Wietze
67e1040172
Merge remote-tracking branch 'upstream/master' into windows_11_sprint
2022-10-03 16:18:57 +01:00
xenoscr
ce36f924fc
Removing extra --- from each yaml file
2022-09-10 22:16:47 -04:00
Wietze
39d4e815af
Minor formatting changes (redudant backslashes, incorrect dates, typos, etc.)
2021-12-14 14:57:32 +00:00
bohops
23dd0236ae
Detection Resources and Other Updates ( #179 )
...
* Add detection links for scripts
* Add detection links for OtherMSBins. Fixed and updated as needed.
* Add detection links for MSBins. Fixed and updated as needed.
* Add detection links for oslibraries
* Updating template for Detections
* Removing empty Detection:Sigma entries
* Remove redundant blank line
* Replacing commit URL with file URL
Co-authored-by: root <root@DESKTOP-5CR935D.localdomain>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2021-11-15 08:19:03 -05:00
Wietze
4f7ec8d2af
MITRE ATT&CK realignment sprint
2021-11-05 18:58:26 +00:00
Wietze
14dca38278
Standardise date formats (see https://yaml.org/type/timestamp.html )
2021-01-10 15:04:52 +00:00
Cochin, Cedric
13026a481b
Update MpCmdRun.yml
...
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
2020-09-24 14:09:58 -07:00
Rich Rumble
1b00b374b3
Updated per suggestion
...
Thanks!
2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755
Update MpCmdRun.yml
...
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3
Added detection details on mpcmdrun
2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf
Updated links on mpcmdrun
2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085
Added MpCmdRun.exe
2020-09-03 10:55:37 +02:00