zaicurity 76224b0fb2 Added alternative nltest command parameter ...

Same as recent change to "Recon Activity with NLTEST" (see commit a2418e4d2c)
Added the command parameter '/trusted_domains' for nltest which can be used as an alternative to '/domain_trusts' to bypass detection. 
Tested on Windows 10.0.19042
Reference: https://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/

2021-09-30 18:12:19 +02:00

..

builtin

Merge pull request #2094 from frack113/backend_sysmon

2021-09-28 16:22:58 +02:00

create_remote_thread

fix condition operator case

2021-09-10 13:51:52 +02:00

create_stream_hash

Merging upstream updates

2021-07-01 12:18:30 +05:45

deprecated

Clean SyncAppvPublishingServer rules

2021-09-12 07:46:35 +02:00

dns_query

split global sysmon_regsvr32_network_activity.yml

2021-09-21 10:33:47 +02:00

driver_load

fix field name and date

2021-09-21 19:41:46 +02:00

file_delete

Update sysmon_delete_prefetch.yml

2021-09-29 10:58:00 +02:00

file_event

Merge pull request #1926 from pbssubhash/master

2021-09-23 14:08:15 +02:00

image_load

docs: changed description

2021-09-27 23:12:18 +02:00

malware

fix related

2021-09-11 14:22:01 +02:00

network_connection

fix tests.py error

2021-09-21 10:52:37 +02:00

other

renamed files: lowercase

2021-09-27 22:33:30 +02:00

pipe_created

split global win_tool_psexec.yml

2021-09-21 10:10:48 +02:00

powershell

Merge pull request #2109 from Karneades/patch-1

2021-09-30 17:45:03 +02:00

process_access

Various fixes

2021-09-07 23:38:07 +02:00

process_creation

Added alternative nltest command parameter

2021-09-30 18:12:19 +02:00

raw_access_thread

Fix selection with only 1 element

2021-08-14 09:54:27 +02:00

registry_event

convert re to endswith

2021-09-24 15:39:56 +02:00

sysmon

fix filename

2021-09-22 16:27:05 +02:00

wmi_event

fix: tags for WMI / execution / persistence

2021-09-01 16:34:50 +02:00