| 
							
							
								 hegusung | a7b0dfcf5e | Update Launch-VsDevShell.yml Tags Added Tags
Execute EXE | 2024-10-13 18:53:59 +02:00 |  | 
			
				
					| 
							
							
								 hegusung | 4c232b06fe | Update Cl_invocation.yml Tags Added Tags:
Execute EXE
Execute CMD | 2024-10-13 18:52:43 +02:00 |  | 
			
				
					| 
							
							
								 hegusung | cb73a1cfd0 | Update CL_mutexverifiers.yml tags added tags:
Execute: powershell | 2024-10-13 18:47:36 +02:00 |  | 
			
				
					| 
							
							
								 hegusung | 1f57c14845 | Update CL_LoadAssembly.yml Tags Changed DLL to .NetDLL | 2024-10-13 18:44:40 +02:00 |  | 
			
				
					| 
							
							
								 Wietze | f69b8abae1 | Removing empty resource sections | 2024-10-02 01:55:22 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 39a7120d40 | Adding Windows file path validation for values of File_Path (#403) | 2024-10-01 23:14:19 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 2cc0ee99e6 | Applying MITRE ATT&CK v15 changes (#370) https://attack.mitre.org/resources/updates/updates-april-2024/ | 2024-04-24 15:10:59 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | ebbf08ec4d | Adding tags (closes #9, #318) (#362) * Adding various tags as a first iteration
* Adding quotes
* Adding 'Custom Format' properly
* Updating to key:value pairs
* Update template | 2024-04-03 11:53:36 -04:00 |  | 
			
				
					| 
							
							
								 frack113 | 4f83231697 | Update old sigma link (#303) * Update SigmaHQ ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
* Update SigmaHQ ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
* Update SigmaHq ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
* Update SigmaHq ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
---------
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> | 2023-10-18 11:30:34 -04:00 |  | 
			
				
					| 
							
							
								 frack113 | e8ea28d4e9 | Update SigmaHQ ref (#301) Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> | 2023-06-19 22:40:24 +01:00 |  | 
			
				
					| 
							
							
								 frack113 | 1072d3dc34 | Add sigma ref Detection (#272) * Add sigma ref
* Add missing sigma ref
* Fix sigma link
* Remove by Defender
* Remove by Defender | 2022-12-29 09:51:15 -05:00 |  | 
			
				
					| 
							
							
								 Nasreddine Bencherchali | 0d7efb8ead | Adding and updating various LOLBINS (#229) Co-authored-by: Wietze <wietze@users.noreply.github.com> | 2022-11-11 16:42:44 +00:00 |  | 
			
				
					| 
							
							
								 frack113 | 01d7580886 | Add Sigma rule references to various LOLBAS (#260) | 2022-10-26 09:10:39 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 67e1040172 | Merge remote-tracking branch 'upstream/master' into windows_11_sprint | 2022-10-03 16:18:57 +01:00 |  | 
			
				
					| 
							
							
								 xenoscr | 2c3653f0c4 | Fixing more file formatting issues. | 2022-09-11 01:36:14 -04:00 |  | 
			
				
					| 
							
							
								 xenoscr | 654cdd2d61 | Fixing file formating. | 2022-09-11 01:33:36 -04:00 |  | 
			
				
					| 
							
							
								 xenoscr | 98813fe01b | Fixing errors found in yaml lint action. | 2022-09-11 01:07:18 -04:00 |  | 
			
				
					| 
							
							
								 xenoscr | d585695b08 | Adding missing Descriptions. | 2022-09-10 23:26:10 -04:00 |  | 
			
				
					| 
							
							
								 xenoscr | ce36f924fc | Removing extra --- from each yaml file | 2022-09-10 22:16:47 -04:00 |  | 
			
				
					| 
							
							
								 securepeacock | 68c14b894c | Update UtilityFunctions.yml (#228) | 2022-09-02 18:42:59 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | e1df4e9f83 | Merge remote-tracking branch 'upstream/master' into windows_11_sprint | 2022-09-02 17:23:45 +01:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | c5c227a7ba | added sigma detection for pester | 2022-09-02 17:18:24 +01:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 5a38aa722f | Adjusted comment in command | 2022-09-02 17:18:24 +01:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 4b99cadd85 | Update pester.bat with an additional example | 2022-09-02 17:18:23 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 400158f2df | Add sigma references to CL_LoadAssembly, CLMutexVerifiers entries (#221) | 2022-09-02 17:16:58 +01:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 68a6f0a35f | added sigma detection for pester | 2022-08-24 12:32:48 +02:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | c53a8ea06e | Adjusted comment in command | 2022-08-23 15:47:17 +02:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | fdc1b2c827 | Update pester.bat with an additional example | 2022-08-23 15:44:57 +02:00 |  | 
			
