valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
11607a8621
SigmaHQ/rules/windows/powershell
History
Alessio Dalla Piazza 9f7eee8bb1 Add the ability to detect PowerUp - Invoke-AllChecks 
PowerUp allow attackers to check if is possible to have a local privilege escalation attacks against Windows systems. The main function is called "Invoke-AllChecks" and check possible path of escalation.
2020-01-24 15:31:06 +01:00
..
powershell_data_compressed.yml Data Compressed duplciate titles 2019-12-09 16:24:10 +00:00
powershell_downgrade_attack.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_exe_calling_ps.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_malicious_commandlets.yml Add the ability to detect PowerUp - Invoke-AllChecks 2020-01-24 15:31:06 +01:00
powershell_malicious_keywords.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_ntfs_ads_access.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_prompt_credentials.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_psattack.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_shellcode_b64.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_suspicious_download.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_suspicious_invocation_generic.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_suspicious_invocation_specific.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_suspicious_keywords.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00
powershell_winlogon_helper_dll.yml Added UUIDs to rules 2019-11-12 23:12:27 +01:00