SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00

Author	SHA1	Message	Date
$frack113$ frack113	95af26f963	split powershell_suspicious_download.yml	2021-09-21 09:46:02 +02:00
$frack113$ frack113	79d22dde58	split global win_invoke_obfuscation_*	2021-09-20 22:56:13 +02:00
$frack113$ frack113	10d11b7890	fix 4697 fieldname	2021-09-20 22:53:59 +02:00
$frack113$ frack113	b6dc4de5e1	split global win_invoke_obfuscation_*	2021-09-20 22:42:59 +02:00
$frack113$ frack113	feee70644f	split global win_invoke_obfuscation_*	2021-09-20 22:40:33 +02:00
neu5ron	61c9c9fb20	Zeek detection for OMIGOD HTTP RCE Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>	2021-09-20 12:26:01 -04:00
Florian Roth	a18f4d3c10	Merge pull request #2053 from humpalum/master Rule for ADSelfService cve_2021_40539	2021-09-20 16:41:52 +02:00
$frack113$ frack113	6dbc369eb5	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 15:51:21 +02:00
$frack113$ frack113	4424bc9c5d	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 13:20:39 +02:00
Florian Roth	56069a2196	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 13:07:31 +02:00
Florian Roth	8909eefb90	Merge pull request #2052 from phantinuss/pr xwizard dll sideloading	2021-09-20 12:35:42 +02:00
Tobias Michalski	2b843e58ee	fix: added references	2021-09-20 12:28:47 +02:00
Tobias Michalski	79d2144424	feat: Rule for ADSelfService cve_2021_40539	2021-09-20 12:26:46 +02:00
phantinuss	25a407e24f	Update win_dll_sideload_xwizard.yml	2021-09-20 10:56:37 +02:00
Florian Roth	6c630502dc	Update win_dll_sideload_xwizard.yml	2021-09-20 10:54:53 +02:00
$frack113$ frack113	91788e57c7	Merge pull request #2051 from frack113/double_file_name fix duplicate name file	2021-09-20 10:45:35 +02:00
$frack113$ frack113	0960602982	Merge pull request #2049 from frack113/split_global Split global rules	2021-09-20 10:45:23 +02:00
phantinuss	4e794fe3e7	xwizard dll sideloading	2021-09-20 10:39:31 +02:00
$frack113$ frack113	6286cf80cc	fix duplicate name file	2021-09-20 09:31:04 +02:00
$frack113$ frack113	d5108502a2	split win_apt_chafer_mar18.yml	2021-09-19 11:48:20 +02:00
$frack113$ frack113	faff9e6db7	spli win_apt_slingshot.yml	2021-09-19 11:36:40 +02:00
$frack113$ frack113	e69ec4624a	split win_apt_gallium.yml	2021-09-19 11:24:17 +02:00
$frack113$ frack113	c43c12e557	split win_apt_turla_commands.yml	2021-09-19 11:17:50 +02:00
$frack113$ frack113	b576ad115b	split win_apt_unidentified_nov_18.yml	2021-09-19 11:11:04 +02:00
$frack113$ frack113	06de91c92a	split win_apt_wocao.yml	2021-09-19 11:07:24 +02:00
$frack113$ frack113	dc8ad15d1a	split win_exchange_transportagent.yml	2021-09-19 11:03:16 +02:00
$frack113$ frack113	deb0ad5f58	split win_hktl_createminidump.yml	2021-09-19 10:19:34 +02:00
$frack113$ frack113	18e7e16005	split win_mal_adwind.yml	2021-09-19 10:12:03 +02:00
$frack113$ frack113	416b0556b1	split win_silenttrinity_stage_use.yml	2021-09-19 10:02:05 +02:00
$frack113$ frack113	7d000f2b1d	split win_susp_winrm_AWL_bypass.yml	2021-09-19 09:41:17 +02:00
$frack113$ frack113	fda536040e	Merge pull request #2048 from frack113/fix_config Fix config banckends name	2021-09-19 09:30:02 +02:00
$frack113$ frack113	842e6481d8	Merge pull request #2046 from frack113/fix_Class Fix invalid registry _Class	2021-09-19 09:28:46 +02:00
$frack113$ frack113	88a59be69c	Add options and return error code	2021-09-18 18:13:16 +02:00
$frack113$ frack113	72d301ba20	remove bad cb	2021-09-18 15:55:01 +02:00
$frack113$ frack113	365db5abbc	fix bad elasticsearch-rule	2021-09-18 15:54:08 +02:00
$frack113$ frack113	5081c210b7	add simple script	2021-09-18 15:51:05 +02:00
Florian Roth	f3adb99740	Merge pull request #2047 from OTRF/master OMIGOD - Explore the use of SCX ExecuteScript to execute scripts using /bin/sh shell	2021-09-18 11:57:02 +02:00
Roberto Rodriguez	407289d300	Rule to detect the execution of a script via SCX RunAsprovider ExecuteScript	2021-09-18 03:50:37 -04:00
$frack113$ frack113	81bf864d94	fix detection	2021-09-17 19:56:26 +02:00
$frack113$ frack113	509a4c2822	fix detection	2021-09-17 19:54:50 +02:00
$frack113$ frack113	d22382d0b9	fix detection	2021-09-17 19:52:40 +02:00
$frack113$ frack113	a1222c7716	Update sysmon_apt_oceanlotus_registry	2021-09-17 19:50:30 +02:00
Florian Roth	31021b9c32	Merge pull request #2040 from frack113/fix_win_outlook_registry_webview cleanup condition win_outlook_registry_webview.yml	2021-09-17 14:49:35 +02:00
Florian Roth	89b225e43b	Merge pull request #2041 from frack113/fix_sysmon_susp_mic_cam_access fix detection in sysmon_susp_mic_cam_access	2021-09-17 14:49:07 +02:00
Florian Roth	260578dceb	fix: wrong modified field	2021-09-17 14:29:19 +02:00
Florian Roth	a4f91be7a8	Merge pull request #2042 from OTRF/master OMIGOD SCX RunAsProvider ExecuteShellCommand	2021-09-17 12:06:52 +02:00
Roberto Rodriguez	c17104b2eb	updated level to high	2021-09-17 04:30:17 -04:00
Roberto Rodriguez	7618cf4672	Rule to detect the use of the SCX RunAsProvider Invoke_ExecuteShellCommand to execute any UNIX/Linux command using the /bin/sh shell	2021-09-17 04:23:11 -04:00
$frack113$ frack113	6e4edfdf20	fix detection	2021-09-17 09:11:53 +02:00
$frack113$ frack113	ebc5ebe7ba	cleanup condition	2021-09-17 08:23:14 +02:00

... 4 5 6 7 8 ...

8318 Commits