blue-team-tools/rules/windows/powershell/powershell_classic at 89e28d65d2ee34efac05da53128fe2d596550e9a - blue-team-tools - GreySec Git

security-tools/blue-team-tools

Files

T

History

$frack113$ frack113 cf7a348028 Fix related

2022-10-09 17:28:05 +02:00

..

posh_pc_alternate_powershell_hosts.yml

Update Wildcard + Int to Str fields

2022-10-05 23:15:20 +02:00

posh_pc_delete_volume_shadow_copies.yml

Update Ref+Selection

2022-07-11 14:11:53 +01:00

posh_pc_downgrade_attack.yml

fix: remove penetration test as valid false positive reason

2022-03-16 14:33:18 +01:00

posh_pc_exe_calling_ps.yml

fix: remove penetration test as valid false positive reason

2022-03-16 14:33:18 +01:00

posh_pc_powercat.yml

Update Ref+Selection

2022-07-11 14:11:53 +01:00

posh_pc_remote_powershell_session.yml

fix: FPs

2022-06-20 12:52:23 +02:00

posh_pc_renamed_powershell.yml

fix: unknown --> Unknown

2022-03-16 13:43:54 +01:00

posh_pc_susp_athremotefxvgpudisablementcommand.yml

Fix related

2022-10-09 17:28:05 +02:00

posh_pc_susp_download.yml

Renamed suspicious in filenames to susp

2022-05-19 09:37:04 +02:00

posh_pc_susp_get_nettcpconnection.yml

Update Ref+Selection

2022-07-11 14:11:53 +01:00

posh_pc_susp_zip_compress.yml

Fix related

2022-10-09 17:28:05 +02:00

posh_pc_tamper_with_windows_defender.yml

Update PowerShell + other rules

2022-08-05 17:10:41 +01:00

posh_pc_wsman_com_provider_no_powershell.yml

old experimental rule promotion

2022-10-09 16:54:04 +02:00

posh_pc_xor_commandline.yml

Add missing definition fields and references

2022-07-07 19:13:01 +01:00