57 Commits

Author	SHA1	Message	Date
Florian Roth	a22874af46	Lazagne Password Dumper	2018-12-11 15:12:42 +01:00
Florian Roth	9d1848627d	Removed duplicate rules	2018-11-23 08:32:57 +01:00
Florian Roth	f6fb2a2d22	Hacktool SqlMap update	2018-10-19 09:06:24 +02:00
Florian Roth	3efa3f9648	BlackBone Driver Injector	2018-09-11 13:34:44 +02:00
Florian Roth	7c8745c59e	License notice on my own rules, removed rules with unclear/problematic licensing	2018-08-26 12:48:01 +02:00
Florian Roth	3fb661511c	Modified mimikatz rule to exclude low performing expr	2018-08-26 12:48:01 +02:00
Florian Roth	9bdccc2360	Hacktools: BeRoot, PDF Embedded Mal Code	2018-07-27 13:25:10 +02:00
Florian Roth	0838bfff7d	Hacktool ShellPop shells	2018-05-20 18:49:45 +02:00
Florian Roth	642cc04bb0	False Positive Reduction	2018-05-20 18:49:45 +02:00
Florian Roth	bd26c9226e	Lazagne PW Dumper	2018-05-01 21:18:10 +02:00
Florian Roth	b396038d14	Process Injector Generic	2018-04-26 23:19:35 +02:00
Florian Roth	abdc494d13	False Positive Reduction	2018-04-26 23:19:13 +02:00
Florian Roth	f2f9956fbb	New hacktool signatures	2018-04-11 23:51:43 +02:00
Florian Roth	117270469f	Moved all rules that use ext vars to a new rule set	2018-03-12 13:47:40 +01:00
Florian Roth	49aa97d855	Bugfix in thor-hacktools.yar > missing "pe" import	2018-01-24 20:17:04 +01:00
Florian Roth	95bd50cd19	Exclude false positives	2018-01-24 16:35:06 +01:00
Florian Roth	5cd31380ef	THOR's Mimikatz_Strings rule	2018-01-22 08:45:13 +01:00
Florian Roth	c778a07e38	RemCom Tool	2017-12-28 20:04:06 +01:00
Florian Roth	41e0956fdc	Remote Admin - tool	2017-12-06 22:37:40 +01:00
Florian Roth	be700a3c42	PowerShell Obfuscated Invoke - PE Loader	2017-11-03 08:28:52 +01:00
Florian Roth	8b3a138995	Minor changes to rule FP exclusions	2017-09-29 08:47:22 +02:00
Florian Roth	558c99efc0	Invoke-Metasploit	2017-09-24 10:22:19 +02:00
Florian Roth	5226344c35	Sharpire	2017-09-24 10:22:09 +02:00
Florian Roth	4c6377ae9a	Changed tabs to spaces	2017-08-30 20:11:15 +02:00
Florian Roth	194e8b9d74	thor-hacktools.yar - some cherry picked rules	2017-08-30 20:11:00 +02:00
Florian Roth	2091087567	Updated hacktool producers	2017-08-11 16:47:20 +02:00
Florian Roth	d85c1108ef	Impacket Generic Rule	2017-08-07 14:52:45 +02:00
Florian Roth	3d52e22109	AllTheThings	2017-07-29 13:35:07 +02:00
Florian Roth	f8447db7e9	Invoke Mimikatz and Kekeo update	2017-07-22 07:57:58 -06:00
Florian Roth	1f0cad89f1	Bugfixes and False Positive Reduction	2017-07-20 12:24:49 -06:00
Florian Roth	990e20e3b6	Mimikatz Rules synct, SecurityXploded rule	2017-07-19 19:09:25 -06:00
Florian Roth	2ee1f0fae8	LSASS Dump only if not filename starts with WER	2017-07-19 10:17:00 -06:00
Florian Roth	ccac0893d8	Disclosed Disclosed 0day POC set	2017-07-13 08:36:43 -06:00
Florian Roth	33c2a7fcc8	New Mimikatz Strings Rule	2017-06-21 15:56:06 +02:00
Florian Roth	b43cf3b185	Rule cleanup	2017-05-11 13:34:28 +02:00
Florian Roth	c1af41f3f9	False Positives ... https://github.com/Neo23x0/signature-base/issues/7	2017-03-28 08:32:20 +02:00
Florian Roth	f90da1ff10	WPR and BeyondExec	2017-03-17 16:08:44 +01:00
Florian Roth	a384dd543d	Private Rule Bugfix	2017-02-03 22:04:51 +01:00
Florian Roth	3a737e0ea8	FP Reduction	2017-02-03 21:59:32 +01:00
Florian Roth	896b6eeb99	Minor changes	2017-01-31 18:47:29 +01:00
Florian Roth	8e2e39196a	FScan output	2017-01-14 19:28:47 +01:00
Florian Roth	eab4b5131b	False Positives	2016-10-29 12:28:54 +02:00
Florian Roth	e7dd247fa3	Signature Update October 2016 A	2016-10-09 11:33:29 +02:00
Florian Roth	5744546da1	Fixed duplicate rule name bug	2016-09-11 15:58:57 +02:00
Florian Roth	a3ed8d33b3	New Hacktool Signatures	2016-09-10 01:16:40 +02:00
Florian Roth	54f6aecd44	Removed duplicate rule	2016-08-31 14:34:21 +02:00
Florian Roth	0dfc21592c	WCE in-memory rule	2016-08-30 19:41:30 +02:00
Florian Roth	13ab3e4876	Power PE Reflective Injection Rule by Benjamin Delpy	2016-07-11 19:47:37 +02:00
Florian Roth	76791e7254	False Positive Reduction	2016-07-02 19:32:50 +02:00
Florian Roth	8125a96e68	dnscat2 hacktool	2016-05-18 09:34:18 -06:00