Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Line 239 registry formatting #179

Open
wants to merge 210 commits into
base: master
Choose a base branch
from
Open

Line 239 registry formatting #179

wants to merge 210 commits into from

Commits on Jul 24, 2021

  1. squashed pull requests from original repo 

    This was necessary to allow us to 1. merge all open pull request of the original repo AND 2. allow our new repository to receive new pull requests
    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    88e3a0b View commit details
    Browse the repository at this point in the history

  2. HiveNightmare detection

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    bdc3fd2 View commit details
    Browse the repository at this point in the history

  3. docs: give credits to the contributors of the squashed pull requests

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    ca2ccea View commit details
    Browse the repository at this point in the history

  4. docs: better line breaks in credits

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    fe70b87 View commit details
    Browse the repository at this point in the history

  5. PrinterNightmare coverage

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    23af2b4 View commit details
    Browse the repository at this point in the history

  6. feat: more PrinterNightmare coverage

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    f893c68 View commit details
    Browse the repository at this point in the history

  7. docs: info on extended coverage

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    510e4ed View commit details
    Browse the repository at this point in the history

  8. fix: accidental removal of section

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    ca54b56 View commit details
    Browse the repository at this point in the history

  9. filter: OneDrive

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    876166b View commit details
    Browse the repository at this point in the history

  10. SeriousSAM CS Pattern

    @Neo23x0
    Neo23x0 committed Jul 24, 2021
    Configuration menu
    Copy the full SHA
    4aa2ad4 View commit details
    Browse the repository at this point in the history

Commits on Jul 26, 2021

  1. First CI workflow draft 

    Added a workflow that installs sysmon with the config and fails when sysmon has an error
    @humpalum
    humpalum authored Jul 26, 2021
    Configuration menu
    Copy the full SHA
    fd602c9 View commit details
    Browse the repository at this point in the history

  2. fix: renamed main to master

    @humpalum
    humpalum authored Jul 26, 2021
    Configuration menu
    Copy the full SHA
    7b98675 View commit details
    Browse the repository at this point in the history

  3. chore: Added Eventcount Check Job

    @humpalum
    humpalum authored Jul 26, 2021
    Configuration menu
    Copy the full SHA
    fdb5396 View commit details
    Browse the repository at this point in the history

  4. chore: Added a simulated busy system 

    Also changed the numbers to allow up to about 5% of more events
    @humpalum
    humpalum authored Jul 26, 2021
    Configuration menu
    Copy the full SHA
    97b006c View commit details
    Browse the repository at this point in the history

  5. chore: Fixed Branchnames

    @humpalum
    humpalum authored Jul 26, 2021
    Configuration menu
    Copy the full SHA
    3530138 View commit details
    Browse the repository at this point in the history

Commits on Jul 27, 2021

  1. chore: Limiting Eventcount to Sysmon Events

    @humpalum
    humpalum authored Jul 27, 2021
    Configuration menu
    Copy the full SHA
    df4e131 View commit details
    Browse the repository at this point in the history

  2. docs: add maintainers

    @Neo23x0
    Neo23x0 committed Jul 27, 2021
    Configuration menu
    Copy the full SHA
    94d37c3 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Jul 27, 2021
    Configuration menu
    Copy the full SHA
    17836fd View commit details
    Browse the repository at this point in the history

Commits on Jul 28, 2021

  1. ProcessAccess using CobaltStrike BOF NtOpenProcess

    @phantinuss
    phantinuss committed Jul 28, 2021
    Configuration menu
    Copy the full SHA
    77d3adb View commit details
    Browse the repository at this point in the history

  2. lsass process access with relevant access rights

    @phantinuss
    phantinuss committed Jul 28, 2021
    Configuration menu
    Copy the full SHA
    0c24d1d View commit details
    Browse the repository at this point in the history

  3. fix: use tab instead of space characters for indentation

    @phantinuss
    phantinuss committed Jul 28, 2021
    Configuration menu
    Copy the full SHA
    def0883 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #2 from phantinuss/master 

    Process Access Config für lsass.exe and CobaltStrike BOF
    @phantinuss
    phantinuss authored Jul 28, 2021
    Configuration menu
    Copy the full SHA
    cd90b87 View commit details
    Browse the repository at this point in the history

