Commit Graph

20 Commits

Author SHA1 Message Date
486dd1f9ce Fix Event ID reporting in analysis @scriptedstatement; whitespace cleanup 2020-08-18 08:51:54 -04:00
7294cc4181 Changed multiple failed login alert from 25 to 5 to more accurately reflect password spray attack evidence 2019-12-24 11:09:45 -05:00
d500632c50 Disable Mimikatz token::elevate detection; I thought I was on to a cool detect, but sadly it's just Windows operating normally with excessive privileges. 2019-05-06 14:40:17 -04:00
612cde1cf3 Disable Metasploit psexec detect due to false-positive conflict with MS Exchange; revise alert for _Multiple admin logons for one account_ to show attempt count instead of unique event IDs 2019-05-06 14:34:31 -04:00
7cbb5748e4 Add Metsploit psexec-specific privilege requests for Event ID 4672 detection, tweak Mimikatz detection message 2019-05-03 11:39:43 -04:00
9a293b974e Add more Mimikatz detection, focusing on token::elevate as a non-admin user 2019-05-03 06:33:20 -04:00
f17d32491e Add password spray detection, sample evtx 2019-04-30 17:11:56 -04:00
6766ac618c Add Event ID 4673 Sensitive Privilege Use detection for Mimikatz 2019-04-30 14:38:43 -04:00
cce18d1568 Version 2.01, added password spraying and initial Bloodhound detection 2019-04-30 14:42:16 +00:00
2fe7d13599 Add detector and event log to watch for Event Log Service stop/start as an indicator or event log tampering with eventlogedit 2019-04-28 14:23:23 -04:00
72f9d7a944 Another pre-DerbyCon update 2017-09-20 08:46:20 -04:00
a863f74553 Major Update to v1.9 pre-DerbyCon 2017-09-18 21:49:19 -04:00
dff301f17a Add files via upload 2017-09-10 21:29:48 -04:00
f91e4c8934 Add files via upload 2017-09-10 18:24:28 -04:00
341e9dcfcf Add files via upload 2017-09-07 16:27:31 -04:00
8c9bff9614 Major update to version 0.3 2017-08-30 15:43:08 -04:00
42f6273892 s/check-service/check-regex/g 2017-08-19 13:03:27 -04:00
769149b343 Added command obfuscation detection 2016-09-23 17:38:51 -04:00
5a90b6987e Add files via upload 2016-09-23 11:02:05 -04:00
5755000882 Add files via upload 2016-09-20 15:24:53 -04:00