93a7dcfd31
Azure Active Directory to Entra ID
2023-11-11 16:56:17 +05:30
4ead45aed9
Updating versions
2023-05-03 11:40:31 +05:30
5695a36713
Merge branch 'master' into v-vdixit/KQL-validation-test-hunting-queries
2023-03-29 11:46:49 +05:30
0277f7811b
updating whitespaces
2023-02-28 19:31:27 +05:30
c1061631e5
Merge branch 'master' into v-vdixit/file-path-update3
2023-02-28 18:54:19 +05:30
cf41450869
updating quotes
2023-02-28 18:37:37 +05:30
af79e08eec
Hunting Queries files path update
2023-02-23 15:10:55 +05:30
03b2157173
File path update hunting queries
2023-02-23 14:55:16 +05:30
758d70b09e
KQL Validations for Multiple data sources hunting queries
2023-02-08 11:25:45 +05:30
9f2b4dc506
Moving Hunting queries
2022-12-21 15:48:24 +05:30
f7799844ea
Merge branch 'master' into v-sabiraj-EndpointThreatProtectionEssentials
2022-12-15 21:39:43 +05:30
8c09df27e8
Merge branch 'master' into v-sabiraj-AttackerToolsThreatProtectionEssentials
2022-12-06 11:12:37 +05:30
df22671ce8
Updating queries as suggested by the CAT team
2022-12-05 05:03:22 -08:00
4d48365d3b
Adding Skip validations
2022-11-24 23:40:43 +05:30
2feff72833
Moving files
2022-11-16 15:23:18 +05:30
54146e59e8
Moving Hunting queries
2022-11-16 12:54:33 +05:30
36276802fc
Remaining tagging
2022-11-01 18:42:28 +05:30
b1b664338d
Skip Validation
2022-10-03 22:32:14 +05:30
e92cbdcba3
Merge branch 'master' into v-sabiraj-WindowsSecurityEvents
2022-10-03 13:43:02 +05:30
9b4e91b686
Merge pull request #5903 from sonnyakhere/create-hunt-LOLBins-In-Possible-Phishing
...
create hunt LOLBins In Possible Phishing
2022-09-14 15:10:57 -07:00
22e7c55a52
Update hunt_LOLBins.yaml
2022-09-14 09:16:45 +01:00
2459553005
Update hunt_LOLBins.yaml
2022-08-16 19:27:39 +01:00
cb4f420d73
new file - hunt_LOLbins.yaml
2022-08-15 21:34:58 +01:00
71d04981af
Merge pull request #5188 from princemathew/patch-2
...
Make the "-EncodedCommand " parameter case insensitive while parsing
2022-07-13 02:57:19 -07:00
60d51c8b2e
Merge branch 'master' into v-sabiraj-WindowsSecurityEvents
2022-07-07 12:53:48 +05:30
521cec0b6f
Make the "-EncodedCommand " parameter case insensitive while parsing
2022-06-02 12:41:02 +05:30
1feb0fc5db
Updating package.
2022-05-26 18:55:24 +05:30
554689269c
Revert "Adding Connector id for hunting queries."
...
This reverts commit a014cf8dbc
2022-05-26 14:19:12 +05:30
3f06ee2815
Moving files
2022-05-26 12:15:14 +05:30
57faeee943
Update KrbRelayUpServiceCreation
...
Edit MaliciousService
2022-05-11 20:21:18 +07:00
f1ee09c879
New Detection - KrbRelayUp Tool
...
Required items, please complete
Change(s):
Create New rule to detect service creation from KrbRelayUp tool
Reason for Change(s):
New rule to detect service creation from KrbRelayUp tool
Version Updated: 1.0
Required only for Detections/Analytic Rule templates
Testing Completed:
Tested on event with sigma rule
Checked that the validations are passing and have addressed any issues that are present:
See guidance below
References: https://github.com/Dec0ne/KrbRelayUp
2022-05-11 19:03:04 +07:00
9320acdb4b
Impacket query + addition of latest Azure IP ranges
2022-03-10 14:24:30 -08:00
4eee8134ab
Merge pull request #4357 from vpaschalidis/patch-46
...
Create PotentialProcessDoppelganging.yaml
2022-03-09 05:32:08 -08:00
fd29526b97
Create FileExecutionWithOneCharacterInTheName.yaml
2022-03-09 15:24:39 +02:00
f7d287c874
Create PotentialProcessDoppelganging.yaml
...
This query detects Process Doppelganging, a technique that calls several APIs related to NTFS transactions which allow to substitute the PE content before the process is even created.
2022-03-09 15:23:09 +02:00
2364683592
Merge pull request #4217 from vpaschalidis/patch-37
...
Create ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml
2022-03-09 04:47:23 -08:00
2e34f2ee7c
Merge pull request #4216 from vpaschalidis/patch-36
...
Create ServiceInstallationFromUsersWritableDirectory.yaml
2022-03-09 04:42:58 -08:00
2b92a27eab
Update ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml
2022-03-09 14:42:02 +02:00
cb94315e3b
Merge pull request #4195 from vpaschalidis/patch-31
...
Create DecoyUserAccountAuthenticationAttempt.yaml
2022-03-09 04:34:47 -08:00
265dbf5396
Merge pull request #4192 from vpaschalidis/patch-29
...
Create RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml
2022-03-09 04:30:05 -08:00
930242993f
Update DecoyUserAccountAuthenticationAttempt.yaml
2022-03-09 14:28:14 +02:00
9c8ec3ba89
Merge pull request #4317 from vpaschalidis/patch-40
...
Update FakeComputerAccountAuthenticationAttempt.yaml
2022-03-09 04:21:48 -08:00
f92b4e871a
Merge pull request #4316 from vpaschalidis/patch-41
...
Update LargeScaleMalwareDeploymentGPOScheduledTask.yaml
2022-03-09 04:21:13 -08:00
1769081638
Merge pull request #4315 from vpaschalidis/patch-42
...
Update MSRPRN_Printer_Bug_Exploitation.yaml
2022-03-09 04:20:37 -08:00
ed9f123e6d
Update RIDHijacking.yaml
2022-03-03 14:16:47 +02:00
fdf9cd34f6
Update MSRPRN_Printer_Bug_Exploitation.yaml
2022-03-03 14:16:32 +02:00
355b6914fd
Update LargeScaleMalwareDeploymentGPOScheduledTask.yaml
2022-03-03 14:16:19 +02:00
95205de9ce
Update FakeComputerAccountAuthenticationAttempt.yaml
2022-03-03 14:16:08 +02:00
5b1bfd95c3
Update RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml
2022-03-03 14:02:56 +02:00
419de07406
Update DecoyUserAccountAuthenticationAttempt.yaml
2022-03-03 14:02:35 +02:00
PrasadBoke
DixitVedanshi
v-vdixit
v-sabiraj
aprakash13
v-atulyadav
Ashwin Patil
Akhere Sonny-Egbeahie
Akhere Sonny-Egbeahie
aprakash13
Prince Mathew
Sittikorn S
Vasileios Paschalidis