Florian Roth
|
7c8745c59e
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
Florian Roth
|
3fb661511c
|
Modified mimikatz rule to exclude low performing expr
|
2018-08-26 12:48:01 +02:00 |
|
Florian Roth
|
9bdccc2360
|
Hacktools: BeRoot, PDF Embedded Mal Code
|
2018-07-27 13:25:10 +02:00 |
|
Florian Roth
|
0838bfff7d
|
Hacktool ShellPop shells
|
2018-05-20 18:49:45 +02:00 |
|
Florian Roth
|
642cc04bb0
|
False Positive Reduction
|
2018-05-20 18:49:45 +02:00 |
|
Florian Roth
|
bd26c9226e
|
Lazagne PW Dumper
|
2018-05-01 21:18:10 +02:00 |
|
Florian Roth
|
b396038d14
|
Process Injector Generic
|
2018-04-26 23:19:35 +02:00 |
|
Florian Roth
|
abdc494d13
|
False Positive Reduction
|
2018-04-26 23:19:13 +02:00 |
|
Florian Roth
|
f2f9956fbb
|
New hacktool signatures
|
2018-04-11 23:51:43 +02:00 |
|
Florian Roth
|
117270469f
|
Moved all rules that use ext vars to a new rule set
|
2018-03-12 13:47:40 +01:00 |
|
Florian Roth
|
49aa97d855
|
Bugfix in thor-hacktools.yar > missing "pe" import
|
2018-01-24 20:17:04 +01:00 |
|
Florian Roth
|
95bd50cd19
|
Exclude false positives
|
2018-01-24 16:35:06 +01:00 |
|
Florian Roth
|
5cd31380ef
|
THOR's Mimikatz_Strings rule
|
2018-01-22 08:45:13 +01:00 |
|
Florian Roth
|
c778a07e38
|
RemCom Tool
|
2017-12-28 20:04:06 +01:00 |
|
Florian Roth
|
41e0956fdc
|
Remote Admin - tool
|
2017-12-06 22:37:40 +01:00 |
|
Florian Roth
|
be700a3c42
|
PowerShell Obfuscated Invoke - PE Loader
|
2017-11-03 08:28:52 +01:00 |
|
Florian Roth
|
8b3a138995
|
Minor changes to rule FP exclusions
|
2017-09-29 08:47:22 +02:00 |
|
Florian Roth
|
558c99efc0
|
Invoke-Metasploit
|
2017-09-24 10:22:19 +02:00 |
|
Florian Roth
|
5226344c35
|
Sharpire
|
2017-09-24 10:22:09 +02:00 |
|
Florian Roth
|
4c6377ae9a
|
Changed tabs to spaces
|
2017-08-30 20:11:15 +02:00 |
|
Florian Roth
|
194e8b9d74
|
thor-hacktools.yar - some cherry picked rules
|
2017-08-30 20:11:00 +02:00 |
|
Florian Roth
|
2091087567
|
Updated hacktool producers
|
2017-08-11 16:47:20 +02:00 |
|
Florian Roth
|
d85c1108ef
|
Impacket Generic Rule
|
2017-08-07 14:52:45 +02:00 |
|
Florian Roth
|
3d52e22109
|
AllTheThings
|
2017-07-29 13:35:07 +02:00 |
|
Florian Roth
|
f8447db7e9
|
Invoke Mimikatz and Kekeo update
|
2017-07-22 07:57:58 -06:00 |
|
Florian Roth
|
1f0cad89f1
|
Bugfixes and False Positive Reduction
|
2017-07-20 12:24:49 -06:00 |
|
Florian Roth
|
990e20e3b6
|
Mimikatz Rules synct, SecurityXploded rule
|
2017-07-19 19:09:25 -06:00 |
|
Florian Roth
|
2ee1f0fae8
|
LSASS Dump only if not filename starts with WER
|
2017-07-19 10:17:00 -06:00 |
|
Florian Roth
|
ccac0893d8
|
Disclosed Disclosed 0day POC set
|
2017-07-13 08:36:43 -06:00 |
|
Florian Roth
|
33c2a7fcc8
|
New Mimikatz Strings Rule
|
2017-06-21 15:56:06 +02:00 |
|
Florian Roth
|
b43cf3b185
|
Rule cleanup
|
2017-05-11 13:34:28 +02:00 |
|
Florian Roth
|
c1af41f3f9
|
False Positives
https://github.com/Neo23x0/signature-base/issues/7
|
2017-03-28 08:32:20 +02:00 |
|
Florian Roth
|
f90da1ff10
|
WPR and BeyondExec
|
2017-03-17 16:08:44 +01:00 |
|
Florian Roth
|
a384dd543d
|
Private Rule Bugfix
|
2017-02-03 22:04:51 +01:00 |
|
Florian Roth
|
3a737e0ea8
|
FP Reduction
|
2017-02-03 21:59:32 +01:00 |
|
Florian Roth
|
896b6eeb99
|
Minor changes
|
2017-01-31 18:47:29 +01:00 |
|
Florian Roth
|
8e2e39196a
|
FScan output
|
2017-01-14 19:28:47 +01:00 |
|
Florian Roth
|
eab4b5131b
|
False Positives
|
2016-10-29 12:28:54 +02:00 |
|
Florian Roth
|
e7dd247fa3
|
Signature Update October 2016 A
|
2016-10-09 11:33:29 +02:00 |
|
Florian Roth
|
5744546da1
|
Fixed duplicate rule name bug
|
2016-09-11 15:58:57 +02:00 |
|
Florian Roth
|
a3ed8d33b3
|
New Hacktool Signatures
|
2016-09-10 01:16:40 +02:00 |
|
Florian Roth
|
54f6aecd44
|
Removed duplicate rule
|
2016-08-31 14:34:21 +02:00 |
|
Florian Roth
|
0dfc21592c
|
WCE in-memory rule
|
2016-08-30 19:41:30 +02:00 |
|
Florian Roth
|
13ab3e4876
|
Power PE Reflective Injection Rule by Benjamin Delpy
|
2016-07-11 19:47:37 +02:00 |
|
Florian Roth
|
76791e7254
|
False Positive Reduction
|
2016-07-02 19:32:50 +02:00 |
|
Florian Roth
|
8125a96e68
|
dnscat2 hacktool
|
2016-05-18 09:34:18 -06:00 |
|
Florian Roth
|
fd38e39b7d
|
Mimikatz Rule - apply to memory too
|
2016-04-13 00:52:06 +02:00 |
|
Florian Roth
|
dd4cb5d8a9
|
Linux Postscanner Shark
- Replaced older hack tool rule that matched also on goodware
|
2016-04-02 02:06:19 +02:00 |
|
Thomas Patzke
|
4f503dcb92
|
Decomposition of $hex_api_call in lsadump rule for Yara compatibility reasons
|
2016-03-23 10:29:05 +01:00 |
|
Florian Roth
|
838cdbe318
|
Bugfix PSAttack Rule
|
2016-03-09 14:06:18 +01:00 |
|