Commits on Jul 29, 2021

  1. docs: update README

    @Neo23x0
    Neo23x0 committed Jul 29, 2021
    Configuration menu
    Copy the full SHA
    a253184 View commit details
    Browse the repository at this point in the history

  2. chore: full fledged sysmon config

    @Neo23x0
    Neo23x0 committed Jul 29, 2021
    Configuration menu
    Copy the full SHA
    5370dcf View commit details
    Browse the repository at this point in the history

  3. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Jul 29, 2021
    Configuration menu
    Copy the full SHA
    337be95 View commit details
    Browse the repository at this point in the history

Commits on Jul 30, 2021

  1. chore: ignore .vscode

    @Neo23x0
    Neo23x0 committed Jul 30, 2021
    Configuration menu
    Copy the full SHA
    df67cdc View commit details
    Browse the repository at this point in the history

  2. new CobaltStrike NamedPipe patterns

    @Neo23x0
    Neo23x0 committed Jul 30, 2021
    Configuration menu
    Copy the full SHA
    2618b37 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #3 from Neo23x0/config-devel 

    New CobaltStrike NamedPipes
    @Neo23x0
    Neo23x0 authored Jul 30, 2021
    Configuration menu
    Copy the full SHA
    454b72e View commit details
    Browse the repository at this point in the history

  4. Add Splunk exclusions per sysmon-modular

    @DustyMMiller
    DustyMMiller committed Jul 30, 2021
    Configuration menu
    Copy the full SHA
    743a054 View commit details
    Browse the repository at this point in the history

  5. Merge remote-tracking branch 'DustyMMiller/master' into SwiftOnSecuri… 

    …ty-PRs
    Tobias Michalski committed Jul 30, 2021
    Configuration menu
    Copy the full SHA
    9dcf3b2 View commit details
    Browse the repository at this point in the history

  6. fix: Added Section comment line

    @humpalum
    humpalum authored Jul 30, 2021
    Configuration menu
    Copy the full SHA
    e77d1e0 View commit details
    Browse the repository at this point in the history

  7. refactor: simplified expressions

    @Neo23x0
    Neo23x0 committed Jul 30, 2021
    Configuration menu
    Copy the full SHA
    c56d1ab View commit details
    Browse the repository at this point in the history

  8. Merge pull request #4 from Neo23x0/SwiftOnSecurity-PRs 

    Mirror Pullrequest by DustyMMiller (Add Splunk exclusions per sysmon-modular SwiftOnSecurity#156)
    @humpalum
    humpalum authored Jul 30, 2021
    Configuration menu
    Copy the full SHA
    58d6cc5 View commit details
    Browse the repository at this point in the history

Commits on Aug 3, 2021

  1. introduce new conditions to config and make use of 'not begin with' i… 

    …n ProcessAccess
    @phantinuss
    phantinuss committed Aug 3, 2021
    Configuration menu
    Copy the full SHA
    cb81745 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #5 from phantinuss/master 

    introduce new conditions to config and make use of 'not begin with' ...
    @phantinuss
    phantinuss authored Aug 3, 2021
    Configuration menu
    Copy the full SHA
    b8a1a30 View commit details
    Browse the repository at this point in the history

Commits on Aug 4, 2021

  1. chore: User simulation in workflow

    @humpalum
    humpalum authored Aug 4, 2021
    Configuration menu
    Copy the full SHA
    5e9e9d3 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #6 from Neo23x0/humpalum-patch-1-1 

    chore: User simulation in workflow
    @humpalum
    humpalum authored Aug 4, 2021
    Configuration menu
    Copy the full SHA
    9af65f5 View commit details
    Browse the repository at this point in the history

  3. Add Rule for CobaltStrike BOF Injected AMSI Bypass

    @phantinuss
    phantinuss committed Aug 4, 2021
    Configuration menu
    Copy the full SHA
    40bdcfc View commit details
    Browse the repository at this point in the history

  4. replace spaces with tabs or duplicate spaces where needed

    @phantinuss
    phantinuss committed Aug 4, 2021
    Configuration menu
    Copy the full SHA
    e5f3ed3 View commit details
    Browse the repository at this point in the history

