|
|
2eecc65698
|
New Sliver and Metasploit EVTX files including cmd.exe writing to ADMIN$, and suspicious remote threads
|
2023-06-28 16:33:55 -04:00 |
|
|
|
ddb9e3e0fa
|
Added code to support flagging suspicious wmi filter events, also added sample log file
|
2021-09-16 13:55:34 +01:00 |
|
|
|
3fae5dbef6
|
Update to catch services.exe DAC permission change to hide services
|
2020-09-14 16:37:59 -04:00 |
|
|
|
612cde1cf3
|
Disable Metasploit psexec detect due to false-positive conflict with MS Exchange; revise alert for _Multiple admin logons for one account_ to show attempt count instead of unique event IDs
|
2019-05-06 14:34:31 -04:00 |
|
|
|
9a293b974e
|
Add more Mimikatz detection, focusing on token::elevate as a non-admin user
|
2019-05-03 06:33:20 -04:00 |
|
|
|
f17d32491e
|
Add password spray detection, sample evtx
|
2019-04-30 17:11:56 -04:00 |
|
|
|
6766ac618c
|
Add Event ID 4673 Sensitive Privilege Use detection for Mimikatz
|
2019-04-30 14:38:43 -04:00 |
|
|
|
2fe7d13599
|
Add detector and event log to watch for Event Log Service stop/start as an indicator or event log tampering with eventlogedit
|
2019-04-28 14:23:23 -04:00 |
|
|
|
18ba3fc256
|
Delete Powershell-Invoke-Obfuscation-token-menu.evtx
|
2017-09-22 14:14:02 -04:00 |
|
|
|
7f90195d1d
|
Added Invoke-Obfuscation sample evtx files
|
2017-08-30 15:49:46 -04:00 |
|
|
|
5a2f201331
|
Delete readme.md
|
2016-09-21 10:06:01 -04:00 |
|
|
|
821ca4c318
|
Add files via upload
|
2016-09-21 00:03:48 -04:00 |
|
|
|
d1d21c91a1
|
Delete metasploit-psexec-native-upload-target-system.evtx
|
2016-09-21 00:03:36 -04:00 |
|
|
|
c45dbc3655
|
Delete metasploit-psexec-native-upload-target-security.evtx
|
2016-09-21 00:03:26 -04:00 |
|
|
|
cdf59ab6b5
|
Add files via upload
|
2016-09-20 23:58:54 -04:00 |
|
|
|
9c6854a0b2
|
Add files via upload
|
2016-09-20 15:35:54 -04:00 |
|
|
|
9250e34d6c
|
Create readme.md
|
2016-09-20 15:34:36 -04:00 |
|
