Commit Graph

5 Commits

Author SHA1 Message Date
ecco
0dd089db47 various rules cleaning 2020-05-18 20:29:53 -04:00
Florian Roth
35e43db7a7 fix: converted CRLF line break to LF 2020-03-25 14:36:34 +01:00
Antonlovesdnb
4c5d489428
Update sysmon_susp_office_kerberos_dll_load.yml 2020-02-25 09:23:52 -05:00
Antonlovesdnb
328858279f
Update sysmon_susp_office_kerberos_dll_load.yml 2020-02-19 14:51:50 -05:00
Antonlovesdnb
397cdecb94
5 Rules covering various macro techniques
- Rule to look for GAC DLL loaded by an Office Product
- Rule to look for any DLL in C:\Windows\assembly loaded by an Office Product
- Rule to look for clr.dll loaded by an Office Product
- Rule to look for directory services parsing dll loaded by an Office Product
- Rule to look for kerberos dll loaded by an Office Product
2020-02-19 14:43:13 -05:00