  5. switch from spaces to tabs for the whole file

    @phantinuss
    phantinuss committed Aug 4, 2021
    Configuration menu
    Copy the full SHA
    20025a0 View commit details
    Browse the repository at this point in the history

  6. Merge pull request #7 from phantinuss/master 

    harmonization of tabs for indentation (is prevalent type) and ProcessAccess rule for CobaltStrike BOF injected AMSI Bypass
    @phantinuss
    phantinuss authored Aug 4, 2021
    Configuration menu
    Copy the full SHA
    72f2256 View commit details
    Browse the repository at this point in the history

  7. chore: Removed Push Trigger from master 

    Removed push trigger since pushing directly to master isn't possible anyways. Tests will be run on Pull requests and are required there.
Avoids duplicate test runs
    @humpalum
    humpalum authored Aug 4, 2021
    Configuration menu
    Copy the full SHA
    035297a View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2021

  1. Merge remote-tracking branch 'f-bader/patch-1' into SwiftOnSecurity-PRs

    Tobias Michalski committed Aug 5, 2021
    Configuration menu
    Copy the full SHA
    7c71dc5 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #8 from Neo23x0/humpalum-patch-2 

    chore: Removed Push Trigger from master
    @humpalum
    humpalum authored Aug 5, 2021
    Configuration menu
    Copy the full SHA
    53c85f7 View commit details
    Browse the repository at this point in the history

Commits on Aug 6, 2021

  1. Merge pull request #9 from Neo23x0/SwiftOnSecurity-PRs 

    Mirror: SwiftonSecurity PR SwiftOnSecurity#157
    @humpalum
    humpalum authored Aug 6, 2021
    Configuration menu
    Copy the full SHA
    efb7784 View commit details
    Browse the repository at this point in the history

  2. Collect LittleCorporal ProcessAccess events

    @phantinuss
    phantinuss committed Aug 6, 2021
    Configuration menu
    Copy the full SHA
    166d4e1 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #10 from phantinuss/master 

    Collect LittleCorporal ProcessAccess events
    @Neo23x0
    Neo23x0 authored Aug 6, 2021
    Configuration menu
    Copy the full SHA
    ce3e7bf View commit details
    Browse the repository at this point in the history

Commits on Aug 12, 2021

  1. chore: Changed UserSim Download Path

    @humpalum
    humpalum authored Aug 12, 2021
    Configuration menu
    Copy the full SHA
    a75e733 View commit details
    Browse the repository at this point in the history

  2. chore: Fix User-Sim execute

    @humpalum
    humpalum authored Aug 12, 2021
    Configuration menu
    Copy the full SHA
    edc0509 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #11 from Neo23x0/humpalum-patch-2 

    chore: Changed UserSim Download Path
    @phantinuss
    phantinuss authored Aug 12, 2021
    Configuration menu
    Copy the full SHA
    b818d1f View commit details
    Browse the repository at this point in the history

  4. fix: revert to schema version 4.50. Newer schema versions are put on … 

    …an other branch until adaption of newer sysmon version should be higher
    @phantinuss
    phantinuss committed Aug 12, 2021
    Configuration menu
    Copy the full SHA
    fadf537 View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2021

  1. fix: use correct list separator ;

    @phantinuss
    phantinuss committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    be79a15 View commit details
    Browse the repository at this point in the history

  2. generalise CobaltStrike BOF ProcessAccess Pattern

    @phantinuss
    phantinuss committed Aug 13, 2021
    Configuration menu
    Copy the full SHA
    86397d2 View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2021

  1. Merge pull request #12 from phantinuss/master 

    fix: revert to schema version 4.50. Newer schema versions are put on …
    @phantinuss
    phantinuss authored Aug 19, 2021
    Configuration menu
    Copy the full SHA
    289d5e9 View commit details
    Browse the repository at this point in the history

Commits on Aug 23, 2021

  1. feat: efspotato named pipe

    @Neo23x0
    Neo23x0 committed Aug 23, 2021
    Configuration menu
    Copy the full SHA
    254932d View commit details
    Browse the repository at this point in the history

