SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00

Author	SHA1	Message	Date
Jonhnathan	43a56b6759	Update win_susp_raccess_sensitive_fext.yml	2020-10-15 15:51:57 -03:00
Jonhnathan	054255fb17	Update win_susp_psexec.yml	2020-10-15 15:51:16 -03:00
Jonhnathan	dae1f3fa71	Update win_susp_ntlm_rdp.yml	2020-10-15 15:50:44 -03:00
Jonhnathan	9b8817f489	Update win_susp_msmpeng_crash.yml	2020-10-15 15:50:01 -03:00
Jonhnathan	c310d72e2b	Update win_susp_mshta_execution.yml	2020-10-15 15:49:39 -03:00
Jonhnathan	7419396351	Update win_susp_mshta_execution.yml	2020-10-15 15:49:26 -03:00
Jonhnathan	1eb0ccbf14	Update win_susp_local_anon_logon_created.yml	2020-10-15 15:48:36 -03:00
Jonhnathan	e089118718	Update win_possible_dc_shadow.yml	2020-10-15 15:45:55 -03:00
Jonhnathan	6961ee4986	Update win_net_ntlm_downgrade.yml	2020-10-15 15:44:24 -03:00
Jonhnathan	8261737728	Update win_mmc20_lateral_movement.yml	2020-10-15 15:42:07 -03:00
Jonhnathan	8f3542a73e	Update win_mal_wceaux_dll.yml	2020-10-15 15:41:13 -03:00
Jonhnathan	9bfd63ec26	Update win_hack_smbexec.yml	2020-10-15 15:20:08 -03:00
Jonhnathan	e5789a2a52	Update win_dcsync.yml	2020-10-15 15:19:18 -03:00
Jonhnathan	777e49b76c	Update win_av_relevant_match.yml	2020-10-15 15:17:33 -03:00
Jonhnathan	b555628321	Update win_atsvc_task.yml	2020-10-15 15:15:01 -03:00
Jonhnathan	44735049b6	Update win_apt_stonedrill.yml	2020-10-15 15:14:27 -03:00
Jonhnathan	02a1ab4033	Update win_alert_mimikatz_keywords.yml	2020-10-15 15:11:10 -03:00
Jonhnathan	26b442ec48	Update win_alert_lsass_access.yml Getting rid of '*' use	2020-10-15 15:09:35 -03:00
Jonhnathan	79c2b8d570	Update win_GPO_scheduledtasks.yml Getting rid of '*' use	2020-10-15 15:07:16 -03:00
Jonhnathan	4aa96a2ac9	Update win_alert_enable_weak_encryption.yml	2020-10-15 15:05:49 -03:00
Jonhnathan	5765573907	Update win_alert_active_directory_user_control.yml Getting rid of '*' use	2020-10-15 15:04:08 -03:00
Jonhnathan	1c06c9e166	Update win_admin_share_access.yml Getting rid of '*' use	2020-10-15 15:03:31 -03:00
Jonhnathan	085dc21d25	Update win_admin_rdp_login.yml Getting rid of '*' use	2020-10-15 15:02:40 -03:00
Jonhnathan	9c7a23e432	Update win_account_discovery.yml Getting rid of '*' use	2020-10-15 15:01:31 -03:00
Jonhnathan	fdd9234acc	Revert "Create win_susp_replace_lolbin.yml" This reverts commit `e6a6549676`.	2020-10-15 14:57:18 -03:00
Jonhnathan	17e7eee3a6	Revert "Changed the rule to download only and not the copy" This reverts commit `1324bc1ad1`.	2020-10-15 14:57:14 -03:00
Jonhnathan	1324bc1ad1	Changed the rule to download only and not the copy	2020-10-07 16:18:21 -03:00
Jonhnathan	e6a6549676	Create win_susp_replace_lolbin.yml Item 77 of #1014	2020-10-07 10:37:15 -03:00
Florian Roth	c56cd2dfff	Merge pull request #1024 from omkar72/master Com hijack shell folder	2020-10-02 09:24:16 +02:00
omkargudhate22	4487d9cc7e	added event type & changed technique	2020-10-02 09:22:14 +05:30
Florian Roth	d3ee1aba66	docs: MITRE ATT&CK(R) trademark references removed or adjusted https://github.com/Neo23x0/sigma/issues/1028	2020-09-30 08:53:52 +02:00
Florian Roth	c17ca6d5fe	Merge pull request #1018 from savvyspoon/wcry-dns WannaCry Killswitch domain DNS query	2020-09-29 09:27:21 +02:00
omkargudhate22	68a992d903	updated name	2020-09-27 21:57:19 +05:30
omkargudhate22	e7c8197e34	Updated fields & renamed	2020-09-27 21:52:59 +05:30
omkargudhate22	ebe3dce1d7	Update sysmon_comhijack_uac_bypass.yml	2020-09-27 21:44:41 +05:30
omkar72	3f148e6c7c	COM hijack of shell folder to execute arbitrary application & UAC bypass using sdclt.	2020-09-27 21:19:04 +05:30
omkargudhate22	15c8721e7b	Merge pull request #1 from Neo23x0/master Updating my fork	2020-09-27 19:12:36 +05:30
Florian Roth	d7d9c0e772	Merge pull request #1021 from hieuttmmo/master Sigma rule to detect AdFind.exe execution	2020-09-27 09:50:41 +02:00
Florian Roth	8020fe3c40	false positive condition	2020-09-26 17:03:29 +02:00
Florian Roth	60795f7050	Update win_susp_adfind.yml Fear that a simple adfind.exe causes too many false positives	2020-09-26 17:02:39 +02:00
Florian Roth	dbdd758365	Duplicate Rule we already have a rule for that	2020-09-26 17:01:32 +02:00
Tran Trung Hieu	d4dd0600ad	Fix logsource service to process_creation	2020-09-26 21:45:23 +07:00
Tran Trung Hieu	c756fc8576	Detect Suspicious AdFind Execution	2020-09-26 21:34:06 +07:00
Mike Wade	f76f80db80	Killswitch domain	2020-09-16 20:32:31 -06:00
Mike Wade	7b1ef9ea64	fixing test runner issues	2020-09-15 15:45:33 -06:00
Mike Wade	6ed36b0e41	fixed issues with tabs and duplicate tags	2020-09-15 08:52:00 -06:00
Florian Roth	2cd9b794e6	Merge pull request #1007 from d4rk-d4nph3/master Windows Defender AMSI Trigger Detected	2020-09-15 15:45:00 +02:00
Florian Roth	19ccfb80da	Merge pull request #1016 from NVISO-BE/win_vul_cve_2020_1472 Added win_vul_cve_2020_1472 rule	2020-09-15 15:43:53 +02:00
Remco Hofman	6cadfa5b2b	Added win_vul_cve_2020_1472 rule	2020-09-15 15:13:53 +02:00
Mike Wade	1ddba05eb2	Second round	2020-09-15 07:02:30 -06:00

... 2 3 4 5 6 ...

4140 Commits