valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,840 Commits 20 Branches 25 Tags 21 MiB
3776ac6057
Commit Graph

6840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
3776ac6057
Merge pull request #1739 from austinsonger/aws_s3_data_management_tampering.yml 
aws_s3_data_management_tampering.yml
 2021-07-27 08:06:35 +02:00
Florian Roth
9f27ab5426
Merge pull request #1738 from JohnLaTwC/patch-4 
cover evasions from unicode substitutions
 2021-07-27 08:05:48 +02:00
Florian Roth
51e1074fa0
Merge pull request #1735 from austinsonger/aws_elasticache_security_group_created.yml 
aws_elasticache_security_group_created.yml
 2021-07-27 08:03:30 +02:00
Florian Roth
39a1328c58
Merge pull request #1727 from austinsonger/aws_route_53_domain_transferred_lock_disabled.yml 
Aws route 53 domain transferred lock disabled.yml
 2021-07-27 08:02:59 +02:00
Florian Roth
e49f4c86b6
Merge pull request #1726 from austinsonger/aws_route_53_domain_transferred_to_another_account.yml 
Aws route 53 domain transferred to another account.yml
 2021-07-27 08:02:27 +02:00
Austin Songer
1be402e791
Update aws_s3_data_management_tampering.yml 2021-07-25 02:25:24 -05:00
Austin Songer
0a07795a4e
Update aws_route_53_domain_transferred_to_another_account.yml 2021-07-25 02:24:22 -05:00
Austin Songer
b7fc362f4a
Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-25 02:22:13 -05:00
John Lambert
2b57f95e72
Update win_grabbing_sensitive_hives_via_reg.yml 2021-07-24 18:17:27 -05:00
Austin Songer
1405ae274e
Update aws_elasticache_security_group_created.yml 2021-07-24 16:20:00 -05:00
Austin Songer
99c2edb608
Update aws_s3_data_management_tampering.yml 2021-07-24 11:17:18 -05:00
Austin Songer
d283e97415
Create aws_s3_data_management_tampering.yml 2021-07-24 11:12:19 -05:00
Austin Songer
64e655d6ef
Delete aws_s3_data_management_tampering.yml 2021-07-24 11:11:21 -05:00
Austin Songer
d7303ed7b2
Create aws_s3_data_management_tampering.yml 2021-07-24 11:09:31 -05:00
John Lambert
da6e747547
cover evasions from unicode substitutions 
Add variations to cover unicode substitutions to avoid evasion.

> Unicode contains a range for Spacing Modifier Letters (0x02B0 - 0x02FF) [4], which includes characters such as ˪, ˣ and ˢ. Some command-line parsers recognise these as letters and convert them back to l, x and s respectively. 

See (https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation) by @Wietze
 2021-07-24 10:33:15 -05:00
Florian Roth
7cacc57313
Merge pull request #1733 from SigmaHQ/rule-devel 
New hive file pattern for C# version of HiveNightmare
 2021-07-24 16:41:51 +02:00
Austin Songer
5d3b687ce4
Update aws_elasticache_security_group_created.yml 2021-07-24 09:34:08 -05:00
Austin Songer
e5edd03ff3
Create aws_elasticache_security_group_created.yml 2021-07-24 09:16:11 -05:00
Florian Roth
9771943116 refactor: new file pattern SeriousSAM 2021-07-24 16:13:36 +02:00
Florian Roth
ae80f747ae fix: adding experimental status 2021-07-24 12:34:33 +02:00
Florian Roth
a090feecf5
Merge pull request #1732 from SigmaHQ/rule-devel 
Relay attack tools and impacket binaries
 2021-07-24 12:33:48 +02:00
Florian Roth
c0bc51e849
Merge pull request #1731 from frack113/more_check 
Update test_rules.py
 2021-07-24 11:10:00 +02:00
Florian Roth
3eb37c014c rule: Impacket tools and Relay attack tools 2021-07-24 11:08:35 +02:00
Florian Roth
07223baaeb fix: typo in date value 2021-07-24 10:22:07 +02:00
Florian Roth
ce58012608
Merge pull request #1584 from frack113/multi_output 
Update output arg options
 2021-07-24 10:07:10 +02:00
frack113
ffcd3a2112 Add test_optional_related test_optional_fields test_optional_falsepositives 2021-07-24 09:41:04 +02:00
Austin Songer
ed04992905
Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 13:40:50 -05:00
Florian Roth
772cf4f5e4
Merge pull request #1730 from SigmaHQ/rule-devel 
fix: avoid false positives with MSF psexec rule
 2021-07-23 19:49:45 +02:00
Florian Roth
880a87ce91 fix: avoid false positives with MSF psexec rule 2021-07-23 18:33:38 +02:00
Austin Songer
ada79fe05f
Update aws_route_53_domain_transferred_to_another_account.yml 2021-07-23 08:36:39 -05:00
Austin Songer
9d00702797
Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:57:55 -05:00
Austin Songer
943d78f363
Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:57:37 -05:00
Austin Songer
de6d48289c
Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:56:56 -05:00
Austin Songer
844c08f26a
Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-23 07:56:18 -05:00
Florian Roth
7ede42f78d
Merge pull request #1729 from SigmaHQ/rule-devel 
add additional filename pattern to HiveNightmare rule
 2021-07-23 10:40:33 +02:00
Florian Roth
c0138d5ced add additional filename pattern to HiveNightmare rule 2021-07-23 10:39:41 +02:00
Florian Roth
fa344987c0
Merge pull request #1703 from hieuttmmo/master 
Suspicious behaviours related to  SOURGUM
 2021-07-23 10:32:25 +02:00
Florian Roth
7c42a9d6cb
Merge pull request #1728 from SigmaHQ/rule-devel 
HiveNightmare file creation, other rule improvements
 2021-07-23 10:21:35 +02:00
Tran Trung Hieu
77b4a37916 Update the references 2021-07-23 14:58:51 +07:00
Florian Roth
38b9e942c1
Merge pull request #1724 from austinsonger/master 
sysmon_dns_over_https_enabled.yml
 2021-07-23 09:52:24 +02:00
Florian Roth
5b95ef0872
Merge pull request #1725 from frack113/add_new_test 
Add check for status and level
 2021-07-23 09:51:37 +02:00
Florian Roth
cc8899ea62
Merge pull request #1717 from frack113/netcat 
[OSCD] sysmon_netcat_execution.yml T1095
 2021-07-23 09:51:23 +02:00
Florian Roth
d00ca03cb6
increased level to high 2021-07-23 09:51:00 +02:00
Florian Roth
5955efa750 adjusted timestamp 2021-07-23 09:45:50 +02:00
Florian Roth
d9dc442f4e rule: HiveNightmare 2021-07-23 09:41:00 +02:00
Austin Songer
a4b78ef4f0
Delete sysmon_dns_over_https_enabled.yml 2021-07-22 21:48:28 -05:00
Austin Songer
cdfe0e7662
Delete sysmon_dns_over_https_enabled.yml 2021-07-22 21:48:23 -05:00
Austin Songer
82419ff8dd
Create aws_route_53_domain_transferred_lock_disabled.yml 2021-07-22 21:46:13 -05:00
Austin Songer
1ec329f562
Create aws_route_53_domain_transferred_to_another_account.yml 2021-07-22 21:41:59 -05:00
Austin Songer
41f41b4c7b
Delete aws_route_53_domain_transferred_to_another_account.yml 2021-07-22 21:41:08 -05:00