security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb8a0636c524d1a4f933950dfe4b5bbd4e11fb01
blue-team-tools/rules
T
History
megan201296 eb8a0636c5 Update win_mal_ursnif.yml 
After @thomaspatzke changed to HKU, I did some reading. HKU is for HKEY_User, not HKEY_Current_User (what this threat is tied to. However, he was correct that HKCU does not exist as a prefix for sysmon (see the notes section under event id 13 here: https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml). Changed to ignore the key name, confirmed that the key is still uniique.
2019-04-14 11:51:13 -05:00
..
application
Fixes for Elasticsearch query correctness CI tests
2018-04-09 22:33:29 +02:00
apt
adjusted link
2019-04-03 16:40:18 +02:00
linux
Merge pull request #287 from P4T12ICK/feature/lnx-clear-cmd-history-signature
2019-04-03 19:45:06 +02:00
network
revert to upstream
2018-11-15 08:45:25 +03:00
proxy
Rule: renamed bitsadmin rule
2019-03-08 16:25:16 +01:00
web
Rule: Apache threading errors
2019-01-22 08:49:10 +01:00
windows
Update win_mal_ursnif.yml
2019-04-14 11:51:13 -05:00