blue-team-tools

Files

T

Florian Roth 5cf7078fb3 Merge pull request #1484 from ZikyHD/filter_sysmon_in_memory_assembly_execution

Add filter on sdiagnhost.exe in Suspicious In-Memory Module Execution…

2021-05-27 12:55:31 +02:00

sysmon_cmstp_execution.yml

Merge branch 'oscd'

2021-03-02 22:58:41 +03:00

sysmon_cred_dump_lsass_access.yml

2021-05-16 14:10:33 +02:00

sysmon_in_memory_assembly_execution.yml

2021-05-16 16:03:33 +02:00

sysmon_invoke_phantom.yml

2020-11-20 01:30:58 -03:00

sysmon_lazagne_cred_dump_lsass_access.yml

2020-11-20 01:33:04 -03:00

Fixes and improvements

2021-04-03 00:08:55 +02:00

sysmon_lsass_dump_comsvcs_dll.yml

Fix falsepositives list

2021-05-21 12:38:44 +02:00

sysmon_lsass_memdump.yml

2020-10-15 17:17:57 -03:00

sysmon_malware_verclsid_shellcode.yml

2020-11-20 01:34:43 -03:00

sysmon_mimikatz_trough_winrm.yml

2020-08-25 23:51:22 +00:00

win_susp_shell_spawn_from_winrm.yml

2021-05-22 15:28:50 +02:00