Jonhnathan
|
05e0dd1ae6
|
Update zeek_susp_kerberos_rc4.yml
|
2020-10-15 23:15:23 -03:00 |
|
Jonhnathan
|
f04394467b
|
Update zeek_smb_converted_win_susp_raccess_sensitive_fext.yml
|
2020-10-15 23:14:34 -03:00 |
|
Jonhnathan
|
de29d778a5
|
Update zeek_smb_converted_win_susp_psexec.yml
|
2020-10-15 23:14:15 -03:00 |
|
Jonhnathan
|
3e600dab82
|
Update zeek_smb_converted_win_impacket_secretdump.yml
|
2020-10-15 23:13:47 -03:00 |
|
Jonhnathan
|
50abab7f11
|
Update zeek_http_executable_download_from_webdav.yml
|
2020-10-15 23:13:20 -03:00 |
|
Jonhnathan
|
aeb3218dfb
|
Update net_susp_dns_txt_exec_strings.yml
|
2020-10-15 23:11:16 -03:00 |
|
Jonhnathan
|
4b8a47e35f
|
Update net_susp_dns_b64_queries.yml
|
2020-10-15 23:10:57 -03:00 |
|
Jonhnathan
|
28cfda7676
|
Update net_mal_dns_cobaltstrike.yml
|
2020-10-15 23:10:42 -03:00 |
|
Jonhnathan
|
3361b62cc2
|
Update lnx_auditd_susp_exe_folders.yml
|
2020-10-15 23:09:06 -03:00 |
|
Jonhnathan
|
d655ebf092
|
Update lnx_auditd_masquerading_crond.yml
|
2020-10-15 23:08:08 -03:00 |
|
Jonhnathan
|
e26e5a1e7e
|
Update lnx_auditd_create_account.yml
|
2020-10-15 23:07:39 -03:00 |
|
Jonhnathan
|
8fd768aa66
|
Update lnx_susp_ssh.yml
|
2020-10-15 23:05:53 -03:00 |
|
Jonhnathan
|
d4284e60f9
|
Update lnx_susp_named.yml
|
2020-10-15 23:04:16 -03:00 |
|
Jonhnathan
|
83bad3de98
|
Update lnx_sudo_cve_2019_14287.yml
|
2020-10-15 23:03:40 -03:00 |
|
Jonhnathan
|
0ca17e88f6
|
Update lnx_setgid_setuid.yml
|
2020-10-15 22:55:41 -03:00 |
|
Jonhnathan
|
68ad66f390
|
Update lnx_proxy_connection.yml
|
2020-10-15 22:54:27 -03:00 |
|
Jonhnathan
|
41396636f9
|
Update lnx_file_copy.yml
|
2020-10-15 22:53:20 -03:00 |
|
Jonhnathan
|
6185640442
|
Update lnx_clamav.yml
|
2020-10-15 22:49:42 -03:00 |
|
Jonhnathan
|
1979906bae
|
Revert "Create win_susp_replace_lolbin.yml"
This reverts commit e6a6549676 .
|
2020-10-15 22:45:33 -03:00 |
|
Jonhnathan
|
b0ddaf5ac9
|
Revert "Changed the rule to download only and not the copy"
This reverts commit 1324bc1ad1 .
|
2020-10-15 22:45:30 -03:00 |
|
Jonhnathan
|
1324bc1ad1
|
Changed the rule to download only and not the copy
|
2020-10-07 16:18:21 -03:00 |
|
Jonhnathan
|
e6a6549676
|
Create win_susp_replace_lolbin.yml
Item 77 of #1014
|
2020-10-07 10:37:15 -03:00 |
|
Florian Roth
|
c56cd2dfff
|
Merge pull request #1024 from omkar72/master
Com hijack shell folder
|
2020-10-02 09:24:16 +02:00 |
|
omkargudhate22
|
4487d9cc7e
|
added event type & changed technique
|
2020-10-02 09:22:14 +05:30 |
|
Florian Roth
|
d3ee1aba66
|
docs: MITRE ATT&CK(R) trademark references removed or adjusted
https://github.com/Neo23x0/sigma/issues/1028
|
2020-09-30 08:53:52 +02:00 |
|
Florian Roth
|
c17ca6d5fe
|
Merge pull request #1018 from savvyspoon/wcry-dns
WannaCry Killswitch domain DNS query
|
2020-09-29 09:27:21 +02:00 |
|
omkargudhate22
|
68a992d903
|
updated name
|
2020-09-27 21:57:19 +05:30 |
|
omkargudhate22
|
e7c8197e34
|
Updated fields & renamed
|
2020-09-27 21:52:59 +05:30 |
|
omkargudhate22
|
ebe3dce1d7
|
Update sysmon_comhijack_uac_bypass.yml
|
2020-09-27 21:44:41 +05:30 |
|
omkar72
|
3f148e6c7c
|
COM hijack of shell folder to execute arbitrary application & UAC bypass using sdclt.
