public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity

Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries.

Browse Source
This commit is contained in:
xenoscr 2022-09-13 23:37:10 -04:00
parent ee68df7f26
commit dfb30f194f
No known key found for this signature in database
GPG Key ID: 52C26F96860C0DAA
4 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
YML-Schema.yml
View File

@ -74,19 +74,19 @@ mapping:
type: str type: str
"Sigma": "Sigma":
type: str type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
"Analysis": "Analysis":
type: str type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
"Elastic": "Elastic":
type: str type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
"Splunk": "Splunk":
type: str type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
"BlockRule": "BlockRule":
type: str type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
"Resources": "Resources":
type: seq type: seq
required: false required: false
@ -95,7 +95,7 @@ mapping:
mapping: mapping:
"Link": "Link":
type: str type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
"Acknowledgement": "Acknowledgement":
type: seq type: seq
required: false required: false
@ -106,4 +106,4 @@ mapping:
type: str type: str
"Handle": "Handle":
type: str type: str
pattern: '^@(\w){1,15}$' pattern: '^(@(\w){1,15})?$'

2
yml/OSBinaries/Bitsadmin.yml
View File

@ -46,7 +46,7 @@ Detection:
- IOC: bitsadmin creates new files - IOC: bitsadmin creates new files
- IOC: bitsadmin adds data to alternate data stream - IOC: bitsadmin adds data to alternate data stream
Resources: Resources:
- Link: https://www.slideshare.net/chrisgates/windows-attacks-at-is-the-new-black-26672679 - slide 53 - Link: https://www.slideshare.net/chrisgates/windows-attacks-at-is-the-new-black-26672679
- Link: https://www.youtube.com/watch?v=_8xJaaQlpBo - Link: https://www.youtube.com/watch?v=_8xJaaQlpBo
- Link: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f - Link: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
Acknowledgement: Acknowledgement:

2
yml/OSBinaries/Esentutl.yml
View File

@ -66,4 +66,4 @@ Acknowledgement:
- Person: egre55 - Person: egre55
Handle: '@egre55' Handle: '@egre55'
- Person: Mike Cary - Person: Mike Cary
Handle: 'grayfold3d' Handle: '@grayfold3d'

2
yml/OSBinaries/Ftp.yml
View File

@ -37,4 +37,4 @@ Acknowledgement:
- Person: BennyHusted - Person: BennyHusted
Handle: '' Handle: ''
- Person: Amit Serper - Person: Amit Serper
Handle: '@0xAmit ' Handle: '@0xAmit'