| .. |
|
sysmon_creation_system_file.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_cred_dump_tools_dropped_files.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_cve_2021_26858_msexchange.yml
|
Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge
|
2021-03-03 12:46:50 +05:45 |
|
sysmon_ghostpack_safetykatz.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_hack_dumpert.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_lsass_memory_dump_file_creation.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_non_priv_program_files_move.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_office_persistence.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_outlook_newform.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_pcre_net_temp_file.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_powershell_exploit_scripts.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_quarkspw_filedump.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_redmimicry_winnti_filedrop.yml
|
fix: renamed files and lien break change
|
2020-07-01 09:48:48 +02:00 |
|
sysmon_startup_folder_file_write.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_adsi_cache_usage.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_clr_logs.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_desktop_ini.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
sysmon_susp_pfx_file_creation.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_tsclient_filewrite_startup.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_webshell_creation_detect.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
sysmon_wmi_persistence_script_event_consumer_write.yml
|
att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other
|
2020-08-25 01:09:17 +02:00 |
|
win_cve_2021_1675_printspooler.yml
|
Added new path
|
2021-07-01 16:24:07 +05:45 |
|
win_outlook_c2_macro_creation.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
win_rclone_exec_file.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
|
win_susp_desktopimgdownldr_file.yml
|
docs: more references
|
2020-07-03 13:19:44 +02:00 |
|
win_susp_multiple_files_renamed_or_deleted.yml
|
Merging upstream updates
|
2021-07-01 12:18:30 +05:45 |
