SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-09 02:26:48 +00:00

Author	SHA1	Message	Date
yugoslavskiy	32aea9ad2b	Merge pull request #1098 from NikitaStormwind/regular31 [OSCD] Detects Obfuscated Powershell via use MSHTA in Scripts #31 (4104, 4103)	2021-01-05 23:10:28 +03:00
yugoslavskiy	ae3c0d0801	Merge pull request #1095 from esebese/task136 [OSCD]win_pe_exec_vsjitdebugger.yml added	2021-01-05 23:10:18 +03:00
yugoslavskiy	aa9182593a	Merge pull request #1087 from Vasilisa-L/OSCD_pester.bat [OSCD] 109: Pester.bat	2021-01-05 23:09:47 +03:00
yugoslavskiy	1992b1ac9f	Merge pull request #1074 from semanurguneysu/oscd [OSCD] Create sysmon_abusing_debug_privilege.yml	2021-01-05 23:06:57 +03:00
yugoslavskiy	b5c78212ad	Merge pull request #1076 from nsaddler/oscd5 [OSCD] Powershell without powershell.exe Rule Added	2021-01-05 23:06:37 +03:00
yugoslavskiy	c7e9522f29	Merge pull request #1077 from uchakin/oscd [OSCD] UAC bypass added	2021-01-05 23:06:24 +03:00
yugoslavskiy	bceb3c8af0	Merge pull request #1047 from grikos/sigma/oscd [OSCD] Registry modify via VBoxDrvInst	2021-01-05 23:00:20 +03:00
yugoslavskiy	87e5e5a7fc	Merge pull request #1069 from nsaddler/oscd3 [OSCD] Powershell Script Installed as a Service Rule added	2021-01-05 22:58:21 +03:00
Florian Roth	40e0e3bc99	Merge pull request #1193 from w0rk3r/oscd_rules_improvement [OSCD] Windows Rules - Review for improvements on selections and logic	2020-12-31 12:10:15 +01:00
Florian Roth	c3f891beab	Merge pull request #1286 from V3T0/v3t0_oscd_lolbas_runonce_susp_persistence_ [OSCD] Added a rule to detect potential persistence using registry keys	2020-12-21 18:33:17 +01:00
Florian Roth	133b98ffcb	Merge pull request #1262 from invrep-de/oscd [OSCD] Bad Opsec Sacrificial Processes Argument Discrepancy	2020-12-21 18:30:21 +01:00
yugoslavskiy	a028cdf1ee	Update powershell_shellcode_b64.yml	2020-12-01 02:24:35 +01:00
yugoslavskiy	7309fb7d0e	Update powershell_winlogon_helper_dll.yml	2020-12-01 02:23:02 +01:00
yugoslavskiy	36754ae3d5	Update win_vul_cve_2020_0688.yml	2020-12-01 02:16:22 +01:00
yugoslavskiy	0188e45925	Update win_malware_script_dropper.yml	2020-12-01 02:12:53 +01:00
yugoslavskiy	30ecc8bd26	Update win_malware_script_dropper.yml	2020-12-01 02:08:52 +01:00
yugoslavskiy	6494103839	Update win_susp_powershell_enc_cmd.yml	2020-12-01 01:54:51 +01:00
yugoslavskiy	d1b625d080	Update win_susp_powershell_enc_cmd.yml	2020-12-01 01:51:47 +01:00
yugoslavskiy	3cbc2f0aec	Update win_susp_powershell_enc_cmd.yml	2020-12-01 01:47:23 +01:00
yugoslavskiy	816ce5937c	Update win_susp_crackmapexec_execution.yml	2020-12-01 01:29:35 +01:00
Yugoslavskiy Daniil	50623544a2	remove possible duplicate filter	2020-11-29 22:03:19 +01:00
Jonhnathan	a9fde0117b	Merge branch 'oscd' into oscd_rules_improvement	2020-11-28 14:52:31 -03:00
yugoslavskiy	7dc5233dd9	Update win_susp_commands_recon_activity.yml	2020-11-28 18:43:04 +01:00
yugoslavskiy	5196926d60	Update sysmon_stickykey_like_backdoor.yml	2020-11-28 18:33:21 +01:00
yugoslavskiy	39c2258848	Update sysmon_registry_persistence_search_order.yml	2020-11-28 18:30:41 +01:00
yugoslavskiy	9f8ef95571	Update win_webshell_detection.yml	2020-11-28 18:25:09 +01:00
yugoslavskiy	c761d05a17	Update win_system_exe_anomaly.yml	2020-11-28 18:03:19 +01:00
yugoslavskiy	258334d6d1	Update win_susp_wmi_execution.yml	2020-11-28 18:01:06 +01:00
Jonhnathan	95eb7424aa	Update sysmon_susp_run_key_img_folder.yml	2020-11-28 13:54:59 -03:00
Jonhnathan	f504ccc33f	Update sysmon_susp_reg_persist_explorer_run.yml	2020-11-28 13:52:36 -03:00
Jonhnathan	986800056c	Update sysmon_stickykey_like_backdoor.yml	2020-11-28 13:50:13 -03:00
yugoslavskiy	c0c74a05df	Update win_susp_sysvol_access.yml	2020-11-28 17:49:21 +01:00
Jonhnathan	ef34c94e6a	Update sysmon_registry_persistence_search_order.yml	2020-11-28 13:49:18 -03:00
yugoslavskiy	3c75bc922a	Update win_susp_squirrel_lolbin.yml	2020-11-28 17:47:16 +01:00
Jonhnathan	06cc5049a4	Update sysmon_dns_serverlevelplugindll.yml	2020-11-28 13:46:02 -03:00
yugoslavskiy	42f27a41cb	Update win_susp_rundll32_by_ordinal.yml	2020-11-28 17:44:30 +01:00
yugoslavskiy	ca0a6547fb	Update win_susp_run_locations.yml	2020-11-28 17:42:47 +01:00
Jonhnathan	f1455e0c38	Update win_win10_sched_task_0day.yml	2020-11-28 13:42:30 -03:00
Jonhnathan	fe3ed329ef	Update win_webshell_recon_detection.yml	2020-11-28 13:41:11 -03:00
yugoslavskiy	ea550cf551	Update win_susp_regsvr32_anomalies.yml	2020-11-28 17:40:40 +01:00
Jonhnathan	f0bf3d13b5	Update win_webshell_detection.yml	2020-11-28 13:38:34 -03:00
Jonhnathan	9f4bbb7e65	Update win_webshell_detection.yml	2020-11-28 13:35:50 -03:00
yugoslavskiy	bcf62fba72	Update win_susp_ps_appdata.yml	2020-11-28 17:34:34 +01:00
yugoslavskiy	2ed4b26291	Update win_susp_procdump.yml	2020-11-28 17:33:02 +01:00
Jonhnathan	0d0f58c830	Update win_system_exe_anomaly.yml	2020-11-28 13:32:44 -03:00
yugoslavskiy	a3e436363e	Update win_susp_powershell_parent_combo.yml	2020-11-28 17:31:37 +01:00
Jonhnathan	c9b5ba10f8	Update win_susp_wmi_execution.yml	2020-11-28 13:30:34 -03:00
yugoslavskiy	c01c05b826	Update win_susp_powershell_enc_cmd.yml	2020-11-28 17:29:15 +01:00
Jonhnathan	f6117eebc7	Update win_susp_sysvol_access.yml	2020-11-28 13:27:28 -03:00
Jonhnathan	88b4d4c4e5	Update win_susp_sysvol_access.yml	2020-11-28 13:26:22 -03:00

1 2 3 4 5 ...

2736 Commits