Yugoslavskiy Daniil
|
5026438524
|
fix modified field
|
2020-08-25 01:29:57 +02:00 |
|
Yugoslavskiy Daniil
|
42c4079ed8
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
Brad Kish
|
d385cbfa69
|
Fix quoting for AD Object WriteDAC Access
The AccessMask field needs to be quoted so that it is compared correctly.
|
2020-06-22 15:31:03 -04:00 |
|
Thomas Patzke
|
ae6fcefbcd
|
Removed ATT&CK technique ids from titles and added tags
|
2020-01-11 00:33:50 +01:00 |
|
Thomas Patzke
|
9ca52259dd
|
Fixed identifier
|
2019-12-20 00:11:34 +01:00 |
|
Thomas Patzke
|
924e1feb54
|
UUIDs + moved unsupported logic
* Added UUIDs to all contributed rules
* Moved unsupported logic directory out of rules/ because this breaks CI
testing.
|
2019-12-19 23:56:36 +01:00 |
|
yugoslavskiy
|
3934f6c756
|
add win_ad_object_writedac_access.yml, sysmon_createremotethread_loadlibrary.yml, sysmon_rdp_registry_modification.yml; modified win_account_backdoor_dcsync_rights.yml
|
2019-10-24 14:34:16 +02:00 |
|