CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8b91c7c4629ec5bad358101fc18311a6e807876f
hayabusa/rules/sigma/builtin/security
T
History
..
win_aadhealth_mon_agent_regkey_access.yml
win_aadhealth_svc_agent_regkey_access.yml
win_account_backdoor_dcsync_rights.yml
win_account_discovery.yml
win_ad_object_writedac_access.yml
win_ad_replication_non_machine_account.yml
win_ad_user_enumeration.yml
win_adcs_certificate_template_configuration_vulnerability_eku.yml
win_adcs_certificate_template_configuration_vulnerability.yml
win_admin_rdp_login.yml
win_admin_share_access.yml
win_alert_active_directory_user_control.yml
win_alert_ad_user_backdoors.yml
win_alert_enable_weak_encryption.yml
win_alert_ruler.yml
win_apt_chafer_mar18_security.yml
win_apt_slingshot.yml
win_apt_wocao.yml
win_arbitrary_shell_execution_via_settingcontent.yml
win_asr_bypass_via_appvlp_re.yml
win_atsvc_task.yml
win_camera_microphone_access.yml
win_dce_rpc_smb_spoolss_named_pipe.yml
win_dcom_iertutil_dll_hijack.yml
win_dcsync.yml
win_defender_bypass.yml
win_disable_event_logging.yml
win_dpapi_domain_backupkey_extraction.yml
win_dpapi_domain_masterkey_backup_attempt.yml
win_etw_modification.yml
win_event_log_cleared.yml
win_exploit_cve_2021_1675_printspooler_security.yml
win_external_device.yml
win_global_catalog_enumeration.yml
win_gpo_scheduledtasks.yml
win_hidden_user_creation.yml
win_hybridconnectionmgr_svc_installation.yml
win_impacket_psexec.yml
win_impacket_secretdump.yml
win_invoke_obfuscation_clip_services_security.yml
win_invoke_obfuscation_obfuscated_iex_services_security.yml
win_invoke_obfuscation_stdin_services_security.yml
win_invoke_obfuscation_var_services_security.yml
win_invoke_obfuscation_via_compress_services_security.yml
win_invoke_obfuscation_via_rundll_services_security.yml
win_invoke_obfuscation_via_stdin_services_security.yml
win_invoke_obfuscation_via_use_clip_services_security.yml
win_invoke_obfuscation_via_use_mshta_services_security.yml
win_invoke_obfuscation_via_use_rundll32_services_security.yml
win_invoke_obfuscation_via_var_services_security.yml
win_iso_mount.yml
win_lateral_movement_condrv.yml
win_lm_namedpipe.yml
win_lolbas_execution_of_nltest.yml
win_lsass_access_non_system_account.yml
win_mal_wceaux_dll.yml
win_metasploit_authentication.yml
win_net_ntlm_downgrade.yml
win_new_or_renamed_user_account_with_dollar_sign.yml
win_not_allowed_rdp_access.yml
win_overpass_the_hash.yml
win_pass_the_hash_2.yml
win_pass_the_hash.yml
win_petitpotam_network_share.yml
win_petitpotam_susp_tgt_request.yml
win_possible_dc_shadow.yml
win_privesc_cve_2020_1472.yml
win_protected_storage_service_access.yml
win_rare_schtasks_creations.yml
win_rdp_bluekeep_poc_scanner.yml
win_rdp_localhost_login.yml
win_rdp_reverse_tunnel.yml
win_register_new_logon_process_by_rubeus.yml
win_remote_powershell_session.yml
win_remote_registry_management_using_reg_utility.yml
win_sam_registry_hive_handle_request.yml
win_scheduled_task_deletion.yml
win_scm_database_handle_failure.yml
win_scm_database_privileged_operation.yml
win_scrcons_remote_wmi_scripteventconsumer.yml
win_security_cobaltstrike_service_installs.yml
win_security_mal_creddumper.yml
win_security_mal_service_installs.yml
win_security_metasploit_or_impacket_smb_psexec_service_install.yml
win_security_meterpreter_or_cobaltstrike_getsystem_service_install.yml
win_security_powershell_script_installed_as_service.yml
win_security_tap_driver_installation.yml
win_security_wmi_persistence.yml
win_smb_file_creation_admin_shares.yml
win_susp_add_domain_trust.yml
win_susp_add_sid_history.yml
win_susp_codeintegrity_check_failure.yml
win_susp_dsrm_password_change.yml
win_susp_eventlog_cleared.yml
win_susp_failed_logon_reasons.yml
win_susp_failed_logon_source.yml
win_susp_failed_logons_explicit_credentials.yml
win_susp_failed_logons_single_process.yml
win_susp_failed_logons_single_source2.yml
win_susp_failed_logons_single_source_kerberos2.yml
win_susp_failed_logons_single_source_kerberos3.yml
win_susp_failed_logons_single_source_kerberos.yml
win_susp_failed_logons_single_source_ntlm2.yml
win_susp_failed_logons_single_source_ntlm.yml
win_susp_failed_logons_single_source.yml
win_susp_failed_remote_logons_single_source.yml
win_susp_interactive_logons.yml
win_susp_kerberos_manipulation.yml
win_susp_ldap_dataexchange.yml
win_susp_local_anon_logon_created.yml
win_susp_logon_explicit_credentials.yml
win_susp_lsass_dump_generic.yml
win_susp_lsass_dump.yml
win_susp_multiple_files_renamed_or_deleted.yml
win_susp_net_recon_activity.yml
win_susp_psexec.yml
win_susp_raccess_sensitive_fext.yml
win_susp_rc4_kerberos.yml
win_susp_rottenpotato.yml
win_susp_sdelete.yml
win_susp_time_modification.yml
win_susp_wmi_login.yml
win_suspicious_outbound_kerberos_connection.yml
win_svcctl_remote_service.yml
win_syskey_registry_access.yml
win_sysmon_channel_reference_deletion.yml
win_transferring_files_with_credential_data_via_network_shares.yml
win_user_added_to_local_administrators.yml
win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml
win_user_creation.yml
win_user_driver_loaded.yml
win_vssaudit_secevent_source_registration.yml
win_wmiprvse_wbemcomn_dll_hijack.yml