blue-team-tools

Files

T

Djordje Lukic b7c084a413 Merge PR #5654 from @djlukic - add hexnode fp filter

fix: Uncommon PowerShell Hosts - filter hexnode
fix: Suspicious Non PowerShell WSMAN COM Provider - filter hexnode
fix: Allow Service Access Using Security Descriptor Tampering Via Sc.EXE - filter hexnode
fix: Registry Persistence via Service in Safe Mode - filter hexnode
fix: Potential PowerShell Obfuscation Using Alias Cmdlets - filter legitimate cim aliases
---------

Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com>

2025-10-23 08:58:09 +05:45

posh_pc_abuse_nslookup_with_dns_records.yml

Merge PR #5211 from @HannesWid - Update Nslookup PowerShell Download Cradle

2025-03-05 00:17:38 +01:00

posh_pc_delete_volume_shadow_copies.yml

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

posh_pc_downgrade_attack.yml

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12 12:02:50 +02:00

posh_pc_exe_calling_ps.yml

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes