security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ff9cd8d20ffa6f653fa56ccd6c6b655c88506e0
blue-team-tools/rules/windows/create_remote_thread
T
History
Fukusuke Takahashi 8ff9cd8d20 Merge PR #4958 from @fukusuket - Update unreachable/broken references 
chore: Credential Dumping Tools Accessing LSASS Memory
chore: Potential MFA Bypass Using Legacy Client Authentication
chore: Possible DC Shadow Attack
chore: Potential Privileged System Service Operation - SeLoadDriverPrivilege
chore: Remote Thread Creation In Uncommon Target Image
chore: RDP File Creation From Suspicious Application
chore: Suspicious PROCEXP152.sys File Created In TMP
chore: Outbound Network Connection Initiated By Microsoft Dialer
chore: NTFS Alternate Data Stream
chore: PowerShell Get-Process LSASS in ScriptBlock
chore: Windows Firewall Profile Disabled
chore: Potentially Suspicious GrantedAccess Flags On LSASS
chore: HackTool - PCHunter Execution
chore: Mstsc.EXE Execution With Local RDP File
chore: Suspicious Mstsc.EXE Execution With Local RDP File
chore: Mstsc.EXE Execution From Uncommon Parent
chore: PowerShell Get-Process LSASS
chore: LSASS Access From Program In Potentially Suspicious Folder
chore: Uncommon GrantedAccess Flags On LSASS 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
Thanks: @fukusuket
2024-08-10 01:23:58 +02:00
..
create_remote_thread_win_hktl_cactustorch.yml
feat: more updates
2023-05-05 17:52:47 +02:00
create_remote_thread_win_hktl_cobaltstrike.yml
feat: more updates
2023-05-05 17:52:47 +02:00
create_remote_thread_win_keepass.yml
Merge PR #4745 from @nasbench - Promote older rules status from experimental to test
2024-03-01 15:38:35 +01:00
create_remote_thread_win_mstsc_susp_location.yml
Merge PR #4684 from @phantinuss - Multiple FP fixes & rule updates
2024-01-23 12:15:04 +01:00
create_remote_thread_win_powershell_lsass.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
create_remote_thread_win_powershell_susp_targets.yml
Merge PR #4684 from @phantinuss - Multiple FP fixes & rule updates
2024-01-23 12:15:04 +01:00
create_remote_thread_win_susp_password_dumper_lsass.yml
Merge PR #4684 from @phantinuss - Multiple FP fixes & rule updates
2024-01-23 12:15:04 +01:00
create_remote_thread_win_susp_relevant_source_image.yml
Merge PR #4878 from @prashanthpulisetti - Update "Create Remote Thread" based rules
2024-07-15 15:26:33 +02:00
create_remote_thread_win_susp_target_shell_application.yml
Merge PR #4933 from @fornotes - Add Remote Thread Created In Shell Application
2024-07-29 22:48:11 +02:00
create_remote_thread_win_susp_uncommon_source_image.yml
Merge PR #4878 from @prashanthpulisetti - Update "Create Remote Thread" based rules
2024-07-15 15:26:33 +02:00
create_remote_thread_win_susp_uncommon_target_image.yml
Merge PR #4958 from @fukusuket - Update unreachable/broken references
2024-08-10 01:23:58 +02:00
create_remote_thread_win_ttdinjec.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00