From ee68df7f26acdc636cdab770b314d965a3426efc Mon Sep 17 00:00:00 2001
From: xenoscr <xenos@xenos-1.net>
Date: Tue, 13 Sep 2022 23:06:42 -0400
Subject: [PATCH] Put schema back to previous state and fixed non-compliant
 Link in At.yml

---
 YML-Schema.yml        | 12 ++++++------
 yml/OSBinaries/At.yml |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/YML-Schema.yml b/YML-Schema.yml
index 2188b68..363b279 100644
--- a/YML-Schema.yml
+++ b/YML-Schema.yml
@@ -74,19 +74,19 @@ mapping:
             type: str
           "Sigma":
             type: str
-            pattern: '^http[s]?:\/\/(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
           "Analysis":
             type: str
-            pattern: '^http[s]?:\/\/(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
           "Elastic":
             type: str
-            pattern: '^http[s]?:\/\/(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
           "Splunk":
             type: str
-            pattern: '^http[s]?:\/\/(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
           "BlockRule":
             type: str
-            pattern: '^http[s]?:\/\/(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
   "Resources":
     type: seq
     required: false
@@ -95,7 +95,7 @@ mapping:
         mapping:
           "Link":
             type: str
-            pattern: '^http[s]?:\/\/(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
   "Acknowledgement":
     type: seq
     required: false
diff --git a/yml/OSBinaries/At.yml b/yml/OSBinaries/At.yml
index 245153c..30df729 100644
--- a/yml/OSBinaries/At.yml
+++ b/yml/OSBinaries/At.yml
@@ -23,7 +23,7 @@ Detection:
   - IOC: Registry Key - Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1.
 Resources:
   - Link: https://freddiebarrsmith.com/at.txt
-  - Link: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html - Escalate to System from Administrator
+  - Link: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html
   - Link: https://www.secureworks.com/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems
 Acknowledgement:
   - Person: 'Freddie Barr-Smith'