frack113
|
424b0263df
|
add EventID 26
|
2021-09-29 08:53:22 +02:00 |
|
frack113
|
4a66ea04bd
|
fix tags
|
2021-09-29 08:26:05 +02:00 |
|
frack113
|
f3f2bf2347
|
Merge pull request #2097 from zaicurity/patch-1
Added alternative command parameter
|
2021-09-29 06:49:45 +02:00 |
|
zaicurity
|
a2418e4d2c
|
Added alternative command parameter
Added the command parameter '/trusted_domains' for nltest which can be used as an alternative to '/domain_trusts' to bypass detection.
Tested on Windows 10.0.19042
Reference: https://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/
|
2021-09-28 17:39:21 +02:00 |
|
frack113
|
41f0fe6b52
|
Merge pull request #2095 from frack113/update_help
Update filter help
|
2021-09-28 16:23:29 +02:00 |
|
frack113
|
c27084dd0c
|
Merge pull request #2094 from frack113/backend_sysmon
Fix logsource not a string
|
2021-09-28 16:22:58 +02:00 |
|
frack113
|
c3222945ef
|
Merge pull request #2093 from austinsonger/win_sysmon_driver_unload.yml
win_sysmon_driver_unload.yml
|
2021-09-28 16:22:43 +02:00 |
|
frack113
|
f8ec71c00c
|
Merge pull request #2072 from austinsonger/aws_attached_malicious_lambda_layer.yml
aws_attached_malicious_lambda_layer.yml
|
2021-09-28 13:08:01 +02:00 |
|
frack113
|
11dc276185
|
Update filter help
|
2021-09-28 10:33:10 +02:00 |
|
Austin Songer
|
0d07a78a2d
|
Update aws_attached_malicious_lambda_layer.yml
|
2021-09-27 23:41:19 -05:00 |
|
Austin Songer
|
3e7b3073cf
|
Update win_sysmon_driver_unload.yml
|
2021-09-27 23:30:30 -05:00 |
|
frack113
|
90d4508d6e
|
Merge pull request #2087 from frack113/fix_targetusername
fix TargetUserName and TargetUserSid for detection
|
2021-09-28 06:27:54 +02:00 |
|
Florian Roth
|
1da59d9175
|
Merge pull request #2092 from SigmaHQ/rule-devel
docs: changed description
|
2021-09-27 23:13:09 +02:00 |
|
Florian Roth
|
4161cd909f
|
docs: changed description
|
2021-09-27 23:12:18 +02:00 |
|
Florian Roth
|
10b70edff0
|
Merge pull request #2091 from SigmaHQ/rule-devel
NOBELIUM FoggyWeb backdoor loading
|
2021-09-27 23:09:18 +02:00 |
|
Florian Roth
|
b227f8459d
|
fix: typo in filename
|
2021-09-27 22:37:20 +02:00 |
|
Florian Roth
|
ada966c5be
|
Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel
|
2021-09-27 22:34:30 +02:00 |
|
Florian Roth
|
cee44e6688
|
renamed files: lowercase
|
2021-09-27 22:33:30 +02:00 |
|
Florian Roth
|
97bb6a0257
|
rule: NOBELIUM FoggyWeb
|
2021-09-27 22:28:25 +02:00 |
|
frack113
|
bcdf164b4c
|
fix space
|
2021-09-27 19:17:14 +02:00 |
|
frack113
|
bcf40fa4e4
|
Fix logsource not a string
|
2021-09-27 18:59:05 +02:00 |
|
frack113
|
a0b48b96d4
|
Fix 'NoneType' object has no attribute 'lower'
|
2021-09-27 18:49:58 +02:00 |
|
Florian Roth
|
5ef1c913cf
|
fix: wrong condition
https://github.com/SigmaHQ/sigma/issues/2089
|
2021-09-27 18:33:57 +02:00 |
|
frack113
|
6782a7af4d
|
fix TargetUserName and TargetUserSid for detection
|
2021-09-27 09:27:01 +02:00 |
|
frack113
|
8de7cc28ee
|
Merge pull request #2086 from frack113/sigmacover
contrib Sigmacover
|
2021-09-27 08:34:45 +02:00 |
|
frack113
|
6bce0f967a
|
Merge pull request #2079 from zakibro/master
New Rule - Linux - Auditd - Clipboard Collection
|
2021-09-27 08:34:30 +02:00 |
|
frack113
|
74c2d39d53
|
Merge pull request #2081 from austinsonger/ecs-ms365_defender.yml
ecs-ms365_defender.yml
|
2021-09-27 08:03:36 +02:00 |
|
zakibro
|
6a2785492d
|
Update lnx_auditd_clipboard_collection.yml
Changes after suggestion.