				
					| 
							
							
								 frack113 | 91350057ce | Add sigma references to CL_LoadAssembly, CLMutexVerifiers entries (#221) | 2022-06-04 11:50:35 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | b92ee99627 | Addressing @bohops's feedback | 2022-05-05 11:12:22 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 085aaa37b1 | Adding more missed-out entries | 2021-12-15 11:50:18 +00:00 |  | 
			
				
					| 
							
							
								 Wietze | 6793a7d238 | Fixing various issues identified | 2021-12-14 16:50:22 +00:00 |  | 
			
				
					| 
							
							
								 Wietze | adf171d089 | Applying minor format changes (incorrectly formatted dates, typos, etc.) | 2021-12-14 15:53:03 +00:00 |  | 
			
				
					| 
							
							
								 Wietze | 754a451e76 | Updating entries that have been confirmed to be working on Windows 11 (21H2) | 2021-12-14 15:51:43 +00:00 |  | 
			
				
					| 
							
							
								 Wietze | 39d4e815af | Minor formatting changes (redudant backslashes, incorrect dates, typos, etc.) | 2021-12-14 14:57:32 +00:00 |  | 
			
				
					| 
							
							
								 bohops | 23dd0236ae | Detection Resources and Other Updates (#179) * Add detection links for scripts
* Add detection links for OtherMSBins. Fixed and updated as needed.
* Add detection links for MSBins. Fixed and updated as needed.
* Add detection links for oslibraries
* Updating template for Detections
* Removing empty Detection:Sigma entries
* Remove redundant blank line
* Replacing commit URL with file URL
Co-authored-by: root <root@DESKTOP-5CR935D.localdomain>
Co-authored-by: Wietze <wietze@users.noreply.github.com> | 2021-11-15 08:19:03 -05:00 |  | 
			
				
					| 
							
							
								 Wietze | 8257d60aad | Realigning .ps1 scripts to T1216 | 2021-11-05 20:29:07 +00:00 |  | 
			
				
					| 
							
							
								 Wietze | bc51cb4e03 | More changes (mainly changing some T1218 instances to T1202) | 2021-11-05 20:19:39 +00:00 |  | 
			
				
					| 
							
							
								 Wietze | 4f7ec8d2af | MITRE ATT&CK realignment sprint | 2021-11-05 18:58:26 +00:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 9f9af1cfee | Merge branch 'master' into feat/yamllinting | 2021-10-22 15:20:35 +02:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | a55e2249c1 | Merge branch 'master' into fixing-yaml-issues | 2021-10-22 14:53:09 +02:00 |  | 
			
				
					| 
							
							
								 bohops | 741d0f7b36 | Update CL_LoadAssembly.yml | 2021-09-26 23:35:01 -04:00 |  | 
			
				
					| 
							
							
								 root | b5357cdec0 | Adding app-ctrl bypass bins and a few lolscripts | 2021-09-26 23:31:30 -04:00 |  | 
			
				
					| 
							
							
								 Filipe Spencer Lopes | 13901ea496 | Too many whitespaces | 2021-03-09 14:57:01 +01:00 |  | 
			
				
					| 
							
							
								 Filipe Spencer Lopes | 56035a7d10 | Too many whitespaces | 2021-03-09 14:56:47 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 14dca38278 | Standardise date formats (see https://yaml.org/type/timestamp.html) | 2021-01-10 15:04:52 +00:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | b592be6027 | Update Manage-bde.yml Remove extra - | 2020-08-15 00:17:27 +02:00 |  | 
			
				
					| 
							
							
								 bohops | e316cb4842 | Delete Slmgr - COM Hijacks are too broad | 2020-07-03 10:15:06 -04:00 |  | 
			
				
					| 
							
							
								 bohops | 12cdb47285 | Removed COM Hijack | 2020-07-03 10:07:18 -04:00 |  | 
			
				
					| 
							
							
								 bohops | 17a34e27f6 | Added Twitter reference for use "in-the-wild" | 2020-07-03 10:03:42 -04:00 |  |