  2. Merge pull request #13 from Neo23x0/config-devel 

    feat: efspotato named pipe
    @Neo23x0
    Neo23x0 authored Aug 23, 2021
    Configuration menu
    Copy the full SHA
    ea785bc View commit details
    Browse the repository at this point in the history

  3. fix: limit too low

    @Neo23x0
    Neo23x0 committed Aug 23, 2021
    Configuration menu
    Copy the full SHA
    8f35001 View commit details
    Browse the repository at this point in the history

Commits on Aug 26, 2021

  1. feat: more CobaltStrike malleable C2 profiles

    @phantinuss
    phantinuss committed Aug 26, 2021
    Configuration menu
    Copy the full SHA
    569e839 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #14 from phantinuss/master 

    feat: more CobaltStrike malleable C2 profiles
    @phantinuss
    phantinuss authored Aug 26, 2021
    Configuration menu
    Copy the full SHA
    8335168 View commit details
    Browse the repository at this point in the history

Commits on Sep 1, 2021

  1. Liquid Snake Named Pipe

    @Neo23x0
    Neo23x0 committed Sep 1, 2021
    Configuration menu
    Copy the full SHA
    ac2cc48 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into config-devel

    @Neo23x0
    Neo23x0 committed Sep 1, 2021
    Configuration menu
    Copy the full SHA
    5c2fdc2 View commit details
    Browse the repository at this point in the history

  3. suspicious WMI Event Consumer creates named pipe

    @Neo23x0
    Neo23x0 committed Sep 1, 2021
    Configuration menu
    Copy the full SHA
    d3dbadd View commit details
    Browse the repository at this point in the history

  4. docs: rule development note - sysmon config for lab

    @Neo23x0
    Neo23x0 committed Sep 1, 2021
    Configuration menu
    Copy the full SHA
    169d300 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #15 from Neo23x0/config-devel 

    Several minor changes
    @Neo23x0
    Neo23x0 authored Sep 1, 2021
    Configuration menu
    Copy the full SHA
    ed59813 View commit details
    Browse the repository at this point in the history

Commits on Sep 10, 2021

  1. CVE-2021-40444 traces in registry

    @Neo23x0
    Neo23x0 committed Sep 10, 2021
    Configuration menu
    Copy the full SHA
    a05925b View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into config-devel

    @Neo23x0
    Neo23x0 committed Sep 10, 2021
    Configuration menu
    Copy the full SHA
    a1e9a8f View commit details
    Browse the repository at this point in the history

  3. Merge pull request #16 from Neo23x0/config-devel 

    Registry changes caused during CVE-2021-40444 exploitation
    @Neo23x0
    Neo23x0 authored Sep 10, 2021
    Configuration menu
    Copy the full SHA
    06181b2 View commit details
    Browse the repository at this point in the history

  4. Winword writes .cab / .inf files : CVE-2021-40444 detection

    @Neo23x0
    Neo23x0 committed Sep 10, 2021
    Configuration menu
    Copy the full SHA
    d852990 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #17 from Neo23x0/config-devel 

    Winword writes .cab / .inf files : CVE-2021-40444 detection
    @Neo23x0
    Neo23x0 authored Sep 10, 2021
    Configuration menu
    Copy the full SHA
    0676604 View commit details
    Browse the repository at this point in the history

Commits on Oct 4, 2021

  1. new ADS stream creation expressions

    @Neo23x0
    Neo23x0 committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    29c61dc View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into config-devel

    @Neo23x0
    Neo23x0 committed Oct 4, 2021
    Configuration menu
    Copy the full SHA
    0ea30fe View commit details
    Browse the repository at this point in the history

  3. Merge pull request #18 from Neo23x0/config-devel 

    New FileStream rules
    @Neo23x0
    Neo23x0 authored Oct 4, 2021
    Configuration menu
    Copy the full SHA
    c327298 View commit details
    Browse the repository at this point in the history

Commits on Oct 11, 2021

  1. ConnectPipe for \MICROSOFT##WID\tsql\query

    @Neo23x0
    Neo23x0 committed Oct 11, 2021
    Configuration menu
    Copy the full SHA
    a23727f View commit details
    Browse the repository at this point in the history

