valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,021 Commits 20 Branches 25 Tags 21 MiB
a4dc849fdb
Commit Graph

7021 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
cf221c08c8
Merge pull request #1743 from BlackB0lt/patch-13 
Create aws_macic_evasion
 2021-07-27 08:08:08 +02:00
Florian Roth
cbadb3c239
Merge pull request #1740 from austinsonger/aws_sts_assumedrole_misuse.yml 
aws_sts_assumedrole_misuse.yml
 2021-07-27 08:07:25 +02:00
Florian Roth
ade5e80f9d
Update azure_kubernetes_events_deleted.yml 2021-07-27 08:07:00 +02:00
Florian Roth
3776ac6057
Merge pull request #1739 from austinsonger/aws_s3_data_management_tampering.yml 
aws_s3_data_management_tampering.yml
 2021-07-27 08:06:35 +02:00
Florian Roth
9f27ab5426
Merge pull request #1738 from JohnLaTwC/patch-4 
cover evasions from unicode substitutions
 2021-07-27 08:05:48 +02:00
Florian Roth
6f62f5f251
Update azure_kubernetes_pods_deleted.yml 2021-07-27 08:04:24 +02:00
Florian Roth
51e1074fa0
Merge pull request #1735 from austinsonger/aws_elasticache_security_group_created.yml 
aws_elasticache_security_group_created.yml
 2021-07-27 08:03:30 +02:00
Florian Roth
39a1328c58
Merge pull request #1727 from austinsonger/aws_route_53_domain_transferred_lock_disabled.yml 
Aws route 53 domain transferred lock disabled.yml
 2021-07-27 08:02:59 +02:00
Florian Roth
e49f4c86b6
Merge pull request #1726 from austinsonger/aws_route_53_domain_transferred_to_another_account.yml 
Aws route 53 domain transferred to another account.yml
 2021-07-27 08:02:27 +02:00
Gábor Lipták
d2592ee0b6
Add yamllint to GHA 
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
 2021-07-26 21:26:16 -04:00
Sittikorn S
015d179b41
Update aws_macic_evasion.yml 2021-07-26 21:27:59 +07:00
Sittikorn S
899baa073e
Update aws_macic_evasion.yml 2021-07-26 17:21:47 +07:00
Sittikorn S
d6078582d1
Rename aws_macic_evasion to aws_macic_evasion.yml 
extend .yml
 2021-07-26 17:16:12 +07:00
Florian Roth
21c4d241a1 HiveNightmare and Relay attack tools adjustments 2021-07-26 10:59:35 +02:00
Sittikorn S
b74ff205a3
Update aws_macic_evasion 2021-07-26 15:43:48 +07:00
Sittikorn S
819fcaea18
Update aws_macic_evasion 2021-07-26 15:38:34 +07:00
Sittikorn S
9de84bf82c
Update aws_macic_evasion 2021-07-26 15:26:17 +07:00
Sittikorn S
288e4b502f
Create aws_macic_evasion 2021-07-26 15:14:44 +07:00
Austin Songer
1be402e791
Update aws_s3_data_management_tampering.yml 2021-07-25 02:25:24 -05:00
Austin Songer
0a07795a4e
Update aws_route_53_domain_transferred_to_another_account.yml 2021-07-25 02:24:22 -05:00
Austin Songer
b7fc362f4a
Update aws_route_53_domain_transferred_lock_disabled.yml 2021-07-25 02:22:13 -05:00
John Lambert
2b57f95e72
Update win_grabbing_sensitive_hives_via_reg.yml 2021-07-24 18:17:27 -05:00
Austin Songer
1405ae274e
Update aws_elasticache_security_group_created.yml 2021-07-24 16:20:00 -05:00
Austin Songer
67c17b9330
Update aws_sts_assumedrole_misuse.yml 2021-07-24 16:18:34 -05:00
Austin Songer
ebe7e4c89e
Update aws_sts_getsessiontoken_misuse.yml 2021-07-24 16:18:06 -05:00
Austin Songer
d9f70366b6
Create aws_sts_getsessiontoken_misuse.yml 2021-07-24 12:05:44 -05:00
Austin Songer
e023842463
Create aws_sts_assumedrole_misuse.yml 2021-07-24 12:03:35 -05:00
Austin Songer
9fe7b87995
Delete aws_sts_getsessiontoken_abuse.yml 2021-07-24 11:33:01 -05:00
Austin Songer
8a1909ccc2
Create aws_sts_getsessiontoken_abuse.yml 2021-07-24 11:32:07 -05:00
Austin Songer
99c2edb608
Update aws_s3_data_management_tampering.yml 2021-07-24 11:17:18 -05:00
Austin Songer
d283e97415
Create aws_s3_data_management_tampering.yml 2021-07-24 11:12:19 -05:00
Austin Songer
64e655d6ef
Delete aws_s3_data_management_tampering.yml 2021-07-24 11:11:21 -05:00
Austin Songer
d7303ed7b2
Create aws_s3_data_management_tampering.yml 2021-07-24 11:09:31 -05:00
Austin Songer
9a9f0cf594
Update azure_kubernetes_events_deleted.yml 2021-07-24 10:44:06 -05:00
Austin Songer
9bef445f94
Update azure_kubernetes_pods_deleted.yml 2021-07-24 10:42:53 -05:00
John Lambert
da6e747547
cover evasions from unicode substitutions 
Add variations to cover unicode substitutions to avoid evasion.

