2022-11-10 17:03:31 +01:00
proc_creation_win_shadow_copies_deletion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_shadowcopy_deletion_via_powershell.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_sharp_chisel_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sharp_impersonation_tool.yml
Create proc_creation_win_SharpImpersonation_tool.yml (#3823)
2022-12-27 12:02:22 +01:00
proc_creation_win_sharp_ldap_monitor.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sharpup.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_shell_spawn_by_java.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_shell_spawn_susp_program.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_silenttrinity_stage_use.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_software_discovery.yml
Fix related
2022-10-09 17:28:05 +02:00
proc_creation_win_soundrec_audio_capture.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_spn_enum.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_sqlcmd_veeam_dump.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_sqlite_chromium_profile_data.yml
fix: update description
2023-01-20 09:51:26 +01:00
proc_creation_win_sqlite_firefox_gecko_profile_data.yml
Update proc_creation_win_sqlite_firefox_gecko_profile_data.yml
2023-01-20 09:57:09 +01:00
proc_creation_win_ssh_port_forward.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_ssh_rdp_tunneling.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sticky_keys_unauthenticated_privileged_cmd_access.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_stickykey_like_backdoor.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_stordiag_execution.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_sus_auditpol_usage.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_3proxy_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_7z.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_7zip_dmp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_16bit_application.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_add_local_admin.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_add_user_remote_desktop.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_adfind_enumeration.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_adfind_usage.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_adidnsdump.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_advancedrun_priv_user.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_advancedrun.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_appx_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_athremotefxvgpudisablementcommand.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_base64_load.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_bcdedit.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_susp_bginfo.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_builtin_commands_recon.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_calc.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_certutil_command.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_certutil_encode.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_char_in_cmd.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_child_process_as_system_.yml
fix: fp found with baseline
2022-12-16 18:50:38 +01:00
proc_creation_win_susp_cipher.yml
fix: merge overlapping detections
2023-01-18 20:18:36 +01:00
proc_creation_win_susp_cli_escape.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_clsid_foldername.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_cmd_http_appdata.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_cmd_shadowcopy_access.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_cmd.yml
fix: FPs found in testing environment
2023-01-24 10:30:43 +01:00
proc_creation_win_susp_codepage_lookup.yml
feat: add missing /r to cmd
2022-11-18 13:45:01 +01:00
proc_creation_win_susp_codepage_switch.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_command_flag_pattern.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_commandline_chars.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_compression_params.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_conhost_option.yml
Update proc_creation_win_susp_conhost_option.yml (#3763)
2022-12-09 21:13:58 +01:00
proc_creation_win_susp_conhost.yml
fix: fix FP found in testing
2022-12-07 11:52:38 +01:00
proc_creation_win_susp_control_cve_2021_40444.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_control_dll_load.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_copy_lateral_movement.yml
fix: apply suggestions from code review
2023-02-02 10:52:04 +01:00
proc_creation_win_susp_copy_system32.yml
feat: more updates
2023-02-02 00:24:35 +01:00
proc_creation_win_susp_covenant.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_crackmapexec_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_crackmapexec_flags.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_crackmapexec_powershell_obfuscation.yml
feat: logic update to multiple rules
2023-01-19 16:37:10 +01:00
proc_creation_win_susp_csc_folder.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_csc.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_cscript_vbs.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_csexec.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_csi.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_curl_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_curl_fileupload.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_curl_start_combo.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_curl_useragent.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_dctask64_proc_inject.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_del.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_desktopimgdownldr.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_devinit_lolbin.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_devtoolslauncher.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_dir.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_direct_asep_reg_keys_modification.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_disable_eventlog.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_disable_ie_features.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_disable_raccine.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_diskshadow.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_ditsnap.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_dllhost_no_cli.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_dnx.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_double_extension.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_download_office_domain.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_dtrace_kernel_dump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_electron_app_children.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_emotet_rundll32_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_esentutl_params.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_eventlog_clear.yml
fix: small metadata fixes
2023-01-18 23:30:40 +01:00
proc_creation_win_susp_execution_path_webserver.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_execution_path.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_explorer_break_proctree.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_explorer_nouaccheck.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_explorer.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_file_characteristics.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_file_download_via_gfxdownloadwrapper.yml
Update FP
2023-01-06 13:28:57 +01:00
