Security-Experts-Community open-xp-rules issues

Security-Experts-Community / open-xp-rules

Открытый репозиторий с правилами на языке eXtraction and Processing (XP)

Apache License 2.0

20 stars 44 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Fix/rules correction

#437 Reversenant opened 1 week ago
0
Added pipeline

#436 Reversenant opened 1 week ago
0
Feature/bits openvpn

#435 d3f0x0 opened 2 months ago
1
The corresponding prefix has been added to all rules for Mac OS

#434 DmitryOffsec opened 3 months ago
0
Suspicious Messanger Child Process detection rule

#433 driverenok closed 3 months ago
0
Suspicious Microsoft Office Child Process detection rule

#432 driverenok opened 3 months ago
1
Suspicious Double Extension File Execution detection rule

#431 driverenok closed 3 months ago
0
OSW#2: Task-15. Детект запуска Bundlore

#430 sn1permanky closed 2 months ago
2
[OSW#2: Task-21] AppleScript Display dialog with hidden answer

#429 AmwNLTL closed 3 months ago
4
[OSW#2: Task-20] AppleScript do shell script with administrator privileges

#428 AmwNLTL closed 3 months ago
0
Детект запуска дочернего процесса от процесса с autoElevate

#427 driverenok closed 3 months ago
0
Добавил решение для Task 7 [OSW#2: Task-7]

#426 Phoevek opened 4 months ago
0
Детект закрепления с помощью механизма Application Shim

#425 driverenok closed 3 months ago
0
Изменение пути к xp-kbt в devcontainer'е

#424 leitosama closed 3 months ago
0
[OSW#2: Task-3] Create MacOS_Schedule_CronJob_from_Tmp_Dir

#423 leitosama closed 3 months ago
0
Feature/persistence silent process exit image hijack sysmon 13 1

#422 AmwNLTL closed 4 months ago
0
Обновлена нормализация события 4742

#421 driverenok closed 4 months ago
1
Добавлено правило корреляции для обнаружения изменения пароля локального администратора

#420 d3f0x0 closed 4 months ago
0
добавлено правило обнаружения дампа lsass.exe путем использования функционала comsvc.dll

#419 d3f0x0 closed 4 months ago
0
Детект использования инструмента psloggedon

#418 driverenok closed 4 months ago
0
Добавлено правило корреляции MacOS_Detection_Self_Deleting_File

#417 feztix closed 4 months ago
7
[OSW#2: Task-9] Подозрительный способ валидации пароля через стандартный поток ввода утилиты sudo

#416 AmwNLTL closed 4 months ago
0
[Fix] Feature/sysmon blinding attacks

#415 driverenok closed 4 months ago
3
[УЛУЧШЕНИЕ] Доработка нормализации для EventId 4742

#414 driverenok closed 4 months ago
3
Детект запуска оснастки mmc.exe из подозрительной директории

#413 driverenok closed 4 months ago
0
[OSW#2: Task-18] Детект запуска утилиты pbpaste для сбора содержимого буфера обмена

#412 AmwNLTL closed 4 months ago
0
Детект обхода UAC с помощью оснастки EventVwr

#411 driverenok closed 4 months ago
0
Создано правило корреляциии которое реагирует на запуск файлов из скр…

#410 Protenil closed 4 months ago
0
Resolves #379

#409 Psych0S0cial closed 4 months ago
3
Добавлены два макроса для сетевых соединений Windws и правило обнаружения дампа lsass

#408 d3f0x0 closed 4 months ago
0
Правило на детект создания запланированных задач с помощью утилиты at

#407 artemcun closed 4 months ago
0
Правило обнаружения создания локального пользователя и добавления в группу администраторы

#406 d3f0x0 closed 4 months ago
0
Added rule for detection crashed eventlog service

#405 d3f0x0 closed 4 months ago
0
Детект обхода UAC путем подмены переменной окружения %SYSTEMROOT%

#404 driverenok closed 4 months ago
0
Resolves #378

#403 Olga948 closed 4 months ago
0
Ca 4624 4625 logon type2 logon proc chrome

#402 Sagatjkeee closed 4 months ago
0
Детект удаления ключей RunMRU

#401 driverenok closed 4 months ago
0
[OSW#2: Task-16] Детект запуска процесса с повышенными привилегиями

#400 AmwNLTL closed 4 months ago
0
Детект Zerologon на основе событий 5805 и 4742

#399 driverenok closed 4 months ago
0
Feutures/network service guest added to admins 4732

#398 Sagatjkeee closed 4 months ago
0
Добавлен детект закрепления с использованием механизма теневых копий

#397 driverenok closed 4 months ago
1
[OSW#2: Task-12] Использование техники инжекта в процессы через plist

#396 AmwNLTL closed 4 months ago
0
Feature/osw 2 task 19

#395 d3f0x0 closed 4 months ago
1
Feature/CVE-2020-1472_zerologon_exploitation

#394 driverenok closed 4 months ago
2
Add rule to detect execution of trojan Shlayer

#393 grikos closed 4 months ago
1
[OSW#2: Task-17] Детект запуска скриптов через plist

#392 AmwNLTL closed 4 months ago
0
Resolves #369

#391 Phoevek closed 4 months ago
2
Devcontainer для работы c VSCode XP

#390 leitosama closed 4 months ago
0
[OSW#2 Task 10] Получение учетных данных с помощью утилиты security

#389 zBlurr closed 4 months ago
0
Resolve #366

#388 leitosama closed 4 months ago
1