Commit Graph

12 Commits

Author SHA1 Message Date
Wietze
67e1040172
Merge remote-tracking branch 'upstream/master' into windows_11_sprint 2022-10-03 16:18:57 +01:00
xenoscr
ce36f924fc
Removing extra --- from each yaml file 2022-09-10 22:16:47 -04:00
Wietze
39d4e815af
Minor formatting changes (redudant backslashes, incorrect dates, typos, etc.) 2021-12-14 14:57:32 +00:00
bohops
23dd0236ae
Detection Resources and Other Updates (#179)
* Add detection links for scripts

* Add detection links for OtherMSBins. Fixed and updated as needed.

* Add detection links for MSBins. Fixed and updated as needed.

* Add detection links for oslibraries

* Updating template for Detections

* Removing empty Detection:Sigma entries

* Remove redundant blank line

* Replacing commit URL with file URL

Co-authored-by: root <root@DESKTOP-5CR935D.localdomain>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2021-11-15 08:19:03 -05:00
Wietze
4f7ec8d2af
MITRE ATT&CK realignment sprint 2021-11-05 18:58:26 +00:00
Wietze
14dca38278
Standardise date formats (see https://yaml.org/type/timestamp.html) 2021-01-10 15:04:52 +00:00
Cochin, Cedric
13026a481b Update MpCmdRun.yml
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
2020-09-24 14:09:58 -07:00
Rich Rumble
1b00b374b3
Updated per suggestion
Thanks!
2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755
Update MpCmdRun.yml
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3 Added detection details on mpcmdrun 2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf Updated links on mpcmdrun 2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085 Added MpCmdRun.exe 2020-09-03 10:55:37 +02:00