blue-team-tools

Files

T

Omer Yampel d3bd73aefb Create sysmon_sdclt_uac_bypass.yml

UAC Bypass from https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/. Sorry in advance for not being 100% about the sysmon event ids / fields

2017-03-17 14:31:26 -04:00

apt

Stonedrill rule enhancement

2017-03-07 10:22:14 +01:00

linux

Improved Linux Shell Activity Rule

2017-03-15 09:07:59 +01:00

network

Removed 'last' keyword from 'timeframe' fields

2017-02-28 17:52:40 +01:00

proxy

Rule: Suspicious executable downloads

2017-03-13 16:11:43 +01:00

web

Bugfix: Added time frame to correlation rule

2017-03-12 17:11:29 +01:00

windows

Create sysmon_sdclt_uac_bypass.yml

2017-03-17 14:31:26 -04:00