valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,397 Commits 20 Branches 25 Tags 21 MiB
efc404fbae
Commit Graph

2397 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yugoslavskiy
efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Florian Roth
0dd583510a
Merge pull request #534 from Neo23x0/devel 
rules and fixes
 2019-11-18 16:01:26 +01:00
Florian Roth
2c855be9d3 fix: casing fix in renamed procdump rule 2019-11-18 15:57:14 +01:00
Florian Roth
fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Florian Roth
93f890b31d rule: renamed procdump 2019-11-18 15:27:04 +01:00
Florian Roth
da05c9bb82 fix: line break in description 2019-11-18 15:26:55 +01:00
Florian Roth
2c54d1afe4 rule: removed Zebrocy rule because it doesn't work that way 
reason: command line gets split up at the '&' character, which results in two command lines
 2019-11-18 11:42:38 +01:00
Florian Roth
396c506794
Merge pull request #532 from Neo23x0/devel 
rule: RottenPotato attack pattern
 2019-11-15 12:01:42 +01:00
Florian Roth
04288771a1 fix: bugfix in RottenPotato rule - wrong identifier 2019-11-15 11:50:03 +01:00
Florian Roth
7e6031705e rule: RottenPotato attack pattern 2019-11-15 11:44:18 +01:00
Florian Roth
c99ab28834
Merge pull request #531 from Neo23x0/devel 
Devel
 2019-11-15 00:34:38 +01:00
Florian Roth
ff3ed04405 rule: Exploiting SetupComplete.cmd CVE-2019-1378 2019-11-15 00:26:18 +01:00
Florian Roth
2cf6e16024 fix: missing new MITRE tactics category in tests 2019-11-14 23:31:38 +01:00
Florian Roth
e8bfc28284 Merge branch 'devel' 2019-11-14 10:16:56 +01:00
Florian Roth
2b7699cc15 fix: fixed broken condition 2019-11-14 10:15:18 +01:00
Florian Roth
2e452d4035
Merge pull request #528 from Neo23x0/devel 
Rule: suspicious msiexec directory
 2019-11-14 10:00:12 +01:00
Florian Roth
95a8563606 Rule: suspicious msiexec directory 2019-11-14 09:51:55 +01:00
yugoslavskiy
ac21810d7a
Merge pull request #516 from yugoslavskiy/oscd_task_#2_credentials_dumping 
oscd task #2 completed
 2019-11-14 01:03:27 +03:00
yugoslavskiy
1cc9ddc8b8
Update win_dumping_ntdsdit_via_netsync.yml 2019-11-14 01:00:28 +03:00
yugoslavskiy
d29941b414
Update win_dumping_ntdsdit_via_dcsync.yml 2019-11-14 00:59:38 +03:00
yugoslavskiy
01ed5a7135
Update sysmon_unsigned_image_loaded_into_lsass.yml 2019-11-14 00:58:39 +03:00
yugoslavskiy
20a5c9498c
Update sysmon_raw_disk_access_using_illegitimate_tools.yml 2019-11-14 00:58:00 +03:00
yugoslavskiy
4b8873b706
Update sysmon_lsass_memory_dump_file_creation.yml 2019-11-14 00:55:20 +03:00
yugoslavskiy
f0cce60a2c
Update sysmon_cred_dump_tools_dropped_files.yml 2019-11-14 00:53:25 +03:00
yugoslavskiy
9b9f37715f
Update process_creation_shadow_copies_deletion.yml 2019-11-14 00:50:10 +03:00
yugoslavskiy
a1831bb503
Update process_creation_shadow_copies_creation.yml 2019-11-14 00:48:50 +03:00
yugoslavskiy
1445589839
Update process_creation_copying_sensitive_files_with_credential_data.yml 2019-11-14 00:47:14 +03:00
yugoslavskiy
c7c29a39b6
Update win_susp_lsass_dump_generic.yml 2019-11-14 00:45:47 +03:00
yugoslavskiy
633c6db254
Update win_remote_registry_management_using_reg_utility.yml 2019-11-14 00:44:47 +03:00
yugoslavskiy
cd31354df2
Update win_quarkspwdump_clearing_hive_access_history.yml 2019-11-14 00:43:56 +03:00
yugoslavskiy
334626168c
Update win_mal_service_installs.yml 2019-11-14 00:43:03 +03:00
yugoslavskiy
fecaddcd47
Merge pull request #505 from darkquasar/master 
Adding rule Suspicious In-Memory Module Execution
 2019-11-14 00:36:53 +03:00
yugoslavskiy
cd69111522
Merge branch 'oscd' into master 2019-11-14 00:36:34 +03:00
yugoslavskiy
3cd1abd0a1
Update sysmon_suspicious_remote_thread.yml 2019-11-14 00:34:09 +03:00
yugoslavskiy
1e75979a2a
Update sysmon_minidumwritedump_lsass.yml 2019-11-14 00:32:06 +03:00
yugoslavskiy
f2caf366cb moved net_possible_dns_rebinding.yml to unsupported logic directory; renamed win_powershell_bitsjob.yaml -> win_powershell_bitsjob.yml 2019-11-14 00:24:53 +03:00
yugoslavskiy
94caaff4fa Merge branch 'oscd' of https://github.com/Neo23x0/sigma into oscd 2019-11-14 00:23:22 +03:00
yugoslavskiy
cb29628ceb modify rules based on BSI contribution 2019-11-14 00:23:16 +03:00
yugoslavskiy
c8ee6e9631
Merge pull request #504 from yugoslavskiy/oscd_ilyas_ochkov 
[OSCD] Ilyas Ochkov contribution
 2019-11-14 00:22:48 +03:00
yugoslavskiy
b47748399d
Update sysmon_new_dll_added_to_appcertdlls_registry_key.yml 2019-11-14 00:19:30 +03:00
yugoslavskiy
1fe7f55d47
Update sysmon_suspicious_outbound_kerberos_connection.yml 2019-11-14 00:10:05 +03:00
yugoslavskiy
07ad11f3ae
Update sysmon_possible_dns_rebinding.yml 2019-11-14 00:08:50 +03:00
yugoslavskiy
ded75d033a
Update sysmon_new_dll_added_to_appinit_dlls_registry_key.yml 2019-11-13 23:47:24 +03:00
yugoslavskiy
0cb1d4fdbd
Update sysmon_new_dll_added_to_appcertdlls_registry_key.yml 2019-11-13 23:44:03 +03:00
yugoslavskiy
bba360212a
Update sysmon_new_dll_added_to_appcertdlls_registry_key.yml 2019-11-13 23:43:45 +03:00
yugoslavskiy
e6e308ef51
Update sysmon_disable_security_events_logging_adding_reg_key_minint.yml 2019-11-13 23:40:29 +03:00
yugoslavskiy
d8447946d6
Update win_suspicious_outbound_kerberos_connection.yml 2019-11-13 23:37:25 +03:00
yugoslavskiy
7f01a5b1bb
Update win_new_or_renamed_user_account_with_dollar_sign.yml 2019-11-13 23:35:59 +03:00
yugoslavskiy
26479485e6
Update win_new_or_renamed_user_account_with_dollar_sign.yml 2019-11-13 23:34:46 +03:00
Thomas Patzke
cf22e9e576 Added hint on failed UUID check 2019-11-12 23:37:28 +01:00