security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79bce2c04e951be388041f9fd7ebbfd009691a69
blue-team-tools/rules/windows/process_access
T
History
phantinuss 79bce2c04e Merge PR #4484 From @phantinuss - Fix FP Found In Testing 
fix: Direct Syscall of NtOpenProcess - falsepositives meta data
fix: Potential Shellcode Injection - remove System.ni.dll as there are multiple FPs with ntdll.dll
fix: Suspicious Shim Database Installation via Sdbinst.EXE - FP with another sdbinst execution by svchost
2023-10-17 17:01:34 +02:00
..
proc_access_win_cmstp_execution_by_access.yml
Order yaml field
2022-10-26 09:42:26 +02:00
proc_access_win_cobaltstrike_bof_injection_pattern.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_access_win_cred_dump_lsass_access.yml
fix:F multiple 404 links in references (#4332)
2023-06-26 10:10:04 +01:00
proc_access_win_direct_syscall_ntopenprocess.yml
Merge PR #4484 From @phantinuss - Fix FP Found In Testing
2023-10-17 17:01:34 +02:00
proc_access_win_hack_sysmonente.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
proc_access_win_handlekatz_lsass_access.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
proc_access_win_invoke_patchingapi.yml
fix: fp found in testing
2023-01-25 16:54:11 +01:00
proc_access_win_invoke_phantom.yml
chore: fix typo of lowercase Windows in description
2023-06-21 09:52:43 +02:00
proc_access_win_lazagne_cred_dump_lsass_access.yml
Order yaml field
2022-10-26 09:42:26 +02:00
proc_access_win_littlecorporal_generated_maldoc.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
proc_access_win_load_undocumented_autoelevated_com_interface.yml
Order yaml field
2022-10-26 09:42:26 +02:00
proc_access_win_lsass_dump_comsvcs_dll.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_access_win_lsass_memdump_evasion.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_access_win_lsass_memdump_indicators.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_access_win_lsass_memdump.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
proc_access_win_lsass_werfault.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_access_win_malware_verclsid_shellcode.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_access_win_mimikatz_trough_winrm.yml
Order yaml field
2022-10-26 09:42:26 +02:00
proc_access_win_pypykatz_cred_dump_lsass_access.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_access_win_rare_proc_access_lsass.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
proc_access_win_shellcode_inject_msf_empire.yml
Merge PR #4484 From @phantinuss - Fix FP Found In Testing
2023-10-17 17:01:34 +02:00
proc_access_win_susp_proc_access_lsass_susp_source.yml
fix:F multiple 404 links in references (#4332)
2023-06-26 10:10:04 +01:00
proc_access_win_susp_proc_access_lsass.yml
fix:F multiple 404 links in references (#4332)
2023-06-26 10:10:04 +01:00
proc_access_win_susp_seclogon.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
proc_access_win_svchost_cred_dump.yml
old experimental rule promotion
2022-10-09 16:54:04 +02:00
proc_access_win_uac_bypass_wow64_logger.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
proc_access_win_winapi_in_powershell_credentials_dumping.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00