Commits on Oct 12, 2021

  1. refactor: moved section to bigger "include" block

    @Neo23x0
    Neo23x0 committed Oct 12, 2021
    Configuration menu
    Copy the full SHA
    3c249b9 View commit details
    Browse the repository at this point in the history

  2. fix: position of PipeEvent

    @Neo23x0
    Neo23x0 committed Oct 12, 2021
    Configuration menu
    Copy the full SHA
    3b1f323 View commit details
    Browse the repository at this point in the history

  3. Update sysmonconfig-export.xml

    @phantinuss
    phantinuss authored Oct 12, 2021
    Configuration menu
    Copy the full SHA
    0681c23 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #19 from Neo23x0/config-devel 

    ConnectPipe for \MICROSOFT##WID\tsql\query
    @phantinuss
    phantinuss authored Oct 12, 2021
    Configuration menu
    Copy the full SHA
    ae35ee4 View commit details
    Browse the repository at this point in the history

Commits on Oct 18, 2021

  1. Update the Antivirus Tampering configuration, using broader condition

    @hieutt35
    hieutt35 committed Oct 18, 2021
    Configuration menu
    Copy the full SHA
    7166218 View commit details
    Browse the repository at this point in the history

Commits on Oct 19, 2021

  1. fix: typo

    @phantinuss
    phantinuss committed Oct 19, 2021
    Configuration menu
    Copy the full SHA
    9f2e182 View commit details
    Browse the repository at this point in the history

  2. feat: mstsc connection history registry

    @phantinuss
    phantinuss committed Oct 19, 2021
    Configuration menu
    Copy the full SHA
    7c0dc56 View commit details
    Browse the repository at this point in the history

Commits on Oct 20, 2021

  1. Merge pull request #20 from phantinuss/master 

    tracking mstsc connection history registry keys
    @humpalum
    humpalum authored Oct 20, 2021
    Configuration menu
    Copy the full SHA
    5674c3e View commit details
    Browse the repository at this point in the history

  2. Merge github.com:SwiftOnSecurity/sysmon-config into SwiftOnSecurity-PRs

    Tobias Michalski committed Oct 20, 2021
    Configuration menu
    Copy the full SHA
    bac20c7 View commit details
    Browse the repository at this point in the history

  3. Merge https://github.com/hieuttmmo/sysmon-config into SwiftOnSecurity… 

    …-PRs
    Tobias Michalski committed Oct 20, 2021
    Configuration menu
    Copy the full SHA
    2fc084e View commit details
    Browse the repository at this point in the history

  4. Add T1003 file creation when using Mimikatz SSP 

    Mimikatz "misc::ssp" module allows to load a Security Module (SSP) into the LSA process in order to dump passwords into a file in clear text.
    @mdecrevoisier
    mdecrevoisier authored Oct 20, 2021
    Configuration menu
    Copy the full SHA
    df8a9dc View commit details
    Browse the repository at this point in the history

Commits on Oct 22, 2021

  1. Fixed indentation

    @humpalum
    humpalum authored Oct 22, 2021
    Configuration menu
    Copy the full SHA
    09044be View commit details
    Browse the repository at this point in the history

  2. Merge pull request #22 from mdecrevoisier/patch-1 

    Add T1003 file creation when using Mimikatz SSP
    @humpalum
    humpalum authored Oct 22, 2021
    Configuration menu
    Copy the full SHA
    bb95139 View commit details
    Browse the repository at this point in the history

Commits on Oct 26, 2021

  1. Merge pull request #21 from Neo23x0/SwiftOnSecurity-PRs 

    Swift on security Sync and PRs
    @phantinuss
    phantinuss authored Oct 26, 2021
    Configuration menu
    Copy the full SHA
    0052847 View commit details
    Browse the repository at this point in the history

Commits on Oct 29, 2021

  1. more malicious named pipe names 

    SigmaHQ/sigma#2214
    @Neo23x0
    Neo23x0 committed Oct 29, 2021
    Configuration menu
    Copy the full SHA
    423ddf1 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #23 from Neo23x0/config-devel 

    more malicious named pipe names
    @Neo23x0
    Neo23x0 authored Oct 29, 2021
    Configuration menu
    Copy the full SHA
    656c64a View commit details
    Browse the repository at this point in the history

