CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
46b0594150f79a15992cc451384f4e204c673dd3
hayabusa/rules/sigma/registry_event
History
..
registry_event_abusing_windows_telemetry_for_persistence.yml
registry_event_apt_chafer_mar18.yml
registry_event_apt_pandemic.yml
registry_event_cve_2021_31979_cve_2021_33771_exploits.yml
registry_event_defender_disabled.yml
registry_event_defender_exclusions.yml
registry_event_defender_realtime_protection_disabled.yml
registry_event_dns_serverlevelplugindll.yml
registry_event_mal_adwind.yml
registry_event_mstsc_history_cleared.yml
registry_event_net_ntlm_downgrade.yml
registry_event_stickykey_like_backdoor.yml
registry_event_sysinternals_eula_accepted.yml
registry_event_uac_bypass_eventvwr.yml
registry_event_uac_bypass_winsat.yml
registry_event_uac_bypass_wmp.yml
sysmon_apt_leviathan.yml
sysmon_apt_oceanlotus_registry.yml
sysmon_asep_reg_keys_modification_classes.yml
sysmon_asep_reg_keys_modification_commun.yml
sysmon_asep_reg_keys_modification_currentcontrolset.yml
sysmon_asep_reg_keys_modification_currentversion_nt.yml
sysmon_asep_reg_keys_modification_currentversion.yml
sysmon_asep_reg_keys_modification_internet_explorer.yml
sysmon_asep_reg_keys_modification_office.yml
sysmon_asep_reg_keys_modification_session_manager.yml
sysmon_asep_reg_keys_modification_system_scripts.yml
sysmon_asep_reg_keys_modification_winsock2.yml
sysmon_asep_reg_keys_modification_wow6432node_classes.yml
sysmon_asep_reg_keys_modification_wow6432node_currentversion.yml
sysmon_asep_reg_keys_modification_wow6432node.yml
sysmon_asep_reg_keys_modification.yml
sysmon_bypass_via_wsreset.yml
sysmon_cmstp_execution_by_registry.yml
sysmon_cobaltstrike_service_installs.yml
sysmon_comhijack_sdclt.yml
sysmon_cve_2020_1048.yml
sysmon_dhcp_calloutdll.yml
sysmon_disable_microsoft_office_security_features.yml
sysmon_disable_security_events_logging_adding_reg_key_minint.yml
sysmon_disable_wdigest_credential_guard.yml
sysmon_disabled_exploit_guard_network_protection_on_microsoft_defender.yml
sysmon_disabled_pua_protection_on_microsoft_defender.yml
sysmon_disabled_tamper_protection_on_microsoft_defender.yml
sysmon_dns_over_https_enabled.yml
sysmon_enabling_cor_profiler_env_variables.yml
sysmon_esentutl_volume_shadow_copy_service_keys.yml
sysmon_etw_disabled.yml
sysmon_hack_wce_reg.yml
sysmon_hybridconnectionmgr_svc_installation.yml
sysmon_logon_scripts_userinitmprlogonscript_reg.yml
sysmon_modify_screensaver_binary_path.yml
sysmon_narrator_feedback_persistance.yml
sysmon_new_application_appcompat.yml
sysmon_new_dll_added_to_appcertdlls_registry_key.yml
sysmon_new_dll_added_to_appinit_dlls_registry_key.yml
sysmon_office_test_regadd.yml
sysmon_office_vsto_persistence.yml
sysmon_powershell_as_service.yml
sysmon_rdp_registry_modification.yml
sysmon_rdp_settings_hijack.yml
sysmon_redmimicry_winnti_reg.yml
sysmon_reg_office_security.yml
sysmon_reg_silentprocessexit_lsass.yml
sysmon_reg_silentprocessexit.yml
sysmon_reg_vbs_payload_stored.yml
sysmon_registry_add_local_hidden_user.yml
sysmon_registry_persistence_key_linking.yml
sysmon_registry_persistence_search_order.yml
sysmon_registry_susp_printer_driver.yml
sysmon_registry_trust_record_modification.yml
sysmon_removal_amsi_registry_key.yml
sysmon_removal_com_hijacking_registry_key.yml
sysmon_runkey_winekey.yml
sysmon_runonce_persistence.yml
sysmon_ssp_added_lsa_config.yml
sysmon_susp_atbroker_change.yml
sysmon_susp_download_run_key.yml
sysmon_susp_lsass_dll_load.yml
sysmon_susp_mic_cam_access.yml
sysmon_susp_reg_persist_explorer_run.yml
sysmon_susp_run_key_img_folder.yml
sysmon_susp_service_installed.yml
sysmon_suspicious_keyboard_layout_load.yml
sysmon_sysinternals_sdelete_registry_keys.yml
sysmon_taskcache_entry.yml
sysmon_uac_bypass_sdclt.yml
sysmon_wab_dllpath_reg_change.yml
sysmon_wdigest_enable_uselogoncredential.yml
sysmon_win_reg_persistence_recycle_bin.yml
sysmon_win_reg_persistence.yml
sysmon_win_reg_telemetry_persistence.yml
win_outlook_c2_registry_key.yml
win_outlook_registry_todaypage.yml
win_outlook_registry_webview.yml
win_portproxy_registry_key.yml
win_registry_file_association_exefile.yml
win_registry_mimikatz_printernightmare.yml
win_registry_shell_open_keys_manipulation.yml