valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,928 Commits 20 Branches 25 Tags 21 MiB
64f5af4c45
Commit Graph

77 Commits

Author SHA1 Message Date
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
GlebSukhodolskiy
daaba7022b
Merge branch 'oscd' into oscd_wmi 2021-02-06 00:34:53 +03:00
k-vdv
e4edf7bc1b fix service from system to security for rule win_pcap_drivers.yml 2021-01-22 09:10:02 +01:00
GlebSukhodolskiy
3f519ffa20
Just Check 2021-01-07 21:31:51 +03:00
GlebSukhodolskiy
da5ec4e952
Update win_wmi_persistence.yml 
Removed sequence of EIDs in Windows Security section.
 2021-01-06 16:50:28 +03:00
yugoslavskiy
5ade9208d5
Merge pull request #1166 from drdoc/oscd 
[OSCD] Possible Zerologon (CVE-2020-1472) exploitation using well-known tools
 2021-01-06 00:12:34 +03:00
mat
b3e36281b5 fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
Florian Roth
b31ed47ccf Merge branch 'master' into devel 2020-11-26 09:44:56 +01:00
Jonhnathan
c42911cb47
Update win_wmi_persistence.yml 2020-11-20 00:58:49 -03:00
Jonhnathan
718792e0ba
Update win_tool_psexec.yml 2020-11-20 00:57:16 -03:00
yugoslavskiy
6ec761d27b
update syntax a bit to re-run the test 2020-10-20 17:40:53 +02:00
yugoslavskiy
198add2229
Update win_wmi_persistence.yml 
to trigger a test
 2020-10-17 22:28:10 +02:00
Jonhnathan
1fac65dad0
Fix 2020-10-15 20:29:02 -03:00
Jonhnathan
09c43b7517
Update win_wmi_persistence.yml 2020-10-15 17:08:15 -03:00
Jonhnathan
b769728d0b
Update win_pcap_drivers.yml 2020-10-15 17:07:22 -03:00
GlebSukhodolskiy
7ca50c94f2
Reference changed 2020-10-15 12:12:22 +03:00
Demyan Sokolin
fce386388d Title fixed [2] 
Title capitalization added
 2020-10-14 02:17:20 +03:00
Demyan Sokolin
ba2771147b Title length fixed 
Title and description changed to meet requirements.
 2020-10-14 02:04:34 +03:00
Demyan Sokolin
208798e373 [OSCD] Possible Zerologon (CVE-2020-1472) exploitation using well-known tools 2020-10-14 01:55:45 +03:00
GlebSukhodolskiy
9da9c20c63
Description Changed 2020-10-13 22:06:34 +03:00
GlebSukhodolskiy
b732c060a1
Fixed sigma syntax 2020-10-13 22:02:53 +03:00
GlebSukhodolskiy
cd98d907a1
Log Sources Modified 
Modified Log Sources and Deleted a Sysmon Detection due to Discussion in PR #1161
 2020-10-13 21:39:03 +03:00
GlebSukhodolskiy
fa3a06aadb
Added 2 More Detection Methods 
Issue #576
 2020-10-13 20:50:43 +03:00
Florian Roth
2cd9b794e6
Merge pull request #1007 from d4rk-d4nph3/master 
Windows Defender AMSI Trigger Detected
 2020-09-15 15:45:00 +02:00
Bhabesh Rai
03c7d751c0 Windows Defender AMSI Trigger Detected 2020-09-14 18:10:38 +05:45
Yugoslavskiy Daniil
1fc202fe5d fix typos, update tags 2020-09-13 15:46:45 +02:00
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth
39dfcd40ec
Merge pull request #921 from d4rk-d4nph3/master 
Added support for Defender's PSExec and WMI ASR rules.
 2020-09-07 09:40:46 +02:00
Yugoslavskiy Daniil
5026438524 fix modified field 2020-08-25 01:29:57 +02:00
Yugoslavskiy Daniil
42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Florian Roth
f788a723b6
Merge pull request #986 from diskurse/devel 
win_defender_history_delete.yml
 2020-08-21 16:05:49 +02:00
Cian Heasley
28fe002f34
win_defender_history_delete.yml 
Windows Defender logs when the history of detected infections is deleted. Log file will contain the message "Windows Defender Antivirus has removed history of malware and other potentially unwanted software".
 2020-08-21 13:51:05 +01:00
Aidan Bracher
ad9a8ff956 Updated to include extra registry key 2020-07-18 02:37:11 +01:00
Aidan Bracher
2006aa8f5e Inclusion of registry keys for WinDefender disabling 2020-07-18 02:23:30 +01:00
Bhabesh Rai
e0c1d84951 Added new Lateral Movement Attack ID 2020-07-14 22:32:29 +05:45
Bhabesh Rai
6fb045aa4b Conforming to Rule Creation Guide. 2020-07-14 14:20:07 +05:45
Bhabesh Rai
66ad325fde Added support for Defender's PSExec and WMI ASR rules. 2020-07-14 14:01:43 +05:45
Thomas Patzke
28013a15e1 Improved rule 2020-07-07 23:18:07 +02:00
Thomas Patzke
90f09f7b12 Merge branch 'devel' of https://github.com/diskurse/sigma into pr-829 2020-07-07 23:15:39 +02:00
j91321
24029d998a FIX: lint error for title 2020-06-28 11:05:19 +02:00
j91321
ae842a65cb Windows Defender rules and logsource 2020-06-28 10:55:32 +02:00
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth
a7136481f1
Update win_pcap_drivers.yml 2020-06-11 11:14:43 +02:00
Cian Heasley
9835c6d67d
add win_pcap_drivers.yml 2020-06-10 15:53:22 +01:00
Florian Roth
35e43db7a7 fix: converted CRLF line break to LF 2020-03-25 14:36:34 +01:00
Florian Roth
82cae6d63c
Merge pull request #604 from Neo23x0/devel 
New tests, colorized test output and rule cleanup
 2020-01-31 07:07:13 +01:00
Florian Roth
e79e99c4aa fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
Florian Roth
30d872f98f
Merge pull request #492 from booberry46/master 
Bypass Windows Defender
 2020-01-30 14:27:30 +01:00
Florian Roth
0a4d32c7c7
fix: fixing issues 2020-01-30 10:07:24 +01:00
Florian Roth
d90ea6d267
improved rule 2020-01-30 09:58:32 +01:00