valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,742 Commits 20 Branches 25 Tags 21 MiB
da6135ccb3
Commit Graph

6742 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sittikorn S
d33da0b25c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 14:42:04 +07:00
Florian Roth
203e6cf7b2
Merge pull request #1599 from d4rk-d4nph3/master 
New rule and update for PrintNightmare
 2021-07-02 09:27:30 +02:00
Florian Roth
69d1da758a
Merge pull request #1601 from wagga40/master 
Updated PrintNightmare Sysmon Imageload based rule with modifiers
 2021-07-02 09:26:49 +02:00
Sittikorn S
990699b81c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 11:54:37 +07:00
Sittikorn S
e94cdbbf84
Update and rename av_printernightmare_cve_2021_1675.yml to av_printernightmare_cve_2021_34527.yml 
Assign CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
 2021-07-02 11:50:24 +07:00
wagga40
ae670603e8 Updated PrintNightmare Sysmon Imageload based rule with modifiers 2021-07-01 21:34:53 +02:00
Florian Roth
b09efee045
Merge pull request #1600 from SigmaHQ/rule-devel 
rule: suspicious printer driver - empty manufacturer
 2021-07-01 16:46:09 +02:00
Florian Roth
e97bdf36f9 rule: suspicious printer driver - empty manufacturer 2021-07-01 13:55:21 +02:00
Bhabesh Rai
08a7886621 Added rule for deletion of DLLs by PrintNightmare 2021-07-01 16:33:55 +05:45
Bhabesh Rai
37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Florian Roth
7584471e2a
Merge pull request #1598 from SigmaHQ/rule-devel 
rule: CVE-2021-1675 Operational Log
 2021-07-01 12:05:10 +02:00
Florian Roth
b9678f5456
Merge pull request #1595 from BlackB0lt/patch-10 
Create av_printernightmare_cve_2021_1675.yml
 2021-07-01 10:29:28 +02:00
Florian Roth
69a64b166c
fix: missing indentation 2021-07-01 10:29:20 +02:00
Florian Roth
68b5ed6015
Merge pull request #1587 from BlackB0lt/patch-8 
Create web_cve_2021_22893_pulse_secure_rce_exploit.yml
 2021-07-01 10:28:47 +02:00
Florian Roth
66f21faec0 rule: CVE-2021-1675 Operational Log 2021-07-01 10:28:10 +02:00
Florian Roth
825ff5520b
Merge pull request #1597 from SigmaHQ/rule-devel 
config: add PrintService Operational
 2021-07-01 10:27:43 +02:00
Florian Roth
63f3fd7e73 config: add PrintService Operational 2021-07-01 09:55:15 +02:00
Florian Roth
f438039af9
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-07-01 09:49:01 +02:00
Florian Roth
a9500a3b1a
refactor: any finding in spool drivers is relevant 2021-07-01 09:46:35 +02:00
Florian Roth
4fd659eafa
Merge pull request #1596 from d4rk-d4nph3/master 
Added new observed path for Image Load in PrintNightmare
 2021-07-01 09:44:52 +02:00
Bhabesh Rai
69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai
dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai
f432a0787a Merge branch 'master' of https://github.com/d4rk-d4nph3/sigma into master 2021-07-01 12:22:25 +05:45
Bhabesh Rai
86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
d4rk-d4nph3
a2f4295862
Merge pull request #1 from SigmaHQ/master 
Syncing upstream
 2021-07-01 12:19:06 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Sittikorn S
3382d5da09
Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00
Florian Roth
cb63816dcc
Merge pull request #1593 from hieuttmmo/master 
PrintNightmare Detection using ImageLoad
 2021-06-30 16:10:19 +02:00
Florian Roth
1ac79238dc
Merge pull request #1592 from SigmaHQ/rule-devel 
rules: CVE-2021-1675 exploitation events
 2021-06-30 16:09:34 +02:00
Florian Roth
7a96b40895 rule: CVE-2021-1675 eventid extension 2021-06-30 16:08:33 +02:00
hieuttmmo
dceb13fe3f
Merge branch 'SigmaHQ:master' into master 2021-06-30 20:36:23 +07:00
Tran Trung Hieu
579220de6f Detect the PrintNighmare exploit using ImageLoad 2021-06-30 20:30:22 +07:00
Florian Roth
c508e71165 rules: CVE-2021-1675 exploitation events 2021-06-30 14:51:20 +02:00
Florian Roth
19962c6fe4
Merge pull request #1590 from SigmaHQ/rule-devel 
config: mappings for Microsoft print service
 2021-06-30 14:50:52 +02:00
Florian Roth
d2f7edc778 refactor: change title of older CVE-2021-1675 rule 2021-06-30 14:23:14 +02:00
Florian Roth
a49bfb14dd refactor: Admin log - not Operational 2021-06-30 14:22:40 +02:00
Florian Roth
26cfbb9c34 config: mapping for Microsoft SMBClient service - security 2021-06-30 14:16:26 +02:00
Florian Roth
8262a1d98b config: mappings for Microsoft print service 2021-06-30 14:09:44 +02:00
Sittikorn S
9ae8fedff3
Update aws_ec2_disable_encryption.yml 2021-06-29 18:05:25 +07:00
Florian Roth
9899dd9b82
Merge pull request #1579 from frack113/fix_pr_1022 
Fix file from PR 1022
 2021-06-29 12:51:08 +02:00
Florian Roth
9c769a3fce
Update aws_securityhub_finding_evasion.yml 2021-06-29 12:49:32 +02:00
Sittikorn S
c9ce298b2e
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 
remove http response
 2021-06-29 17:49:01 +07:00
Florian Roth
863941bff5
Merge pull request #1586 from BlackB0lt/patch-7 
Update sysmon_rclone_execution.yml
 2021-06-29 12:46:24 +02:00
Florian Roth
bbe67ddc73
Merge pull request #1589 from WojciechLesicki/master 
CobaltStrike Service Installations in Registry
 2021-06-29 12:44:10 +02:00
Florian Roth
1425ede905
Merge pull request #1588 from SigmaHQ/rule-devel 
CVE-2021-1675 Print Spooler Exploitation
 2021-06-29 12:31:37 +02:00
Florian Roth
a27d3d5880 docs: add 2nd Github upload 2021-06-29 12:31:13 +02:00
Wojciech Lesicki
7c8f9b2d8c
Merge branch 'SigmaHQ:master' into master 2021-06-29 11:05:42 +02:00
WojciechLesicki
ae317652f7 Back to upstream version. 2021-06-29 11:02:55 +02:00
WojciechLesicki
364cfe56c2 Base to upstream version 2021-06-29 10:57:36 +02:00