Commits on Nov 8, 2021

  1. Kirbi file creation

    @Neo23x0
    Neo23x0 committed Nov 8, 2021
    Configuration menu
    Copy the full SHA
    13cabb9 View commit details
    Browse the repository at this point in the history

Commits on Nov 9, 2021

  1. Merge pull request #24 from Neo23x0/config-devel 

    Kirbi file creation
    @Neo23x0
    Neo23x0 authored Nov 9, 2021
    Configuration menu
    Copy the full SHA
    4cd88a0 View commit details
    Browse the repository at this point in the history

Commits on Apr 7, 2022

  1. fix command line

    @conitrade-as
    conitrade-as committed Apr 7, 2022
    Configuration menu
    Copy the full SHA
    b7f0605 View commit details
    Browse the repository at this point in the history

  2. update Azure OMS/MMA Agent exclusions

    @conitrade-as
    conitrade-as committed Apr 7, 2022
    Configuration menu
    Copy the full SHA
    fadf11d View commit details
    Browse the repository at this point in the history

  3. add PRTG exclusions

    @conitrade-as
    conitrade-as committed Apr 7, 2022
    Configuration menu
    Copy the full SHA
    439ff66 View commit details
    Browse the repository at this point in the history

Commits on Jul 7, 2022

  1. Merge pull request #25 from conitrade/hotfix/monitoring-agents 

    Hotfix/monitoring agents
    @Neo23x0
    Neo23x0 authored Jul 7, 2022
    Configuration menu
    Copy the full SHA
    dbe450d View commit details
    Browse the repository at this point in the history

Commits on Aug 17, 2022

  1. Update README.md

    @Neo23x0
    Neo23x0 authored Aug 17, 2022
    Configuration menu
    Copy the full SHA
    04bf25b View commit details
    Browse the repository at this point in the history

  2. feat: new sysmon configs - trace, block

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    23d19f0 View commit details
    Browse the repository at this point in the history

  3. docs: configs

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    c134c2b View commit details
    Browse the repository at this point in the history

  4. fix: updated placeholders

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    3b4e2f5 View commit details
    Browse the repository at this point in the history

  5. new block rules

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    d746b57 View commit details
    Browse the repository at this point in the history

  6. Last change

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    cc1683c View commit details
    Browse the repository at this point in the history

  7. more office apps and file extensions

    @phantinuss
    phantinuss committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    5e79e00 View commit details
    Browse the repository at this point in the history

  8. new hacktool imphashes

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    9ae9498 View commit details
    Browse the repository at this point in the history

  9. Merge pull request #26 from phantinuss/master 

    more office apps and file extensions
    @phantinuss
    phantinuss authored Aug 17, 2022
    Configuration menu
    Copy the full SHA
    fd25520 View commit details
    Browse the repository at this point in the history

  10. fix: .NET imphash

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    16edc45 View commit details
    Browse the repository at this point in the history

  11. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    9993f89 View commit details
    Browse the repository at this point in the history

  12. end with extensions

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    b709916 View commit details
    Browse the repository at this point in the history

  13. Update sysmonconfig-trace.xml

    @nasbench
    nasbench committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    36e2821 View commit details
    Browse the repository at this point in the history

  14. docs: readme

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    79c75dc View commit details
    Browse the repository at this point in the history

  15. Update sysmonconfig-export.xml

    @nasbench
    nasbench committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    aaeae94 View commit details
    Browse the repository at this point in the history

  16. Update sysmonconfig-export-block.xml

    @nasbench
    nasbench committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    3e13b8b View commit details
    Browse the repository at this point in the history

  17. updates on block list

    @Neo23x0
    Neo23x0 committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    6f49ce0 View commit details
    Browse the repository at this point in the history

  18. chore: add tests for trace and block config

    @phantinuss
    phantinuss committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    f9aa1ab View commit details
    Browse the repository at this point in the history

  19. chore: increase event count for trace logs

    @phantinuss
    phantinuss committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    051230b View commit details
    Browse the repository at this point in the history

