84 Commits

Author	SHA1	Message	Date
hegusung	b1fb82ad11	Update Dfshim.yml: Typo	2024-10-14 19:10:35 +02:00
hegusung	9ebae9a6fb	Update Zipfldr.yml Tags ... Added Tags Execute EXE	2024-10-13 18:34:26 +02:00
hegusung	5a169e4d60	Update Url.yml Tags ... Added Tags: Execute HTA Execute EXE	2024-10-13 18:32:25 +02:00
hegusung	7533fea6b6	Update Syssetup.yml Tags ... Changed Input: INF to Execute: INFO for consistency	2024-10-13 18:28:39 +02:00
hegusung	eb9dfdee17	Update Shell32.yml Tags ... Added Tags: Execute EXE Execute CMD	2024-10-13 18:27:37 +02:00
hegusung	a28f2a756a	Update Shdocvw.yml Tags ... Added Tags: Execute EXE	2024-10-13 18:26:39 +02:00
hegusung	b1d0a85d2e	Update Setupapi.yml Tags ... Changed Input: INF to Execute:INF for consistency	2024-10-13 18:25:38 +02:00
hegusung	25047c34d9	Update Pcwutl.yml Tags ... Added Tags: Execute EXE	2024-10-13 18:21:47 +02:00
hegusung	98dde3b672	Update Mshtml.yml Tags ... Added Tags: Executable HTA	2024-10-13 18:20:21 +02:00
hegusung	0672acf1da	Update Ieframe.yml Tags ... Added Tags: Execute: EXE	2024-10-13 18:19:05 +02:00
hegusung	f09cfa5b8c	Update Ieadvpack.yml Tags ... Added Tags: - Execute INF - Execute EXE - Execute CMD	2024-10-13 18:16:43 +02:00
hegusung	f086057104	Update Dfshim.yml Tags ... Added Tags: - Execute: ClickOnce - Execute: Remote	2024-10-13 18:14:56 +02:00
hegusung	87241b3051	Update Desk.yml Tags ... Added Tags: Execute: EXE Execute: Remote	2024-10-13 18:13:30 +02:00
hegusung	e25d9fa435	Update Advpack.yml Tags ... Added Tags: Execute: INF Execute: EXE Execute: CMD	2024-10-13 18:10:51 +02:00
frack113	2cc01b0113	Add Detection Sigma ref (#368)	2024-04-19 18:53:37 +01:00
Wietze	ebbf08ec4d	Adding tags (closes #9, #318) (#362) ... * Adding various tags as a first iteration * Adding quotes * Adding 'Custom Format' properly * Updating to key:value pairs * Update template	2024-04-03 11:53:36 -04:00
frack113	4f83231697	Update old sigma link (#303) ... * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> --------- Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-10-18 11:30:34 -04:00
eral4m	e4c2371a26	Adding scrobj.dll, shimgvw.dll INetCache downloader entries (#189) ... Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-08-05 16:50:52 +01:00
frack113	e8ea28d4e9	Update SigmaHQ ref (#301) ... Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-06-19 22:40:24 +01:00
frack113	1072d3dc34	Add sigma ref Detection (#272) ... * Add sigma ref * Add missing sigma ref * Fix sigma link * Remove by Defender * Remove by Defender	2022-12-29 09:51:15 -05:00
Wietze	67e1040172	Merge remote-tracking branch 'upstream/master' into windows_11_sprint	2022-10-03 16:18:57 +01:00
xenoscr	654cdd2d61	Fixing file formating.	2022-09-11 01:33:36 -04:00
xenoscr	98813fe01b	Fixing errors found in yaml lint action.	2022-09-11 01:07:18 -04:00
xenoscr	c24cad7868	Adding missing OperatingSystem values.	2022-09-10 23:48:38 -04:00
xenoscr	371d1cf2cc	Correcting case in Usecase key names.	2022-09-10 23:45:28 -04:00
xenoscr	a040ca3e40	Adding missing OperatingSystem values to Ieadvpack.yml	2022-09-10 23:41:38 -04:00
xenoscr	f5baac1c45	Adding missing authors	2022-09-10 23:37:10 -04:00
xenoscr	0ed1694bf1	Correcting 'AWL bypass' to 'AWL Bypass'	2022-09-10 22:55:32 -04:00
xenoscr	ce36f924fc	Removing extra --- from each yaml file	2022-09-10 22:16:47 -04:00
Wietze	7797a1967c	Merge branch 'master' into windows_11_sprint	2022-05-24 08:38:50 +01:00
Chris "Lopi" Spehn	e872ce028b	Merge pull request #214 from jstnk9/master ... Added new sigma rule and references to desk.cpl	2022-05-19 10:21:21 -06:00
Wietze	b333db4f91	Fixing typo (ieaframe -> ieframe)	2022-05-15 21:06:33 +01:00
jstnk9	00bc9177bd	Added new sigma rule and references ... Added new sigma rule and references	2022-05-15 16:42:44 +02:00
Wietze	2b20998371	Remove redundant powershell command from comsvcs entry	2022-05-05 11:18:39 +01:00
Wietze	b92ee99627	Addressing @bohops's feedback	2022-05-05 11:12:22 +01:00
bohops	d93539bf9b	Quick fix for syntax and removed IOC	2022-04-29 23:06:41 -04:00
cr1sp4	666e6e8645	Update Desk.yml (#210) ... Added Sigma rules.	2022-04-29 22:52:57 -04:00
Wietze	619aafbfa2	Adding extra contributor to Desk.cpl entry	2022-04-28 13:01:35 +01:00
Wietze	4a8bdf4844	Fix casing on Desk.cpl entry	2022-04-27 11:20:13 +01:00
LuxNoBu!!shit	6ed0fb9326	Create Desk.cpl (#207) ... Co-authored-by: Wietze <wietze@users.noreply.github.com>	2022-04-27 11:15:15 +01:00
Wietze	085aaa37b1	Adding more missed-out entries	2021-12-15 11:50:18 +00:00
Wietze	6793a7d238	Fixing various issues identified	2021-12-14 16:50:22 +00:00
Wietze	adf171d089	Applying minor format changes (incorrectly formatted dates, typos, etc.)	2021-12-14 15:53:03 +00:00
Wietze	754a451e76	Updating entries that have been confirmed to be working on Windows 11 (21H2)	2021-12-14 15:51:43 +00:00
Wietze	39d4e815af	Minor formatting changes (redudant backslashes, incorrect dates, typos, etc.)	2021-12-14 14:57:32 +00:00
bohops	23dd0236ae	Detection Resources and Other Updates (#179) ... * Add detection links for scripts * Add detection links for OtherMSBins. Fixed and updated as needed. * Add detection links for MSBins. Fixed and updated as needed. * Add detection links for oslibraries * Updating template for Detections * Removing empty Detection:Sigma entries * Remove redundant blank line * Replacing commit URL with file URL Co-authored-by: root <root@DESKTOP-5CR935D.localdomain> Co-authored-by: Wietze <wietze@users.noreply.github.com>	2021-11-15 08:19:03 -05:00
Wietze	2380c506d4	LSASS realign to T1003.001	2021-11-05 20:35:58 +00:00
Wietze	4f7ec8d2af	MITRE ATT&CK realignment sprint	2021-11-05 18:58:26 +00:00
Oddvar Moe	9f9af1cfee	Merge branch 'master' into feat/yamllinting	2021-10-22 15:20:35 +02:00
Filipe Spencer Lopes	b0a321e4c4	Too many whitespaces	2021-03-09 14:58:44 +01:00