ipfyx
commented
2 months ago Crap, I checkout from the branch of Issue #205. Therefore this PR includes the commit from PR #205 Should i close this PR and create a new, proper one ?
Open ipfyx opened 2 months ago
ipfyx
commented
2 months ago Crap, I checkout from the branch of Issue #205. Therefore this PR includes the commit from PR #205 Should i close this PR and create a new, proper one ?
Some rule names with a technique_id did not have the prefix tehcnique_id : 12_13_14_registry_event/include_office_dde.xml: <TargetObject name="T1559.002,office"
fix only line with a ; instead of a , : <PipeName name="technique_id=T1055; Possible Cobalt Strike post-exploitation jobs."