SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00

History

Maxime Thiebaut 73a6428345 Update the NTLM downgrade registry paths Recent windows versions rely on the ["MSV1_0" authentication package](https://docs.microsoft.com/en-us/windows/win32/secauthn/msv1-0-authentication-package). Production environment tests have shown that NTLM downgrade attacks can be performed as detected by this rule although some of the registry keys are located in an "Lsa" subkey ("MSV1_0"). This commit introduces additionnal wildcards to handle these cases to ensure the previous detection rules are still included.		2020-04-07 17:14:45 +02:00
..
builtin	Update the NTLM downgrade registry paths	2020-04-07 17:14:45 +02:00
deprecated	Merge branch 'master' into oscd	2020-02-03 23:13:16 +01:00
malware	Merge pull request #492 from booberry46/master	2020-01-30 14:27:30 +01:00
other	fix: converted CRLF line break to LF	2020-03-25 14:36:34 +01:00
powershell	Merge pull request #484 from hieuttmmo/master	2020-04-03 09:59:36 +02:00
process_creation	Update and rename sysmon_win_chm.yml to win_html_help_spawn.yml	2020-04-03 16:50:48 +02:00
sysmon	Date typos...more than I thought...	2020-04-02 10:00:00 +02:00