> Unicode contains a range for Spacing Modifier Letters (0x02B0 - 0x02FF) [4], which includes characters such as ˪, ˣ and ˢ. Some command-line parsers recognise these as letters and convert them back to l, x and s respectively. 

See (https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation) by @Wietze
 2021-07-24 10:33:15 -05:00
Austin Songer
e123635c42
Update azure_kubernetes_events_deleted.yml 2021-07-24 10:32:27 -05:00
Austin Songer
152951f171
Update azure_kubernetes_pods_deleted.yml 2021-07-24 10:32:19 -05:00
Austin Songer
0445be8d01
Update azure_kubernetes_events_deleted.yml 2021-07-24 10:28:21 -05:00
Austin Songer
ef64e2a02f
Update azure_kubernetes_events_deleted.yml 2021-07-24 10:28:09 -05:00
Austin Songer
5fc36eb8d6
Rename azure_kubernetes_pods_delete.yml to azure_kubernetes_pods_deleted.yml 2021-07-24 10:25:51 -05:00
Austin Songer
c366ae4b2a
Update azure_kubernetes_pods_delete.yml 2021-07-24 10:25:37 -05:00
Austin Songer
0460536444
Create azure_kubernetes_pods_delete.yml 2021-07-24 10:24:29 -05:00
Austin Songer
7c6b13936d
Create azure_kubernetes_events_deleted.yml 2021-07-24 10:20:11 -05:00
Florian Roth
7cacc57313
Merge pull request #1733 from SigmaHQ/rule-devel 
New hive file pattern for C# version of HiveNightmare
 2021-07-24 16:41:51 +02:00
Austin Songer
55a2af475b
Update aws_elasticache_security_group_modified_or_deleted.yml 2021-07-24 09:35:05 -05:00
Austin Songer
5d3b687ce4
Update aws_elasticache_security_group_created.yml 2021-07-24 09:34:08 -05:00
Austin Songer
8816cb3345
Create aws_elasticache_security_group_modified_or_deleted.yml 2021-07-24 09:23:25 -05:00
Austin Songer
e5edd03ff3
Create aws_elasticache_security_group_created.yml 2021-07-24 09:16:11 -05:00
Florian Roth
9771943116 refactor: new file pattern SeriousSAM 2021-07-24 16:13:36 +02:00