Commit Graph

4230 Commits

Author SHA1 Message Date
Jonhnathan
dde5b46726
Update win_susp_sam_dump.yml 2020-10-27 22:01:31 -03:00
Jonhnathan
61ccdc598d
Update win_susp_local_anon_logon_created.yml 2020-10-27 22:00:42 -03:00
Jonhnathan
3eea825898
Update win_net_ntlm_downgrade.yml 2020-10-27 21:59:49 -03:00
Jonhnathan
53ff19f167
Update win_mmc20_lateral_movement.yml 2020-10-27 21:55:17 -03:00
Jonhnathan
3f23aa56c0 Revert "Revert "Changed the rule to download only and not the copy""
This reverts commit 17e7eee3a6.
2020-10-16 11:05:51 -03:00
Jonhnathan
0734274dfa Revert "Revert "Create win_susp_replace_lolbin.yml""
This reverts commit fdd9234acc.
2020-10-16 11:05:40 -03:00
Jonhnathan
9a5c166bb2
Fix filter 2020-10-16 07:35:59 -03:00
Jonhnathan
2332e42e4c
Update win_susp_copy_lateral_movement.yml 2020-10-15 21:01:23 -03:00
Jonhnathan
d4603d196b
Update win_susp_adfind.yml 2020-10-15 21:00:15 -03:00
Jonhnathan
fc6c727c70
Update powershell_malicious_commandlets.yml 2020-10-15 20:59:27 -03:00
Jonhnathan
1584ddf918
Update sysmon_susp_service_installed.yml 2020-10-15 20:50:42 -03:00
Jonhnathan
f4872118a2
Update win_powershell_dll_execution.yml 2020-10-15 20:38:55 -03:00
Jonhnathan
3566dd1594
Fix 2020-10-15 20:35:50 -03:00
Jonhnathan
44c909a4a4
Update win_apt_mustangpanda.yml 2020-10-15 20:33:00 -03:00
Jonhnathan
5fc348fd45
Fix 2020-10-15 20:32:16 -03:00
Jonhnathan
37ee747dfe
Update win_apt_chafer_mar18.yml 2020-10-15 20:30:52 -03:00
Jonhnathan
1fac65dad0
Fix 2020-10-15 20:29:02 -03:00
Jonhnathan
0dfacd1f63
Fix 2020-10-15 20:27:10 -03:00
Jonhnathan
9795c95a9b
Update av_webshell.yml 2020-10-15 20:25:34 -03:00
Jonhnathan
345c3c6451
Fix 2020-10-15 20:24:31 -03:00
Jonhnathan
86ade194a4
Fix 2020-10-15 20:22:56 -03:00
Jonhnathan
0666d21b06
Update win_dcsync.yml 2020-10-15 20:19:06 -03:00
Jonhnathan
d7eda3fe7e
Update sysmon_wmi_susp_scripting.yml 2020-10-15 20:15:22 -03:00
Jonhnathan
92aaeca075
Update sysmon_susp_powershell_rundll32.yml 2020-10-15 20:14:23 -03:00
Jonhnathan
26b36086c7
Update sysmon_cmstp_execution.yml 2020-10-15 20:13:39 -03:00
Jonhnathan
df81f5180d
Update sysmon_cactustorch.yml 2020-10-15 20:12:54 -03:00
Jonhnathan
457217bfc0
Update sysmon_win_reg_persistence.yml 2020-10-15 20:11:52 -03:00
Jonhnathan
229e57777a
Update sysmon_win_reg_persistence.yml 2020-10-15 20:11:37 -03:00
Jonhnathan
8a52610bf8
Update sysmon_uac_bypass_eventvwr.yml 2020-10-15 20:11:11 -03:00
Jonhnathan
6ea18efdaf
Update sysmon_sysinternals_eula_accepted.yml 2020-10-15 20:10:44 -03:00
Jonhnathan
7dfb8f0e99
Update sysmon_suspicious_keyboard_layout_load.yml 2020-10-15 20:10:21 -03:00
Jonhnathan
9c434eaf04
Update sysmon_susp_service_installed.yml 2020-10-15 20:10:06 -03:00
Jonhnathan
33ed01e285
Update sysmon_susp_run_key_img_folder.yml 2020-10-15 20:09:42 -03:00
Jonhnathan
45466cf95d
Update sysmon_susp_reg_persist_explorer_run.yml 2020-10-15 20:08:47 -03:00
Jonhnathan
b55b78c42d
Update sysmon_susp_lsass_dll_load.yml 2020-10-15 20:08:12 -03:00
Jonhnathan
17ade8e5f5
Update sysmon_susp_download_run_key.yml 2020-10-15 20:07:53 -03:00
Jonhnathan
6fc6409c7f
Update sysmon_stickykey_like_backdoor.yml 2020-10-15 20:07:11 -03:00
Jonhnathan
03ea1375e2
Update sysmon_registry_persistence_search_order.yml 2020-10-15 20:05:46 -03:00
Jonhnathan
f101d661f0
Update sysmon_reg_office_security.yml 2020-10-15 20:05:11 -03:00
Jonhnathan
176b7ce08f
Update sysmon_rdp_settings_hijack.yml 2020-10-15 20:04:57 -03:00
Jonhnathan
4c9cf8b759
Update sysmon_new_dll_added_to_appinit_dlls_registry_key.yml 2020-10-15 20:04:31 -03:00
Jonhnathan
51eefbae0c
Update sysmon_logon_scripts_userinitmprlogonscript_reg.yml 2020-10-15 20:04:05 -03:00
Jonhnathan
143e6512ad
Update sysmon_dns_serverlevelplugindll.yml 2020-10-15 20:03:42 -03:00
Jonhnathan
c4a44e2376
Update sysmon_dns_serverlevelplugindll.yml 2020-10-15 20:03:29 -03:00
Jonhnathan
bdca2febe9
Update sysmon_dhcp_calloutdll.yml 2020-10-15 20:02:58 -03:00
Jonhnathan
337e26a034
Update sysmon_cmstp_execution.yml 2020-10-15 20:02:37 -03:00
Jonhnathan
4adf092a25
Update win_workflow_compiler.yml 2020-10-15 20:00:57 -03:00
Jonhnathan
eb9bac761f
Update win_wmi_spwns_powershell.yml 2020-10-15 20:00:44 -03:00
Jonhnathan
b2e1b857ae
Update win_wmi_backdoor_exchange_transport_agent.yml 2020-10-15 20:00:27 -03:00
Jonhnathan
86ad1f45f5
Update win_win10_sched_task_0day.yml 2020-10-15 20:00:13 -03:00