4A616D6573 fdbdca003b Create win_powershell_web_request.yml ...

Broader rule for detecting web requests via various methods using Windows PowerShell, slightly crosses over the below rules but caters for different methods:

https://github.com/Neo23x0/sigma/blob/99b15edf8add183543ca5738ec93f87416c34bd9/rules/windows/process_creation/win_powershell_download.yml
https://github.com/Neo23x0/sigma/blob/0fa914139ca85966b49f0a8eda40a3f26608e86b/rules/windows/powershell/powershell_suspicious_download.yml

2019-10-24 11:57:37 +11:00

..

powershell_downgrade_attack.yml

Tagged windows powershell, other and malware rules.

2018-07-24 10:56:41 +02:00

powershell_exe_calling_ps.yml

Tagged windows powershell, other and malware rules.

2018-07-24 10:56:41 +02:00

powershell_malicious_commandlets.yml

powershell false positives

2019-09-06 03:54:19 -04:00

powershell_malicious_keywords.yml

fixed typos

2019-06-29 15:35:59 +03:00

powershell_ntfs_ads_access.yml

Merge branch 'master' of https://github.com/SherifEldeeb/sigma into SherifEldeeb-master

2018-12-04 23:35:23 +01:00

powershell_prompt_credentials.yml

Replace "logsource: description" with "definition" to match the specs

2018-11-15 09:00:06 +03:00

powershell_psattack.yml

fixed typos

2019-06-29 15:35:59 +03:00

powershell_shellcode_b64.yml

Added missing tags and some minor improvements

2019-03-05 23:25:49 +01:00

powershell_suspicious_download.yml

Tagged windows powershell, other and malware rules.

2018-07-24 10:56:41 +02:00

powershell_suspicious_invocation_generic.yml

Tagged windows powershell, other and malware rules.

2018-07-24 10:56:41 +02:00

powershell_suspicious_invocation_specific.yml

Tagged windows powershell, other and malware rules.

2018-07-24 10:56:41 +02:00

powershell_suspicious_keywords.yml

fixed typos

2019-06-29 15:35:59 +03:00

win_powershell_web_request.yml

Create win_powershell_web_request.yml

2019-10-24 11:57:37 +11:00