valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
58a634b0b6
SigmaHQ/rules/windows/image_load
History
Florian Roth 58a634b0b6
Merge branch 'master' into master
2021-07-11 00:32:55 +02:00
..
sysmon_abusing_azure_browser_sso.yml Fixes&improvements 2021-04-08 01:06:40 +02:00
sysmon_alternate_powershell_hosts_moduleload.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_cve_2021_1675_print_nightmare.yml Updated PrintNightmare Sysmon Imageload based rule with modifiers 2021-07-01 21:34:53 +02:00
sysmon_in_memory_powershell.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_mimikatz_inmemory_detection.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_pcre_net_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_powershell_execution_moduleload.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_scrcons_imageload_wmi_scripteventconsumer.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_fax_dll.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_susp_image_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_office_dotnet_assembly_dll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_office_dotnet_clr_dll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_office_dotnet_gac_dll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_office_dsparse_dll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_office_kerberos_dll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_python_image_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_script_dotnet_clr_dll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_system_drawing_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_winword_vbadll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_susp_winword_wmidll_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_suspicious_dbghelp_dbgcore_load.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_svchost_dll_search_order_hijack.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_tttracer_mod_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_uac_bypass_via_dism.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_uipromptforcreds_dlls.yml Update mordordatasets references 2021-07-06 16:35:20 +08:00
sysmon_unsigned_image_loaded_into_lsass.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_wmi_module_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
sysmon_wmi_persistence_commandline_event_consumer.yml att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
sysmon_wmic_remote_xsl_scripting_dlls.yml Update mordordatasets references 2021-07-06 16:35:20 +08:00
sysmon_wsman_provider_image_load.yml Merging upstream updates 2021-07-01 12:18:30 +05:45
win_suspicious_vss_ps_load.yml refactor: make the rule more usable 2021-07-08 09:05:57 +02:00