blue-team-tools/rules/windows at ced1aa3dc05bc6dca3ebac9db94a4f5ea2f06e54 - blue-team-tools - GreySec Git

security-tools/blue-team-tools

Files

T

History

$frack113$ frack113 ffbeec134d Update image_load_wmiprvse_wbemcomn_dll_hijack.yml

2021-09-09 19:56:20 +02:00

..

Merge pull request #2001 from SigmaHQ/rule-devel

2021-09-08 09:09:58 +02:00

create_remote_thread

…

create_stream_hash

…

…

Split global sysmon rules

2021-09-09 16:11:41 +02:00

…

…

Split global sysmon rules

2021-09-09 16:11:41 +02:00

Update image_load_wmiprvse_wbemcomn_dll_hijack.yml

2021-09-09 19:56:20 +02:00

Update global ID

2021-09-02 21:16:55 +02:00

network_connection

update global id

2021-09-02 21:03:25 +02:00

Merge pull request #1979 from frack113/test_global

2021-09-06 08:44:14 +02:00

Various fixes

2021-09-07 23:38:07 +02:00

Merge pull request #2000 from frack113/split_global

2021-09-08 06:26:35 +02:00

Various fixes

2021-09-07 23:38:07 +02:00

process_creation

Split global sysmon rules

2021-09-09 16:11:41 +02:00

raw_access_thread

…

Split global sysmon rules

2021-09-09 16:11:41 +02:00

Split global sysmon rules

2021-09-09 16:11:41 +02:00

fix: tags for WMI / execution / persistence

2021-09-01 16:34:50 +02:00