security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a371cf1057d6a6f378dc6cdba1ff072f75c0ee93
blue-team-tools/rules/windows
T
History
Tim Burrell (MSTIC) c24bbdcf81 Sigma queries for 
-- terminating threads in a svchost process (InvokePhantom uses this technique to disable windows event logging)
-- GALLIUM threat intel IOCs in recent MSTIC blog/release.
2020-01-24 15:31:06 +01:00
..
builtin
Merge pull request #537 from webhead404/webhead404-contrib-sigma
2019-12-13 21:50:01 +01:00
malware
Add scriptlets
2019-11-14 22:26:22 +01:00
other
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
powershell
Add the ability to detect PowerUp - Invoke-AllChecks
2020-01-24 15:31:06 +01:00
process_creation
Update win_system_exe_anomaly.yml
2020-01-24 15:31:06 +01:00
sysmon
Sigma queries for
2020-01-24 15:31:06 +01:00