proc_creation_win_susp_findstr_385201.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_findstr_lnk.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_finger_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_format.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_fsutil_usage.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_git_clone.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_gpresult.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_guid_task_name.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_gup_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_gup_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_gup.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_hostname.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_iis_module_registration.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_image_missing.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_instalutil.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_invoke_webrequest_download.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_logoff.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_lolbin_non_c_drive.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_lsass_clone.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_machineguid.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_manageengine_pattern.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_microsoft_onenote_child_process.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_susp_missing_spaces.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_mofcomp_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_mounted_share_deletion.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_mpiexec_lolbin.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_msbuild.yml
Add proc_creation_win_susp_msbuild (#3708)
2022-11-18 08:29:50 +01:00
proc_creation_win_susp_mshta_execution.yml
fix: FPs with mshta execution
2022-11-07 15:22:21 +01:00
proc_creation_win_susp_mshta_pattern.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_mshtml_runhtmlapplication.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_msiexec_cwd.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_msiexec_web_install.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_msoffice.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_net_execution.yml
Update Ref+Selection 2
2022-07-11 17:48:40 +01:00
proc_creation_win_susp_net_use_password_plaintext.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_net_use.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_netsh_discovery_command.yml
Rename+Metadata Update
2022-11-04 11:59:11 +01:00
proc_creation_win_susp_netsh_dll_persistence.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_netsh_firewall_disable.yml
Rename+Metadata Update
2022-11-04 11:59:11 +01:00
proc_creation_win_susp_netsupport_rat_exec_location.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_network_command.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_network_listing_connections.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_new_kernel_driver_via_sc.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_new_service_creation.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_ngrok_pua.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_non_exe_image.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_nt_resource_kit_auditpol_usage.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_ntdll_type_redirect.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_ntds.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_ntdsutil_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_ntlmrelay.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_odbcconf.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_susp_office_token_search.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_openwith.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_outlook_temp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_outlook.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_parent_of_conhost.yml
fix: FPs found in testing env (#3743)
2022-12-03 09:35:34 +01:00
proc_creation_win_susp_parents.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_pchunter.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_pcwutl.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_pester_parent.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_pester.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_ping_del.yml
Create proc_creation_win_susp_ping_del.yml (#3671)
2022-11-09 09:42:33 +01:00
proc_creation_win_susp_ping_hex_ip.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_plink_port_forward.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_plink_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powercfg.yml
Add proc_creation_win_susp_powercfg
2022-11-18 11:26:04 +01:00
proc_creation_win_susp_powershell_base64_encoded_cmd.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_download_cradles.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_download_iex.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_empire_launch.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_empire_uac_bypass.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_powershell_encode.yml
feat: updates and enhancements
2023-01-06 16:35:34 +01:00
proc_creation_win_susp_powershell_encoded_cmd_patterns.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_getprocess_lsass.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_hidden_b64_cmd.yml
feat: updates and enhancements
2023-01-06 16:35:34 +01:00
proc_creation_win_susp_powershell_iex_patterns.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_invocation_specific.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_obfuscation_via_utf8.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_parent_process.yml
feat: wmiprvse rule updates and merger
2023-01-19 23:10:06 +01:00
proc_creation_win_susp_powershell_sam_access.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_script_engine_parent_.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_sub_processes.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_powershell_webclient_casing.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_pressynkey_lolbin.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_print.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_procdump_lsass.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_process_hacker.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_progname.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_ps_appdata.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_ps_downloadfile.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_ps_encoded_obfusc.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_psexec_eula.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_psexesvc_as_system.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_psexesvc_renamed.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_psexesvc.yml
Renamed suspicious in rules file names to susp
2022-09-09 15:12:47 +02:00
proc_creation_win_susp_psexex_paexec_escalate_system.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_psexex_paexec_flags.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_psloglist.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_psr_capture_screenshots.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_radmin.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_rar_flags.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_rasdial_activity.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_razorinstaller_explorer.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rcedit_execution.yml
fix: rename files to follow convention
2022-12-20 22:25:49 +01:00
proc_creation_win_susp_rclone_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_recon_network_activity.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_recon.yml
feat: logic update to multiple rules
2023-01-19 16:37:10 +01:00
proc_creation_win_susp_reg_add.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_reg_bitlocker.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_reg_disable_sec_services.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_reg_open_command.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_regedit_trustedinstaller.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_register_cimprovider.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_registration_via_cscript.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_regsvr32_anomalies.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_regsvr32_flags_anomaly.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_regsvr32_http_pattern.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_regsvr32_image.yml
Update rules/windows/process_creation/proc_creation_win_susp_regsvr32_image.yml
