Open Demuxx opened 4 years ago
Looks like there is a typo here that could allow inadvertent whitelisting of domains like abc-im-malicious-aspnetcdn.com.
https://github.com/SwiftOnSecurity/sysmon-config/blob/046c4a0ee9075e9c9c37b569eba08c30012648e0/sysmonconfig-export.xml#L933
Here also:
https://github.com/SwiftOnSecurity/sysmon-config/blob/046c4a0ee9075e9c9c37b569eba08c30012648e0/sysmonconfig-export.xml#L1051
Looks like there is a typo here that could allow inadvertent whitelisting of domains like abc-im-malicious-aspnetcdn.com.
https://github.com/SwiftOnSecurity/sysmon-config/blob/046c4a0ee9075e9c9c37b569eba08c30012648e0/sysmonconfig-export.xml#L933
Here also:
https://github.com/SwiftOnSecurity/sysmon-config/blob/046c4a0ee9075e9c9c37b569eba08c30012648e0/sysmonconfig-export.xml#L1051