security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7a753862cc0af9614fd9c483ecf5a8f37daba08
blue-team-tools/rules/windows
T
History
4A616D6573 a7a753862c Update win_susp_net_execution.yml 
Added:

1. Additional tags for techniques as defined by Atomic Blue.
2. Detection for OriginalFileName as net.exe can easily be renamed.

Part of oscd.community effort.
2019-10-25 12:06:32 +11:00
..
builtin
rule: mimikatz use extended
2019-10-11 18:50:33 +02:00
malware
rules: AV rules updated to reflect 1.7.2 auf AV cheat sheet
2019-10-04 16:17:34 +02:00
other
Converted to use the new process_creation data source
2019-03-09 20:57:59 +03:00
powershell
powershell false positives
2019-09-06 03:54:19 -04:00
process_creation
Update win_susp_net_execution.yml
2019-10-25 12:06:32 +11:00
sysmon
fix: relevant fields in lsass dll load rule
2019-10-16 19:09:20 +02:00