Security-Experts-Community open-xp-rules issues

Security-Experts-Community / open-xp-rules

Открытый репозиторий с правилами на языке eXtraction and Processing (XP)

Apache License 2.0

20 stars 44 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

privexchange_dirkjan.evtx

#234 aw350m33d opened 1 year ago
0
privesc_unquoted_svc_sysmon_1_11.evtx

#233 aw350m33d closed 1 year ago
1
privesc_sysmon_cve_20201030_spooler.evtx

#232 aw350m33d opened 1 year ago
0
privesc_spoolsv_spl_file_write_sysmon11.evtx

#231 aw350m33d opened 1 year ago
0
privesc_spoolfool_mahdihtm_sysmon_1_11_7_13.evtx

#230 aw350m33d opened 1 year ago
0
privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx

#229 aw350m33d opened 1 year ago
0
PrivEsc_SeImpersonatePriv_enabled_back_for_upnp_localsvc_4698.evtx

#228 aw350m33d opened 1 year ago
0
privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx

#227 aw350m33d opened 1 year ago
0
privesc_roguepotato_sysmon_17_18.evtx

#226 aw350m33d opened 1 year ago
0
privesc_registry_symlink_CVE-2020-1377.evtx

#225 aw350m33d opened 1 year ago
0
PrivEsc_NetSvc_SessionToken_Retrival_via_localSMB_Auth_5145.evtx

#224 aw350m33d opened 1 year ago
0
privesc_KrbRelayUp_windows_4624.evtx

#223 aw350m33d closed 1 year ago
0
PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx

#222 aw350m33d opened 1 year ago
0
PrivEsc_CVE-2020-1313_Sysmon_13_UScheduler_Cmdline.evtx

#221 aw350m33d opened 1 year ago
0
NTLM2SelfRelay-med0x2e-security_4624_4688.evtx

#220 aw350m33d opened 1 year ago
0
Invoke_TokenDuplication_UAC_Bypass4624.evtx

#219 aw350m33d opened 1 year ago
0
eop_appcontainer_il_broker_filewrite.evtx

#218 aw350m33d opened 1 year ago
0
EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx

#217 aw350m33d opened 1 year ago
0
CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx

#216 aw350m33d opened 1 year ago
0
4765_sidhistory_add_t1178.evtx

#215 aw350m33d opened 1 year ago
0
4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx

#214 aw350m33d opened 1 year ago
0
wmighost_sysmon_20_21_1.evtx

#213 aw350m33d closed 1 year ago
0
sysmon_local_account_creation_and_added_admingroup_12_13.evtx

#212 aw350m33d closed 4 months ago
0
sysmon_20_21_1_CommandLineEventConsumer.evtx

#193 aw350m33d closed 1 year ago
0
sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx

#192 aw350m33d opened 1 year ago
0
sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx

#191 aw350m33d opened 1 year ago
0
sysmon_13_1_persistence_via_winlogon_shell.evtx

#190 aw350m33d closed 1 year ago
0
persist_valid_account_guest_rid_hijack.evtx

#189 aw350m33d opened 1 year ago
0
persist_turla_outlook_backdoor_comhijack.evtx

#188 aw350m33d opened 1 year ago
0
persist_firefox_comhijack_sysmon_11_13_7_1.evtx

#187 aw350m33d opened 1 year ago
0
persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx

#186 aw350m33d opened 1 year ago
0
Persistence_Winsock_Catalog Change EventId_1.evtx

#185 aw350m33d opened 1 year ago
0
persistence_sysmon_11_13_1_shime_appfix.evtx

#184 aw350m33d closed 3 months ago
0
persistence_startup_UserShellStartup_Folder_Changed_sysmon_13.evtx

#183 aw350m33d opened 1 year ago
0
persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx

#182 aw350m33d closed 4 months ago
3
Persistence_Shime_Microsoft-Windows-Application-Experience_Program-Telemetry_500.evtx

#181 aw350m33d opened 1 year ago
0
persistence_security_dcshadow_4742.evtx

#180 aw350m33d closed 1 year ago
1
persistence_pendingGPO_sysmon_13.evtx

#179 aw350m33d opened 1 year ago
0
persistence_hidden_local_account_sysmon.evtx

#178 aw350m33d closed 1 year ago
0
persistence_accessibility_features_osk_sysmon1.evtx

#177 aw350m33d opened 1 year ago
0
Network_Service_Guest_added_to_admins_4732.evtx

#176 aw350m33d closed 4 months ago
0
evasion_persis_hidden_run_keyvalue_sysmon_13.evtx

#175 aw350m33d closed 1 year ago
0
DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx

#174 aw350m33d closed 1 year ago
0
exec_emotet_sysmon_1.evtx

#211 aw350m33d opened 1 year ago
0
exec_emotet_ps_800_new-object.evtx

#210 aw350m33d opened 1 year ago
0
exec_emotet_ps_800_new-item.evtx

#209 aw350m33d opened 1 year ago
0
exec_emotet_ps_800_invoke-item.evtx

#208 aw350m33d opened 1 year ago
0
exec_emotet_ps_800_get-item.evtx

#207 aw350m33d opened 1 year ago
0
exec_emotet_ps_4104.evtx

#206 aw350m33d opened 1 year ago
0
rdpcorets_148_mst120_bluekeep_rpdscan_full.evtx

#205 aw350m33d opened 1 year ago
0

Previous Next