CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
46b0594150f79a15992cc451384f4e204c673dd3
hayabusa/rules/sigma/powershell/powershell_script
History
..
powershell_accessing_win_api.yml
powershell_adrecon_execution.yml
powershell_automated_collection.yml
powershell_azurehound_commands.yml
powershell_cl_invocation_lolscript_count.yml
powershell_cl_invocation_lolscript.yml
powershell_cl_mutexverifiers_lolscript_count.yml
powershell_cl_mutexverifiers_lolscript.yml
powershell_clearing_windows_console_history.yml
powershell_create_local_user.yml
powershell_data_compressed.yml
powershell_detect_vm_env.yml
powershell_dnscat_execution.yml
powershell_icmp_exfiltration.yml
powershell_invoke_nightmare.yml
powershell_invoke_obfuscation_clip_in_scriptblocktext.yml
powershell_invoke_obfuscation_obfuscated_iex_in_scriptblocktext.yml
powershell_invoke_obfuscation_stdin_in_scriptblocktext.yml
powershell_invoke_obfuscation_var_in_scriptblocktext.yml
powershell_invoke_obfuscation_via_compress_in_scriptblocktext.yml
powershell_invoke_obfuscation_via_rundll_in_scriptblocktext.yml
powershell_invoke_obfuscation_via_stdin_in_scriptblocktext.yml
powershell_invoke_obfuscation_via_use_clip_in_scriptblocktext.yml
powershell_invoke_obfuscation_via_use_mhsta_in_scriptblocktext.yml
powershell_invoke_obfuscation_via_use_rundll32_in_scriptblocktext.yml
powershell_invoke_obfuscation_via_var_in_scriptblocktext.yml
powershell_keylogging.yml
powershell_malicious_commandlets.yml
powershell_malicious_keywords.yml
powershell_memorydump_getstoragediagnosticinfo.yml
powershell_nishang_malicious_commandlets.yml
powershell_ntfs_ads_access.yml
powershell_powerview_malicious_commandlets.yml
powershell_prompt_credentials.yml
powershell_psattack.yml
powershell_set_policies_to_unsecure_level.yml
powershell_shellcode_b64.yml
powershell_shellintel_malicious_commandlets.yml
powershell_software_discovery.yml
powershell_store_file_in_alternate_data_stream.yml
powershell_susp_zip_compress_in_scriptblocktext.yml
powershell_suspicious_download_in_scriptblocktext.yml
powershell_suspicious_export_pfxcertificate.yml
powershell_suspicious_getprocess_lsass.yml
powershell_suspicious_invocation_generic_in_scriptblocktext.yml
powershell_suspicious_invocation_specific_in_scripblocktext.yml
powershell_suspicious_keywords.yml
powershell_suspicious_mail_acces.yml
powershell_suspicious_mounted_share_deletion.yml
powershell_suspicious_recon.yml
powershell_suspicious_win32_pnpentity.yml
powershell_suspicious_windowstyle.yml
powershell_syncappvpublishingserver_exe_in_scriptblocktext.yml
powershell_timestomp.yml
powershell_trigger_profiles.yml
powershell_web_request.yml
powershell_windows_firewall_profile_disabled.yml
powershell_winlogon_helper_dll.yml
powershell_wmi_persistence.yml
powershell_wmimplant.yml
win_root_certificate_installed.yml