SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00

Author	SHA1	Message	Date
Ryan Plas	dc856f24e0	Move rule to sysmon folder and update selection names	2020-10-07 07:18:12 -04:00
nsaddler	59610517a0	Update sysmon_long_powershell_commandline.yml	2020-10-07 14:10:26 +03:00
nsaddler	df21dab585	Update sysmon_long_powershell_commandline.yml	2020-10-07 14:00:41 +03:00
nsaddler	e01e26be1c	Update sysmon_long_powershell_commandline.yml	2020-10-07 13:55:17 +03:00
Наталья Шорникова	7d8445fe12	[OSCD] Too Long Powershell CommandLine Rule added	2020-10-07 13:42:05 +03:00
Vasilisa-L	da578a8bb0	Update win_susp_winrm_execution.yml	2020-10-07 12:30:57 +03:00
nsaddler	911bc514af	Rename sysmon_accessing_winapi_in_powershell_credentials_dumping.yaml to sysmon_accessing_winapi_in_powershell_credentials_dumping.yml	2020-10-07 12:26:30 +03:00
Yuliya Fomina	729e1f6f7f	Сreate win_susp_winrm_execution	2020-10-07 12:20:37 +03:00
Наталья Шорникова	b6451fcc38	[OSCD] Accessing WinAPI in PowerShell. Credentials dumping Rule added	2020-10-07 12:17:29 +03:00
Yuliya Fomina	ab8e9ed8e7	Create win_susp_winrm_AWL_bypass	2020-10-07 12:07:20 +03:00
esebese	4045c68ae4	[OSCD] sysmon_tttracer_mod_load.yml added	2020-10-07 11:17:21 +03:00
grikos	391af43708	Update description & references	2020-10-07 10:32:51 +03:00
JPMinty	bf43344858	Refactor for multiple log sources	2020-10-07 17:25:34 +10:30
svch0stz	0fe1850bf4	Update powershell_suspicious_mounted_share_deletion.yml	2020-10-07 17:54:48 +11:00
svch0stz	c879378e35	Update win_susp_mounted_share_deletion.yml	2020-10-07 17:46:13 +11:00
svch0stz	a7442328eb	Create powershell_suspicious_mounted_share_deletion.yml	2020-10-07 17:44:05 +11:00
svch0stz	3dafef411f	Delete powershell_suspicious_mounted_share_deletion.yml	2020-10-07 17:42:25 +11:00
svch0stz	db9813d13c	Update win_susp_mounted_share_deletion.yml	2020-10-07 17:40:09 +11:00
svch0stz	097bed80ae	Update powershell_suspicious_mounted_share_deletion.yml	2020-10-07 17:36:20 +11:00
svch0stz	dabc092ab9	Create win_susp_mounted_share_deletion.yml	2020-10-07 17:34:48 +11:00
svch0stz	5c2ef0dd35	Update powershell_suspicious_mounted_share_deletion.yml	2020-10-07 17:33:12 +11:00
JPMinty	c878d55ac0	Add oscd.community author	2020-10-07 16:59:18 +10:30
svch0stz	d7acbb369e	Created powershell_suspicious_mounted_share_deletion.yml	2020-10-07 17:22:09 +11:00
Thomas Patzke	986c80e593	Added oscd branch to CI	2020-10-07 08:20:26 +02:00
Vasilisa-L	5d01f71f62	CommandLine\|contains -> CommandLine\|contains\|all: Replaced wildcard expression with list of values	2020-10-07 08:43:22 +03:00
Ryan Plas	dbb76b5856	Add Usage of reg or Powershell by Non-privileged Users rule	2020-10-06 22:01:18 -04:00
grikos	a5478950c7	Create win_susp_rundll32_setupapi_installhinfsection.yml	2020-10-07 00:34:00 +03:00
svch0stz	e68e212d23	Update win_susp_logon_explicit_credentials.yml	2020-10-07 08:26:43 +11:00
svch0stz	ca0f2146ab	Update win_net_use_admin_share.yml	2020-10-07 08:23:31 +11:00
svch0stz	3d048ceba0	Update win_susp_copy_lateral_movement.yml	2020-10-07 08:18:09 +11:00
svch0stz	ee2c79745f	Update win_susp_wsl_lolbin.yml	2020-10-07 08:12:51 +11:00
Nikita P. Nazarov	0ad9fc61de	Detecting Code injection with PowerShell in another process	2020-10-06 20:52:18 +03:00
Ensar Şamil	944a110749	Delete sysmon_tttracer_mod_load.yml	2020-10-06 20:42:32 +03:00
ensar-pcs	4c5d692328	[OSCD] sysmon_tttracer_mod_load.yml added	2020-10-06 20:30:56 +03:00
Nikita P. Nazarov	c90d99c0f9	Accessing WinAPI in PowerShell	2020-10-06 19:57:57 +03:00
Furkan CALISKAN	bbb9fed3e6	Fixed for FP issues	2020-10-06 19:51:55 +03:00
ensar-pcs	60b3450fa8	[OSCD] win_syncappvpublishingserver_exe.yml added	2020-10-06 19:22:16 +03:00
Furkan CALISKAN	0023a22ead	Added FP conditions and fileshare part for cmdline	2020-10-06 19:20:19 +03:00
Furkan CALISKAN	a5ceba93a9	Fixed conditions	2020-10-06 19:15:30 +03:00
Furkan CALISKAN	52edc13d15	Fixed dates	2020-10-06 19:10:33 +03:00
Vasilisa-L	5b31b8755d	Update win_susp_pcwutl.yml	2020-10-06 08:55:01 +03:00
Furkan CALISKAN	ea6d60c58f	Added print lolbin	2020-10-05 23:26:57 +03:00
Furkan CALISKAN	db4804d6bf	Merge branch 'master' of https://github.com/caliskanfurkan/sigma	2020-10-05 23:03:21 +03:00
Furkan CALISKAN	4d655138b2	Added findstr lolbin	2020-10-05 23:03:05 +03:00
Nikita P. Nazarov	f455146a29	Detecting use PsExec via Pipe Creation/Access to pipes RULE (#29 #30 )	2020-10-05 18:08:20 +03:00
Yuliya Fomina	815aa3c719	Edited win_susp_pcwutl	2020-10-05 14:00:21 +03:00
Furkan ÇALIŞKAN	b147fc3296	Update win_susp_explorer.yml Added known-fp	2020-10-05 13:22:43 +03:00
Yuliya Fomina	39f955d24d	Revert "Create win_susp_pester.yml" This reverts commit `577daa378a`.	2020-10-05 13:14:35 +03:00
Yuliya Fomina	577daa378a	Create win_susp_pester.yml	2020-10-05 12:22:50 +03:00
Yuliya Fomina	ffc768e262	Create win_susp_pcwutl.yml	2020-10-05 11:30:24 +03:00

... 2 3 4 5 6 ...

4179 Commits