|
2020-09-27 21:19:04 +05:30 |
|
omkargudhate22
|
15c8721e7b
|
Merge pull request #1 from Neo23x0/master
Updating my fork
|
2020-09-27 19:12:36 +05:30 |
|
Florian Roth
|
d7d9c0e772
|
Merge pull request #1021 from hieuttmmo/master
Sigma rule to detect AdFind.exe execution
|
2020-09-27 09:50:41 +02:00 |
|
Florian Roth
|
8020fe3c40
|
false positive condition
|
2020-09-26 17:03:29 +02:00 |
|
Florian Roth
|
60795f7050
|
Update win_susp_adfind.yml
Fear that a simple adfind.exe causes too many false positives
|
2020-09-26 17:02:39 +02:00 |
|
Florian Roth
|
dbdd758365
|
Duplicate Rule
we already have a rule for that
|
2020-09-26 17:01:32 +02:00 |
|
Tran Trung Hieu
|
d4dd0600ad
|
Fix logsource service to process_creation
|
2020-09-26 21:45:23 +07:00 |
|
Tran Trung Hieu
|
c756fc8576
|
Detect Suspicious AdFind Execution
|
2020-09-26 21:34:06 +07:00 |
|
Mike Wade
|
f76f80db80
|
Killswitch domain
|
2020-09-16 20:32:31 -06:00 |
|
Mike Wade
|
7b1ef9ea64
|
fixing test runner issues
|
2020-09-15 15:45:33 -06:00 |
|
Mike Wade
|
6ed36b0e41
|
fixed issues with tabs and duplicate tags
|
2020-09-15 08:52:00 -06:00 |
|
Florian Roth
|
2cd9b794e6
|
Merge pull request #1007 from d4rk-d4nph3/master
Windows Defender AMSI Trigger Detected
|
2020-09-15 15:45:00 +02:00 |
|
Florian Roth
|
19ccfb80da
|
Merge pull request #1016 from NVISO-BE/win_vul_cve_2020_1472
Added win_vul_cve_2020_1472 rule
|
2020-09-15 15:43:53 +02:00 |
|
Remco Hofman
|
6cadfa5b2b
|
Added win_vul_cve_2020_1472 rule
|
2020-09-15 15:13:53 +02:00 |
|
Mike Wade
|
1ddba05eb2
|
Second round
|
2020-09-15 07:02:30 -06:00 |
|
Mike Wade
|
da9b32bdd6
|
we
|
2020-09-15 06:24:44 -06:00 |
|
Mike Wade
|
8ce73bd8df
|
Fixed issues with tags and missing files
|
2020-09-15 06:10:57 -06:00 |
|
Thomas Patzke
|
b0ccf44243
|
Added test
|
2020-09-15 12:42:37 +02:00 |
|
Thomas Patzke
|
378d9c94cf
|
Merge branch 'master' of https://github.com/socprime/sigma into pr-981
|
2020-09-15 12:14:49 +02:00 |
|
Thomas Patzke
|
64961c6d42
|
Added test
|
2020-09-15 09:06:02 +02:00 |
|
Thomas Patzke
|
28426f9b7f
|
Merge branch 'Netwitness-EPL' of https://github.com/snake-jump/sigma into pr-1001
|
2020-09-15 08:29:03 +02:00 |
|