valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,024 Commits 20 Branches 25 Tags 21 MiB
4a560e9375
Commit Graph

1193 Commits

Author SHA1 Message Date
zinint
4a560e9375
T1002 2019-10-29 22:56:45 +03:00
zinint
583980f8ec
Delete win_data_compressed.yml 2019-10-29 22:56:30 +03:00
zinint
4eb7965662
T1002 2019-10-29 22:54:42 +03:00
zinint
950796f71f
Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:39 +03:00
zinint
c5599399b5
Update lnx_auditd_masquerading_crond.yml 2019-10-29 22:48:00 +03:00
zinint
47f7d648a3
T1036 2019-10-29 22:33:03 +03:00
zinint
c243c4e210
T1035 2019-10-29 20:58:52 +03:00
zinint
d1cf80d9b6
Update lnx_auditd_user_discovery.yml 2019-10-28 00:00:06 +03:00
zinint
68b4541274
t1033 2019-10-27 23:59:16 +03:00
zinint
87c8326133
T1033 2019-10-27 23:49:07 +03:00
zinint
55eaae1cea
Rename win_app_windows_descovery.yml to win_app_windows_discovery.yml 2019-10-27 23:15:10 +03:00
zinint
93b867024c
T1012 2019-10-27 23:13:03 +03:00
zinint
6e94e798be
t1010 2019-10-25 16:12:51 +03:00
zinint
aef5fa3c2b
Rename powershell_winlogon_helper_dll.yaml to powershell_winlogon_helper_dll.yml 2019-10-24 16:37:38 +03:00
zinint
5a98fdbbbd
ART t1004 2019-10-24 16:33:29 +03:00
zinint
317e9d3df9
PS Data Compressed attack.t1002 
PS Data Compressed attack.t1002
 2019-10-24 15:43:46 +03:00
zinint
7c5dc0ca01
Update win_data_compressed.yml 2019-10-24 15:34:13 +03:00
zinint
49f9b797a7
Update sysmon_xsl_script_processing.yml 2019-10-22 15:20:15 +03:00
zinint
a8bd2c8e78
Update win_data_compressed.yml 2019-10-22 14:57:53 +03:00
zinint
74d1fef8b8
Update win_data_compressed.yml 2019-10-22 14:53:43 +03:00
zinint
cc6d4b05ac
OSCD Task 7 : ART T1002 Exfiltration With Rar 
OSCD Task 7 : ART T1002 Compress Data for Exfiltration With Rar
 2019-10-22 14:00:52 +03:00
zinint
daf1034621
Update win_possible_applocker_bypass.yml 2019-10-22 00:54:29 +03:00
zinint
789782ef59
Update sysmon_xsl_script_processing.yml 2019-10-22 00:08:46 +03:00
zinint
56f807cb44
Update sysmon_xsl_script_processing.yml 2019-10-22 00:06:54 +03:00
zinint
0d8eff0d86
Update sysmon_xsl_script_processing.yml 2019-10-22 00:06:10 +03:00
zinint
a1d72f20c8
Update sysmon_xsl_script_processing.yml 2019-10-21 23:51:39 +03:00
zinint
5248f83fb3
Update sysmon_xsl_script_processing.yml 2019-10-21 23:46:11 +03:00
zinint
a685c9c3be
Update sysmon_xsl_script_processing.yml 2019-10-21 23:39:33 +03:00
zinint
784d7138ca
OSCD Task 7 ART T1220 
OSCD Task 7 ART T1220 rule add
 2019-10-21 22:22:55 +03:00
Florian Roth
454ba2b576 rule: modified sudo vuln rule to be most generic 2019-10-20 14:02:10 +02:00
Florian Roth
08ff2f38bc Revert "rule: modified sudo vuln rule to be most generic" 
This reverts commit ef6a25d109.
 2019-10-20 14:01:14 +02:00
Florian Roth
ef6a25d109 rule: modified sudo vuln rule to be most generic 2019-10-20 10:37:05 +02:00
Thomas Patzke
522f021ef1
Merge pull request #461 from Galapag0s/patch-2 
Added Additional history clearing options
 2019-10-16 22:35:41 +02:00
Florian Roth
deb3ecf404 fix: relevant fields in lsass dll load rule 2019-10-16 19:09:20 +02:00
Florian Roth
ab292a4029 rule: simplified Emotet rule 2019-10-16 15:29:42 +02:00
Florian Roth
36f678930d rule: updated sudo vuln rule to detect 0-padding part 2 
https://twitter.com/joshbressers/status/1184455759620378627
 2019-10-16 15:10:44 +02:00
Florian Roth
5374d18e4b rule: updated sudo vuln rule to detect 0-padding 
https://twitter.com/taviso/status/1184238670343065600
 2019-10-16 15:03:28 +02:00
Florian Roth
c396526f40 rule: LSASS DLL load via undocumented Registry key 
https://twitter.com/SBousseaden/status/1183745981189427200
 2019-10-16 13:18:44 +02:00
Florian Roth
5d143f4f22 rule: emotet rule references extended 2019-10-16 13:18:44 +02:00
Florian Roth
d46154da5c rule: extending Emotet rule 2019-10-16 10:22:48 +02:00
Florian Roth
4ea469d138 rule: suspicious compression tool parameters 2019-10-15 16:38:53 +02:00
Florian Roth
e870c86fb0 rule: keyboad layout preloads extended with ' 2019-10-15 15:11:00 +02:00
Florian Roth
921a39f1e3 rule: extended sudo rule with variant for USER field 2019-10-15 14:55:09 +02:00
Florian Roth
96d77447d2 rule: added reference and mitre tags 2019-10-15 09:44:17 +02:00
Florian Roth
49ed76004c rule: sudo priv esc vuln CVE-2019-14287 2019-10-15 09:39:08 +02:00
Florian Roth
52fef7ae10
Merge pull request #468 from 2d4d/lsass_without_exe 
remove .exe from lsass
 2019-10-14 18:03:13 +02:00
Florian Roth
8db1cac910 fix: made rule compatible with event id 4688 2019-10-14 18:01:24 +02:00
Florian Roth
0e2284a176 rule: modified the default 2019-10-14 17:50:48 +02:00
Florian Roth
312311494d rule: suspicious code page switch using chcp 2019-10-14 17:45:25 +02:00
2d4d
cf5d7f11ad remove .exe from lsass 2019-10-14 17:26:33 +02:00