2022-11-01 10:31:50 +01:00
proc_creation_win_susp_regsvr32_no_dll.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_regsvr32_remote_share.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_regsvr32_spawn_explorer.yml
Update 3
2022-07-28 01:05:04 +01:00
proc_creation_win_susp_renamed_adfind.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_renamed_createdump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_renamed_dctask64.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_renamed_debugview.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_renamed_paexec.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rpcping.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_run_locations.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_rundll32_activity.yml
chore: update submodule cti
2022-11-22 16:21:25 +01:00
proc_creation_win_susp_rundll32_by_ordinal.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rundll32_inline_vbs.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rundll32_js_runhtmlapplication.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rundll32_keymgr.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rundll32_no_params.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rundll32_script_run.yml
proc_creation_win_susp_rundll32_script_run.yml
2023-02-03 15:25:57 +07:00
proc_creation_win_susp_rundll32_setupapi_installhinfsection.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_rundll32_spawn_explorer.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_rundll32_sys.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_rundll32_user32_dll.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_runonce_execution.yml
fix: remove filter
2022-12-14 11:09:46 +01:00
proc_creation_win_susp_runscripthelper.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_rurat_exec_location.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtask_creation_temp_folder.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtask_creation.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_change.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_delete_all.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_delete.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_disable.yml
feat: new rules and updates
2023-01-17 01:00:44 +01:00
proc_creation_win_susp_schtasks_env_folder.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_folder_combos.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_parent.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_pattern.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_schedule_type_system.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_schedule_type.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_schtasks_user_temp.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_screenconnect_access.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_screensaver_reg.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_script_exec_from_env_folder.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_script_exec_from_temp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_script_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_secedit.yml
Fix invalid field cast or name (#3841)
2022-12-30 11:46:21 +01:00
proc_creation_win_susp_service_dacl_modification_set_service.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_service_dacl_modification.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_service_dir.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_service_modification.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_service_path_modification.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_service_stop.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_servu_exploitation_cve_2021_35211.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_servu_process_pattern.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_sharpview.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_susp_shell_spawn_by_java_keytool.yml
refactor: extended some exploitation rules - sub procs
2023-01-21 08:55:04 +01:00
proc_creation_win_susp_shell_spawn_by_java.yml
refactor: extended some exploitation rules - sub procs
2023-01-21 08:55:04 +01:00
proc_creation_win_susp_shell_spawn_from_mssql.yml
fix: filter and add missing modified
2023-01-21 11:26:13 +01:00
proc_creation_win_susp_shell_spawn_from_winrm.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_shellexec_rundll_usage.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_shimcache_flush.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_shutdown.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_susp_splwow64.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_spoolsv_child_processes.yml
fix: remove net
2023-01-21 11:28:27 +01:00
proc_creation_win_susp_squirrel_lolbin.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_svchost_no_cli.yml
Hidden Linux Binary Execution (#3108)
2022-12-31 08:27:32 +01:00
proc_creation_win_susp_svchost.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_sysprep_appdata.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_system_user_anomaly.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_systeminfo.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_sysvol_access.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_takeown.yml
fix: fix typo in title and add FP comment
2022-11-21 12:27:54 +01:00
proc_creation_win_susp_target_location_shell32.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_taskkill.yml
fix: more fp found in testing and enhance fp metadata
2022-12-13 11:25:23 +01:00
proc_creation_win_susp_tasklist_command.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_taskmgr_localsystem.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_taskmgr_parent.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_trolleyexpress_procdump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_tscon_localsystem.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_tscon_rdp_redirect.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_uac_bypass_trustedpath.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_use_of_csharp_console.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_use_of_sqlps_bin.yml
feat: update detection section
2022-12-09 19:18:09 +01:00
proc_creation_win_susp_use_of_sqltoolsps_bin.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_use_of_te_bin.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_use_of_vsjitdebugger_bin.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_userinit_child.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_vaultcmd.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_vboxdrvinst.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_vbscript_unc2452.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_volsnap_disable.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_vslsagent_agentextensionpath_load.yml
Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml
2022-10-31 08:49:16 +01:00
proc_creation_win_susp_web_sysaidserver.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_webdav_client_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_wermgr.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_where_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_whoami_anomaly.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_whoami_as_param.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_whoami.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_win_server_undocumented_rce.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_winrar_dmp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_winrar_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_winrm_awl_bypass.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_creation_win_susp_winrm_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_susp_winzip.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_wmic_eventconsumer_create.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_wmic_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_wmic_proc_create.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_workfolders.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_susp_wuauclt_cmdline.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_susp_wuauclt.yml