|
2021-09-27 07:59:43 +02:00 |
|
frack113
|
8f99625a25
|
Fix ubuntu 20
|
2021-09-26 18:28:07 +02:00 |
|
frack113
|
776cccce30
|
Fix windows10
|
2021-09-26 17:07:58 +02:00 |
|
frack113
|
964f51d5ce
|
Merge pull request #2083 from frack113/debug_file
Add more debug info to sigmac
|
2021-09-26 12:40:39 +02:00 |
|
frack113
|
5e5af2918b
|
Add sigmacover.py
|
2021-09-26 11:24:25 +02:00 |
|
Florian Roth
|
f196e3174d
|
refactor: moved last global rule to unsupported
|
2021-09-26 10:54:11 +02:00 |
|
Florian Roth
|
756656b2ec
|
Merge pull request #2082 from SigmaHQ/rule-devel
refactor: removed all old Joomla rules, new generic rule
|
2021-09-26 10:47:47 +02:00 |
|
MetallicHack
|
d888ce67bc
|
Create azure_ad_user_added_to_sensitive_role.yml
|
2021-09-25 21:57:10 +02:00 |
|
frack113
|
d08d3712be
|
Add more debug info
|
2021-09-25 19:33:30 +02:00 |
|
Florian Roth
|
93bff7f49d
|
docs: new ID
|
2021-09-25 11:37:39 +02:00 |
|
Florian Roth
|
31ef53738d
|
refactor: removed old Joomla rules, made generic path traversal
|
2021-09-25 11:37:02 +02:00 |
|
frack113
|
0109a5f013
|
Merge pull request #2080 from austinsonger/ecs-azure-ad_signinlogs.yml
ecs-azure-ad_signinlogs.yml
|
2021-09-25 07:56:50 +02:00 |
|
frack113
|
7dc574bc01
|
Merge pull request #2078 from kidrek/win_process_dump_rdrleakdiag
add new rule win_process_dump_rdrleakdiag
|
2021-09-25 07:55:52 +02:00 |
|
frack113
|
8fe222a92c
|
Merge pull request #2077 from frack113/remove_re
Convert re to endswith
|
2021-09-25 07:55:22 +02:00 |
|
frack113
|
278fb0a2de
|
Merge pull request #2076 from BlackB0lt/patch-20
Create web_cve_2021_22005_vmware_file_upload
|
2021-09-25 07:54:45 +02:00 |
|
Sittikorn S
|
7c8df0eb55
|
Update web_cve_2021_22005_vmware_file_upload.yml
|
2021-09-25 08:05:00 +07:00 |
|
Austin Songer
|
00f4773eeb
|
Create ecs-ms365_defender.yml
|
2021-09-24 20:02:39 -05:00 |
|
Austin Songer
|
696f343ac3
|
Delete ecs-ms365_defender.yml
|
2021-09-24 20:02:04 -05:00 |
|
Austin Songer
|
176b9662fc
|
Update ecs-ms365_defender.yml
|
2021-09-24 20:01:00 -05:00 |
|
Austin Songer
|
dd2f3e50db
|
Create ecs-ms365_defender.yml
|
2021-09-24 19:53:21 -05:00 |
|
Austin Songer
|
527975c02f
|
Update ecs-azure-ad_signinlogs.yml
|
2021-09-24 19:33:01 -05:00 |
|
Austin Songer
|
9ca1ea993d
|
Create ecs-azure-ad_signinlogs.yml
|
2021-09-24 19:29:40 -05:00 |
|
Austin Songer
|
5227f31331
|
Merge branch 'SigmaHQ:master' into master
|
2021-09-24 19:28:40 -05:00 |
|