|
|
a5db7c4771
|
Output table formatting
|
2019-05-04 10:33:51 -03:00 |
|
|
|
56178ec0f6
|
Reformatted output table
|
2019-05-04 10:33:00 -03:00 |
|
|
|
3673416cc7
|
Fixed output table typo
|
2019-05-04 10:31:50 -03:00 |
|
|
|
8d2c355718
|
Added output section
|
2019-05-04 10:31:10 -03:00 |
|
|
|
7cbb5748e4
|
Add Metsploit psexec-specific privilege requests for Event ID 4672 detection, tweak Mimikatz detection message
|
2019-05-03 11:39:43 -04:00 |
|
|
|
e3cb0142c6
|
Updated detected events
|
2019-05-03 12:21:17 -03:00 |
|
|
|
712b25e9f4
|
Fixed table typo
|
2019-05-03 10:20:11 -03:00 |
|
|
|
9d9fc47473
|
Formatting table
|
2019-05-03 10:09:44 -03:00 |
|
|
|
7d413ffbda
|
Update README.md
|
2019-05-03 10:08:51 -03:00 |
|
|
|
3f393526e5
|
Added Mimikatz token::elevate example
|
2019-05-03 10:07:21 -03:00 |
|
|
|
bcf0022b60
|
Merge pull request #11 from joswr1ght/master
Add more Mimikatz detection, focusing on token::elevate as a non-admin user
|
2019-05-03 12:32:00 +00:00 |
|
|
|
9a293b974e
|
Add more Mimikatz detection, focusing on token::elevate as a non-admin user
|
2019-05-03 06:33:20 -04:00 |
|
|
|
c2dfa045ff
|
Added event log example
|
2019-05-01 16:59:17 -03:00 |
|
|
|
2aa4cfe191
|
Minor formatting
|
2019-05-01 16:15:55 -03:00 |
|
|
|
8ca0df7a0e
|
Menu cleanup
|
2019-05-01 11:51:14 -03:00 |
|
|
|
7c8e3eef00
|
Cleaned up the menus
|
2019-05-01 11:46:43 -03:00 |
|
|
|
7557597acb
|
Updated intro
|
2019-05-01 11:31:02 -03:00 |
|
|
|
12238e78e5
|
s/Lines/Line/g
|
2019-05-01 11:23:47 -03:00 |
|
|
|
68d482ac56
|
More examples
|
2019-05-01 11:00:42 -03:00 |
|
|
|
ecd1a6be47
|
Updated the examples table
|
2019-05-01 10:57:29 -03:00 |
|
|
|
3d3e0b281b
|
Added initial examples menu
|
2019-05-01 10:51:42 -03:00 |
|
|
|
f453ede47c
|
s/Powershell/PowerShell/g
|
2019-05-01 10:31:09 -03:00 |
|
|
|
82cc713117
|
Mentioned run as administrator for live security log
|
2019-05-01 09:58:29 -03:00 |
|
|
|
ac077b145c
|
Merge pull request #10 from joswr1ght/master
Add password spray detection, sample evtx
|
2019-04-30 21:26:54 +00:00 |
|
|
|
f17d32491e
|
Add password spray detection, sample evtx
|
2019-04-30 17:11:56 -04:00 |
|
|
|
cd44a63604
|
Added list of detected events
|
2019-04-30 17:29:44 -03:00 |
|
|
|
4514af7f4a
|
Minor update, added Set-ExecutionPolicy bypass example
|
2019-04-30 17:12:51 -03:00 |
|
|
|
ae08b49ffc
|
Merge pull request #9 from joswr1ght/master
Add Event ID 4673 Sensitive Privilege Use detection for Mimikatz
|
2019-04-30 19:42:00 +00:00 |
|
|
|
6766ac618c
|
Add Event ID 4673 Sensitive Privilege Use detection for Mimikatz
|
2019-04-30 14:38:43 -04:00 |
|
|
|
cce18d1568
|
Version 2.01, added password spraying and initial Bloodhound detection
|
2019-04-30 14:42:16 +00:00 |
|
|
|
8952278d3b
|
Merge pull request #8 from joswr1ght/master
Add detector and event log to watch for Event Log Service stop/start …
|
2019-04-29 16:50:19 -03:00 |
|
|
|
2fe7d13599
|
Add detector and event log to watch for Event Log Service stop/start as an indicator or event log tampering with eventlogedit
|
2019-04-28 14:23:23 -04:00 |
|
|
|
a98ef0e402
|
Post-DerbyCon update
|
2017-11-07 12:28:21 -05:00 |
|
|
|
6a4766e25e
|
Update README.md
|
2017-10-03 10:02:43 -04:00 |
|
|
|
18ba3fc256
|
Delete Powershell-Invoke-Obfuscation-token-menu.evtx
|
2017-09-22 14:14:02 -04:00 |
|
|
|
4922dc7aa6
|
Tweaked the PowerShell 4104 CLI detector
|
2017-09-20 16:03:21 -04:00 |
|
|
|
36f958c9ed
|
Update README-DeepBlue.py.md
|
2017-09-20 10:37:14 -04:00 |
|
|
|
084c307d22
|
Update README.md
|
2017-09-20 10:35:42 -04:00 |
|
|
|
b53e8967ce
|
Rename DeepWhite.md to README-DeepWhite.md
|
2017-09-20 10:35:06 -04:00 |
|
|
|
17b64603b1
|
Update README.md
|
2017-09-20 10:34:06 -04:00 |
|
|
|
6f1d57219f
|
Update README-DeepBlue.py.md
|
2017-09-20 10:30:24 -04:00 |
|
|
|
fcb1e4d3d8
|
Create README-DeepBlue.py.md
|
2017-09-20 10:24:31 -04:00 |
|
|
|
4d5351486c
|
Delete file-whitelist.csv
|
2017-09-20 10:23:28 -04:00 |
|
|
|
17764ac951
|
Update README.md
|
2017-09-20 10:22:24 -04:00 |
|
|
|
0505507419
|
Create readme-deepblue.py
|
2017-09-20 10:17:11 -04:00 |
|
|
|
8bcd67ca8c
|
Pre-DerbyCon update
|
2017-09-20 09:01:04 -04:00 |
|
|
|
72f9d7a944
|
Another pre-DerbyCon update
|
2017-09-20 08:46:20 -04:00 |
|
|
|
c1067b0258
|
First release of DeepBlue.py
|
2017-09-20 08:42:56 -04:00 |
|
|
|
3663b9cff5
|
Update DeepWhite.md
|
2017-09-19 08:47:09 -04:00 |
|
|
|
3597a235d7
|
Update DeepWhite.md
|
2017-09-19 08:45:58 -04:00 |
|
