valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,494 Commits 20 Branches 25 Tags 21 MiB
2a63927d51
Commit Graph

4703 Commits

Author SHA1 Message Date
Florian Roth
2a63927d51
Merge pull request #1612 from leegengyu/web_nginx_core_dump_typo 
Update web_nginx_core_dump.yml - Typo
 2021-07-03 13:15:50 +02:00
G Y
2e3daeac94
Update sysmon_remote_powershell_session_network.yml 
Typo fixes and grammar correction.
 2021-07-03 14:25:55 +08:00
G Y
544ec5861b
Update web_nginx_core_dump.yml 
Fixed typo in description field.
 2021-07-03 10:39:37 +08:00
Florian Roth
e25a9cd3b8 fix: escape character that would be interpreted as wildcard 2021-07-02 23:50:18 +02:00
Florian Roth
43735a5714 revert: change in other rule 2021-07-02 23:50:03 +02:00
Florian Roth
8b47946ad2 Merge branch 'master' into rule-devel 2021-07-02 23:47:58 +02:00
Florian Roth
d3d018e600 fix: escape character that would be interpreted as wildcard 2021-07-02 22:02:46 +02:00
Florian Roth
dcda583810
Merge pull request #1606 from initiate6/master 
Added new Print Spooler exploitation detection method
 2021-07-02 19:17:47 +02:00
Florian Roth
e5f2b40477
Minor adjustments 2021-07-02 18:48:07 +02:00
INIT_6
defcf7f808 Added new Print Spooler exploitation detection method 2021-07-02 10:58:14 -05:00
Florian Roth
0cdf0a79a8
Merge pull request #1605 from initiate6/master 
Added new possible ErrorCode
 2021-07-02 17:57:26 +02:00
Florian Roth
6d0d58dfe2
Merge pull request #1602 from BlackB0lt/patch-11 
Update and rename to av_printernightmare_cve_2021_34527.yml
 2021-07-02 17:15:10 +02:00
INIT_6
527a3cb8cd Added new possible ErrorCode 2021-07-02 07:27:00 -05:00
frack113
895a2f6154 fix 3 times the same name file 2021-07-02 11:01:07 +02:00
Sittikorn S
d33da0b25c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 14:42:04 +07:00
Florian Roth
203e6cf7b2
Merge pull request #1599 from d4rk-d4nph3/master 
New rule and update for PrintNightmare
 2021-07-02 09:27:30 +02:00
Sittikorn S
990699b81c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 11:54:37 +07:00
Sittikorn S
e94cdbbf84
Update and rename av_printernightmare_cve_2021_1675.yml to av_printernightmare_cve_2021_34527.yml 
Assign CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
 2021-07-02 11:50:24 +07:00
wagga40
ae670603e8 Updated PrintNightmare Sysmon Imageload based rule with modifiers 2021-07-01 21:34:53 +02:00
Florian Roth
b09efee045
Merge pull request #1600 from SigmaHQ/rule-devel 
rule: suspicious printer driver - empty manufacturer
 2021-07-01 16:46:09 +02:00
Florian Roth
e97bdf36f9 rule: suspicious printer driver - empty manufacturer 2021-07-01 13:55:21 +02:00
Bhabesh Rai
08a7886621 Added rule for deletion of DLLs by PrintNightmare 2021-07-01 16:33:55 +05:45
Bhabesh Rai
37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Florian Roth
7584471e2a
Merge pull request #1598 from SigmaHQ/rule-devel 
rule: CVE-2021-1675 Operational Log
 2021-07-01 12:05:10 +02:00
Florian Roth
b9678f5456
Merge pull request #1595 from BlackB0lt/patch-10 
Create av_printernightmare_cve_2021_1675.yml
 2021-07-01 10:29:28 +02:00
Florian Roth
69a64b166c
fix: missing indentation 2021-07-01 10:29:20 +02:00
Florian Roth
68b5ed6015
Merge pull request #1587 from BlackB0lt/patch-8 
Create web_cve_2021_22893_pulse_secure_rce_exploit.yml
 2021-07-01 10:28:47 +02:00
Florian Roth
66f21faec0 rule: CVE-2021-1675 Operational Log 2021-07-01 10:28:10 +02:00
Florian Roth
f438039af9
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-07-01 09:49:01 +02:00
Florian Roth
a9500a3b1a
refactor: any finding in spool drivers is relevant 2021-07-01 09:46:35 +02:00
Bhabesh Rai
69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai
dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai
86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Sittikorn S
3382d5da09
Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00
Florian Roth
cb63816dcc
Merge pull request #1593 from hieuttmmo/master 
PrintNightmare Detection using ImageLoad
 2021-06-30 16:10:19 +02:00
Florian Roth
1ac79238dc
Merge pull request #1592 from SigmaHQ/rule-devel 
rules: CVE-2021-1675 exploitation events
 2021-06-30 16:09:34 +02:00
Florian Roth
7a96b40895 rule: CVE-2021-1675 eventid extension 2021-06-30 16:08:33 +02:00
hieuttmmo
dceb13fe3f
Merge branch 'SigmaHQ:master' into master 2021-06-30 20:36:23 +07:00
Tran Trung Hieu
579220de6f Detect the PrintNighmare exploit using ImageLoad 2021-06-30 20:30:22 +07:00
Florian Roth
c508e71165 rules: CVE-2021-1675 exploitation events 2021-06-30 14:51:20 +02:00
Florian Roth
19962c6fe4
Merge pull request #1590 from SigmaHQ/rule-devel 
config: mappings for Microsoft print service
 2021-06-30 14:50:52 +02:00
Florian Roth
d2f7edc778 refactor: change title of older CVE-2021-1675 rule 2021-06-30 14:23:14 +02:00
Florian Roth
9899dd9b82
Merge pull request #1579 from frack113/fix_pr_1022 
Fix file from PR 1022
 2021-06-29 12:51:08 +02:00
Sittikorn S
c9ce298b2e
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 
remove http response
 2021-06-29 17:49:01 +07:00
Florian Roth
863941bff5
Merge pull request #1586 from BlackB0lt/patch-7 
Update sysmon_rclone_execution.yml
 2021-06-29 12:46:24 +02:00
Florian Roth
bbe67ddc73
Merge pull request #1589 from WojciechLesicki/master 
CobaltStrike Service Installations in Registry
 2021-06-29 12:44:10 +02:00
Florian Roth
1425ede905
Merge pull request #1588 from SigmaHQ/rule-devel 
CVE-2021-1675 Print Spooler Exploitation
 2021-06-29 12:31:37 +02:00
Florian Roth
a27d3d5880 docs: add 2nd Github upload 2021-06-29 12:31:13 +02:00