valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,544 Commits 20 Branches 25 Tags 21 MiB
612a7642d2
Commit Graph

1544 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
612a7642d2
Added Local directory 2019-04-15 08:47:53 +02:00
Karneades
d872c52a43
Add restricted filters to notepad++ gup.exe rule 2019-04-15 08:12:12 +02:00
Karneades
788e75ef1b
Fix condition 2019-04-04 22:32:21 +02:00
Karneades
840eb2f519
Remove too loose filter in notepad updater rule 2019-04-04 22:25:05 +02:00
Florian Roth
81693d81b6
Merge pull request #295 from sbousseaden/master 
Create win_atsvc_task.yml
 2019-04-04 18:32:13 +02:00
sbousseaden
c4b8f75940
Update win_lm_namedpipe.yml 2019-04-04 18:22:50 +02:00
sbousseaden
22958c45a3
Update win_GPO_scheduledtasks.yml 2019-04-03 21:50:55 +02:00
sbousseaden
b4ac9a432f
Update win_susp_psexec.yml 2019-04-03 21:50:25 +02:00
sbousseaden
353e457104
Update win_lm_namedpipe.yml 2019-04-03 21:49:58 +02:00
sbousseaden
d5818a417b
Update win_impacket_secretdump.yml 2019-04-03 21:49:30 +02:00
sbousseaden
9c5575d003
Update win_atsvc_task.yml 2019-04-03 21:48:38 +02:00
sbousseaden
edb98f2781
Update win_account_discovery.yml 2019-04-03 21:40:59 +02:00
Florian Roth
2b814011cd
Merge pull request #287 from P4T12ICK/feature/lnx-clear-cmd-history-signature 
Add new signature for linux clear command history
 2019-04-03 19:45:06 +02:00
Florian Roth
13f86e9333
Merge pull request #296 from Karneades/patch-1 
Remove backslashes in CommandLine for sticky key rule
 2019-04-03 19:44:02 +02:00
Florian Roth
b4b7d810fc
Merge pull request #300 from yt0ng/development 
Sqirrel packages manager, EmpireMonkey, WMI Spawning PowerShel
 2019-04-03 19:20:46 +02:00
yt0ng
e0459cec1c
renamed file 2019-04-03 17:39:17 +02:00
t0x1c-1
7e058e611c WMI spawning PowerShell seen in various attacks 2019-04-03 16:56:45 +02:00
Unknown
9ada22b8e0 adjusted link 2019-04-03 16:40:18 +02:00
Unknown
d2e605fc5c Auto stash before rebase of "Neo23x0/master" 2019-04-03 16:25:18 +02:00
Karneades
865d971704
Remove backslashes in CommandLine for sticky key rule 
Example command line is exactly "cmd.exe sethc.exe 211".
=> the detection with *\cmd.exe... would not match.
 2019-04-03 16:16:18 +02:00
sbousseaden
eda5298457
Create win_account_backdoor_dcsync_rights.yml 2019-04-03 16:16:05 +02:00
sbousseaden
0756b00cdf
Create win_susp_psexec.yml 2019-04-03 15:59:46 +02:00
sbousseaden
9c1a5a5264
Create win_lm_namedpipe.yml 2019-04-03 15:48:42 +02:00
sbousseaden
56b68a0266
Create win_GPO_scheduledtasks.yml 2019-04-03 15:36:24 +02:00
sbousseaden
b941f6411f
Create win_impacket_secretdump.yml 2019-04-03 15:18:42 +02:00
sbousseaden
516c8f3ea1
Create win_account_discovery.yml 2019-04-03 14:41:11 +02:00
sbousseaden
3d69727332
Create sysmon_rdp_settings_hijack.yml 2019-04-03 14:16:25 +02:00
sbousseaden
016261cacf
Update sysmon_lsass_memdump.yml 2019-04-03 14:06:49 +02:00
sbousseaden
a85c668f6f
Update sysmon_lsass_memdump.yml 2019-04-03 14:00:51 +02:00
sbousseaden
d62bc41bfb
Create win_svcctl_remote_service.yml 2019-04-03 13:58:20 +02:00
sbousseaden
32c6b34746
Create sysmon_lsass_memdump.yml 2019-04-03 13:51:59 +02:00
sbousseaden
548145ce10
Create win_susp_raccess_sensitive_fext.yml 2019-04-03 13:22:42 +02:00
sbousseaden
ddb2d92a98
Create sysmon_tsclient_filewrite_startup.yml 2019-04-03 13:19:59 +02:00
sbousseaden
e3f99c323b
Create win_atsvc_task.yml 2019-04-03 13:08:12 +02:00
Florian Roth
6cc1770351
Merge pull request #294 from Pr0t3an/patch-3 
Update lnx_shell_susp_rev_shells.yml
 2019-04-03 01:07:07 +02:00
Florian Roth
b76925f838 Rule: extending rule with /dev/udp 2019-04-02 20:09:13 +02:00
Pr0t3an
d067087632
Update lnx_shell_susp_rev_shells.yml 
added 
 - 'bash -i >& /dev/udp/'
        - 'sh -I >$ /dev/udp/'
        - 'sh -i   >$ /dev/tcp/'
 2019-04-02 18:22:18 +01:00
Florian Roth
5c5a16c4d5 Rule: adding xterm -display string to rule 2019-04-02 18:48:18 +02:00
Florian Roth
453bd10e6e Rule: Suspicious reverse shell command lines 2019-04-02 17:03:57 +02:00
Thomas Patzke
8e854b06f6 Specified source to prevent EventID collisions 
Issue #263
 2019-04-01 23:45:55 +02:00
Thomas Patzke
0419ff215a Fixed quoting of single quotes in grep backend 2019-04-01 23:22:05 +02:00
Florian Roth
d06a5431eb
Changes 2019-04-01 14:03:54 +02:00
Florian Roth
c7553dc8a1
Merge pull request #292 from yt0ng/development 
Allow Incoming Connections by Port or Application on Windows Firewall
 2019-04-01 14:02:10 +02:00
Florian Roth
e473efb7c3
Trying to fix ATT&CK framework tag 2019-04-01 10:36:35 +02:00
Florian Roth
3f2ce4b71f
Lowered level to medium 2019-04-01 09:47:14 +02:00
t0x1c-1
51c42a15a7 Allow Incoming Connections by Port or Application on Windows Firewall 2019-04-01 08:16:56 +02:00
patrick
0242c40360 Add new signature for linux clear command history 2019-03-24 10:10:14 +01:00
Florian Roth
ffac77fb37 Rule: extended LockerGoga description 2019-03-22 11:03:48 +01:00
Florian Roth
1adb040e0b Rule: LockerGoga 2019-03-22 10:59:31 +01:00
Florian Roth
2ad2ba9589 fix: rule field fix in proc_creation rule 2019-03-22 10:59:18 +01:00