valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,511 Commits 20 Branches 25 Tags 21 MiB
062198550d
Commit Graph

4717 Commits

Author SHA1 Message Date
Florian Roth
062198550d
Merge pull request #1620 from leegengyu/patch-2 
Update win_susp_sdelete.yml - Outdated Link and Typo
 2021-07-04 14:19:31 +02:00
G Y
a60a2feb17
Update sysmon_susp_pfx_file_creation.yml 
Fixed typo.
 2021-07-04 10:38:53 +08:00
G Y
268c97f23a
Update win_susp_sdelete.yml 
Update old links and typo.
 2021-07-04 09:53:23 +08:00
Florian Roth
a02b7a2390
Merge pull request #1617 from SigmaHQ/rule-devel 
rule: REvil Kaseya patterns
 2021-07-03 17:32:18 +02:00
Florian Roth
d188932748
Merge pull request #1616 from frack113/update_win_renamed_powershell.yml 
Tune detection in win_renamed_powershell.yml
 2021-07-03 17:04:52 +02:00
Florian Roth
48621d68ff
Merge pull request #1613 from leegengyu/powershell_powerview_malicious_commandlets_additions 
Update powershell_powerview_malicious_commandlets.yml - Addition and Miscellaneous
 2021-07-03 17:04:29 +02:00
Florian Roth
1d82ac50e4 refactor: additional pattern, extended description 2021-07-03 17:03:40 +02:00
Florian Roth
57b816f49d rule: REvil Kaseya patterns 2021-07-03 16:34:02 +02:00
frack113
02100f1a3c Tune detection in win_renamed_powershell.yml 2021-07-03 15:18:01 +02:00
Florian Roth
e7144b34ee
fix: bug in syntax 2021-07-03 13:19:56 +02:00
Florian Roth
2d0cdc16fc
added modified date 2021-07-03 13:19:14 +02:00
Florian Roth
e41759cfb3
Merge pull request #1607 from austinsonger/printernightmare 
PrinterNightmare CVE-2021-34527 Exploit Detection- Fixed Spell Error
 2021-07-03 13:16:52 +02:00
Florian Roth
2a63927d51
Merge pull request #1612 from leegengyu/web_nginx_core_dump_typo 
Update web_nginx_core_dump.yml - Typo
 2021-07-03 13:15:50 +02:00
G Y
2e3daeac94
Update sysmon_remote_powershell_session_network.yml 
Typo fixes and grammar correction.
 2021-07-03 14:25:55 +08:00
G Y
7f067f7273
Update powershell_powerview_malicious_commandlets.yml 
Added new commandlet names based on aliases seen in https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1, fixed a typo, and improved formatting.
 2021-07-03 11:07:11 +08:00
G Y
544ec5861b
Update web_nginx_core_dump.yml 
Fixed typo in description field.
 2021-07-03 10:39:37 +08:00
Florian Roth
e25a9cd3b8 fix: escape character that would be interpreted as wildcard 2021-07-02 23:50:18 +02:00
Florian Roth
43735a5714 revert: change in other rule 2021-07-02 23:50:03 +02:00
Florian Roth
8b47946ad2 Merge branch 'master' into rule-devel 2021-07-02 23:47:58 +02:00
Florian Roth
d3d018e600 fix: escape character that would be interpreted as wildcard 2021-07-02 22:02:46 +02:00
Florian Roth
dcda583810
Merge pull request #1606 from initiate6/master 
Added new Print Spooler exploitation detection method
 2021-07-02 19:17:47 +02:00
Florian Roth
e5f2b40477
Minor adjustments 2021-07-02 18:48:07 +02:00
Austin Songer
a69bbf59e6
Fixed Spell Error 2021-07-02 11:47:20 -05:00
INIT_6
defcf7f808 Added new Print Spooler exploitation detection method 2021-07-02 10:58:14 -05:00
Florian Roth
0cdf0a79a8
Merge pull request #1605 from initiate6/master 
Added new possible ErrorCode
 2021-07-02 17:57:26 +02:00
Florian Roth
6d0d58dfe2
Merge pull request #1602 from BlackB0lt/patch-11 
Update and rename to av_printernightmare_cve_2021_34527.yml
 2021-07-02 17:15:10 +02:00
INIT_6
527a3cb8cd Added new possible ErrorCode 2021-07-02 07:27:00 -05:00
frack113
895a2f6154 fix 3 times the same name file 2021-07-02 11:01:07 +02:00
Sittikorn S
d33da0b25c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 14:42:04 +07:00
Florian Roth
203e6cf7b2
Merge pull request #1599 from d4rk-d4nph3/master 
New rule and update for PrintNightmare
 2021-07-02 09:27:30 +02:00
Sittikorn S
990699b81c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 11:54:37 +07:00
Sittikorn S
e94cdbbf84
Update and rename av_printernightmare_cve_2021_1675.yml to av_printernightmare_cve_2021_34527.yml 
Assign CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
 2021-07-02 11:50:24 +07:00
wagga40
ae670603e8 Updated PrintNightmare Sysmon Imageload based rule with modifiers 2021-07-01 21:34:53 +02:00
Florian Roth
b09efee045
Merge pull request #1600 from SigmaHQ/rule-devel 
rule: suspicious printer driver - empty manufacturer
 2021-07-01 16:46:09 +02:00
Florian Roth
e97bdf36f9 rule: suspicious printer driver - empty manufacturer 2021-07-01 13:55:21 +02:00
Bhabesh Rai
08a7886621 Added rule for deletion of DLLs by PrintNightmare 2021-07-01 16:33:55 +05:45
Bhabesh Rai
37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Florian Roth
7584471e2a
Merge pull request #1598 from SigmaHQ/rule-devel 
rule: CVE-2021-1675 Operational Log
 2021-07-01 12:05:10 +02:00
Florian Roth
b9678f5456
Merge pull request #1595 from BlackB0lt/patch-10 
Create av_printernightmare_cve_2021_1675.yml
 2021-07-01 10:29:28 +02:00
Florian Roth
69a64b166c
fix: missing indentation 2021-07-01 10:29:20 +02:00
Florian Roth
68b5ed6015
Merge pull request #1587 from BlackB0lt/patch-8 
Create web_cve_2021_22893_pulse_secure_rce_exploit.yml
 2021-07-01 10:28:47 +02:00
Florian Roth
66f21faec0 rule: CVE-2021-1675 Operational Log 2021-07-01 10:28:10 +02:00
Florian Roth
f438039af9
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-07-01 09:49:01 +02:00
Florian Roth
a9500a3b1a
refactor: any finding in spool drivers is relevant 2021-07-01 09:46:35 +02:00
Bhabesh Rai
69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai
dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai
86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Sittikorn S
3382d5da09
Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00