feat: updates and enhancements
2023-01-02 14:49:45 +01:00
proc_creation_win_susp_zip_compress.yml
Fix related
2022-10-09 17:28:05 +02:00
proc_creation_win_susp_zipexec.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_sysinternals_eula_accepted.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_sysinternals_psservice.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sysmon_disable_sharpevtmute.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sysmon_driver_unload.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_sysmon_exploitation.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sysmon_uac_bypass_eventvwr.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_sysnative.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_system_exe_anomaly.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tamper_defender_remove_mppreference.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tap_installer_execution.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_task_folder_evasion.yml
Promotion rules (#3821)
2022-12-27 12:29:10 +01:00
proc_creation_win_taskkill_sep.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_teams_suspicious_command_line_cred_access.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_termserv_proc_spawn.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tool_nircmd_as_system.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tool_nircmd.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tool_nsudo_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tool_psexec.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_tool_runx_as_system.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tools_relay_attacks.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tools_uac_bypass_computerdefaults.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_tor_browser.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_trufflesnout.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_trust_discovery.yml
Fix related
2022-10-09 17:28:05 +02:00
proc_creation_win_turn_on_dev_features.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_changepk_slui.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_cleanmgr.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_cmstp.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_uac_bypass_consent_comctl32.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_dismhost.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_eventvwr.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_fodhelper.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_uac_bypass_hijacking_firwall_snap_in.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_uac_bypass_icmluautil.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_idiagnostic_profile.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_ieinstal.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_msconfig_gui.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_ntfs_reparse_point.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_pkgmgr_dism.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_winsat.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_wmp.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_wsreset_integrity_level.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_uac_bypass_wsreset.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ultraviewer.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_ultravnc.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_uninstall_crowdstrike_falcon.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_uninstall_sysmon.yml
change status to test
2023-01-27 06:48:34 +01:00
proc_creation_win_unusual_child_process_of_dns_exe.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_unusual_parent_for_cmd.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_user_discovery_get_aduser.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_using_sc_to_change_sevice_image_path_by_non_admin.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_using_sc_to_hide_sevices.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_using_set_service_to_hide_services.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_verclsid_runs_com.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_vmtoolsd_susp_child_process.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_vscode_child_processes_anomalies.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_vul_java_remote_debugging.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_w32tm.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wab_execution_from_non_default_location.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wab_unusual_parents.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_weak_or_abused_passwords.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_web_request_cmd_and_cmdlets.yml
feat: updates and enhancements
2023-01-11 01:03:52 +01:00
proc_creation_win_webbrowserpassview.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_webshell_chopper.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_webshell_detection.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_webshell_hacking.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_webshell_recon_detection.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_webshell_spawn.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wevtutil_recon.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_whoami_as_priv_user.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_whoami_as_system.yml
proc_creation_win_whoami_priv.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_windows_terminal_susp_children.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_winpeas_tool.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wmi_backdoor_exchange_transport_agent.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wmi_persistence_script_event_consumer.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wmic_computersystem_recon.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wmic_execution_via_office_process.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_wmic_group_recon.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wmic_hotfix_enum.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wmic_reconnaissance.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
proc_creation_win_wmic_remote_command.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wmic_remote_service.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wmic_remove_application.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wmic_security_product_uninstall.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wmic_service.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wmic_susp_execution_via_office_process.yml
feat: multiple updates and enhancements
2023-01-30 20:02:45 +01:00
proc_creation_win_wmic_tamper_defender.yml
feat: filename test enhancements (#3812)
2022-12-23 09:25:16 +01:00
proc_creation_win_wmic_unquoted_service_search.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wmiprvse_spawning_process.yml
feat: wmiprvse rule updates and merger
2023-01-19 23:10:06 +01:00
proc_creation_win_wmiprvse_spawns_powershell.yml
feat: wmiprvse rule updates and merger
2023-01-19 23:10:06 +01:00
proc_creation_win_wmiprvse_susp_child_processes.yml
feat: wmiprvse rule updates and merger
2023-01-19 23:10:06 +01:00
proc_creation_win_workflow_compiler.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wpbbin_persistence.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_write_protect_for_storage_disabled.yml
order yaml
2022-10-28 15:06:36 +02:00
proc_creation_win_wscript_shell_cli.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wsl_child_processes_anomalies.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wsudo_susp_execution.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wusa_susp_cab_extraction.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_wusa_susp_cap_extraction_from_susp_paths.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_x509enrollment.yml
Add more ref
2022-12-23 13:22:50 +01:00
proc_creation_win_xordump.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_creation_win_xsl_script_processing.yml
order yaml
2022-10-28 15:06:36 +02:00