public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-26 12:12:31 +02:00
Code Issues Projects Releases Wiki Activity

Update SigmaHQ ref (#301)

Browse Source 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
This commit is contained in:
frack113
2023-06-19 23:40:24 +02:00
committed by GitHub
parent c3f2690633
commit e8ea28d4e9
25 changed files with 39 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OtherMSBinaries/Procdump.yml
View File

@@ -23,7 +23,7 @@ Commands:
Full_Path:
- Path: no default
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/f36b1cbd2a3f1a7423f43a67a182549778700615/rules/windows/process_creation/win_susp_procdump.yml
- Sigma: https://github.com/SigmaHQ/sigma/blob/6312dd1d44d309608552105c334948f793e89f48/rules/windows/process_creation/proc_creation_win_renamed_sysinternals_procdump.yml
- Sigma: https://github.com/SigmaHQ/sigma/blob/f36b1cbd2a3f1a7423f43a67a182549778700615/rules/windows/process_creation/win_procdump.yml
- Splunk: https://github.com/splunk/security_content/blob/86a5b644a44240f01274c8b74d19a435c7dae66e/detections/endpoint/dump_lsass_via_procdump.yml
- Elastic: https://github.com/elastic/detection-rules/blob/5bdf70e72c6cd4547624c521108189af994af449/rules/windows/credential_access_cmdline_dump_tool.toml

1
yml/OtherMSBinaries/Squirrel.yml
View File

@@ -45,7 +45,6 @@ Code_Sample:
- Code: https://github.com/jreegun/POC-s/tree/master/nuget-squirrel
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/19396788dbedc57249a46efed2bb1927abc376d4/rules/windows/process_creation/proc_creation_win_lolbin_squirrel.yml
- Sigma: https://github.com/SigmaHQ/sigma/blob/19396788dbedc57249a46efed2bb1927abc376d4/rules/windows/process_creation/proc_creation_win_susp_squirrel_lolbin.yml
Resources:
- Link: https://www.youtube.com/watch?v=rOP3hnkj7ls
- Link: https://twitter.com/reegun21/status/1144182772623269889

2
yml/OtherMSBinaries/Update.yml
View File

@@ -100,7 +100,7 @@ Full_Path:
Code_Sample:
- Code: https://github.com/jreegun/POC-s/tree/master/nuget-squirrel
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_susp_squirrel_lolbin.yml
- Sigma: https://github.com/SigmaHQ/sigma/blob/6312dd1d44d309608552105c334948f793e89f48/rules/windows/process_creation/proc_creation_win_lolbin_squirrel.yml
- IOC: Update.exe spawned an unknown process
Resources:
- Link: https://www.youtube.com/watch?v=rOP3hnkj7ls