Commits on Aug 18, 2022

  1. chore: spacing

    @phantinuss
    phantinuss committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    ccb7fc1 View commit details
    Browse the repository at this point in the history

  2. chore: rename msbuild-default back to msbuild

    @phantinuss
    phantinuss committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    4a8d689 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #29 from phantinuss/master 

    Add new workflow tests
    @phantinuss
    phantinuss authored Aug 18, 2022
    Configuration menu
    Copy the full SHA
    2595f79 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #28 from nasbench/master 

    Merge Configs
    @phantinuss
    phantinuss authored Aug 18, 2022
    Configuration menu
    Copy the full SHA
    50e6b0c View commit details
    Browse the repository at this point in the history

  5. feat: adding certutil.exe to the blocklist

    @Neo23x0
    Neo23x0 committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    01d2ab3 View commit details
    Browse the repository at this point in the history

  6. more LOLBINS

    @Neo23x0
    Neo23x0 committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    ab94a0b View commit details
    Browse the repository at this point in the history

  7. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    5792811 View commit details
    Browse the repository at this point in the history

  8. Update sysmonconfig-export-block.xml

    @nasbench
    nasbench committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    63782a9 View commit details
    Browse the repository at this point in the history

  9. Merge branch 'Neo23x0:master' into master

    @nasbench
    nasbench authored Aug 18, 2022
    Configuration menu
    Copy the full SHA
    7684a0a View commit details
    Browse the repository at this point in the history

  10. Update sysmonconfig-trace.xml

    @nasbench
    nasbench committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    eadb378 View commit details
    Browse the repository at this point in the history

  11. Update sysmonconfig-export-block.xml

    @nasbench
    nasbench committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    8ce36b4 View commit details
    Browse the repository at this point in the history

  12. Update sysmonconfig-export-block.xml

    @nasbench
    nasbench committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    45b2323 View commit details
    Browse the repository at this point in the history

  13. Merge pull request #30 from nasbench/master 

    Update Config
    @Neo23x0
    Neo23x0 authored Aug 18, 2022
    Configuration menu
    Copy the full SHA
    3fb8937 View commit details
    Browse the repository at this point in the history

  14. feat: progs that should never drop exes

    @Neo23x0
    Neo23x0 committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    665de6f View commit details
    Browse the repository at this point in the history

  15. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    d25bce4 View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2022

  1. Sliver stagers

    @Neo23x0
    Neo23x0 committed Aug 19, 2022
    Configuration menu
    Copy the full SHA
    73ca900 View commit details
    Browse the repository at this point in the history

  2. Update sysmonconfig-export-block.xml

    @nasbench
    nasbench committed Aug 19, 2022
    Configuration menu
    Copy the full SHA
    8b5e899 View commit details
    Browse the repository at this point in the history

Commits on Aug 21, 2022

  1. Dumpert Imphashes

    @Neo23x0
    Neo23x0 committed Aug 21, 2022
    Configuration menu
    Copy the full SHA
    3ae0fce View commit details
    Browse the repository at this point in the history

  2. docs: README updates

    @Neo23x0
    Neo23x0 committed Aug 21, 2022
    Configuration menu
    Copy the full SHA
    3f808d9 View commit details
    Browse the repository at this point in the history

Commits on Aug 22, 2022

  1. Merge pull request #32 from nasbench/master 

    Add more LOLBINs
    @Neo23x0
    Neo23x0 authored Aug 22, 2022
    Configuration menu
    Copy the full SHA
    48b06e9 View commit details
    Browse the repository at this point in the history

  2. fix: remove duplicate

    @phantinuss
    phantinuss committed Aug 22, 2022
    Configuration menu
    Copy the full SHA
    63c1b1b View commit details
    Browse the repository at this point in the history

  3. Merge pull request #33 from phantinuss/master 

    fix: remove duplicate
    @phantinuss
    phantinuss authored Aug 22, 2022
    Configuration menu
    Copy the full SHA
    aebac3e View commit details
    Browse the repository at this point in the history

  4. refactor: disable expand.exe block

    @Neo23x0
    Neo23x0 committed Aug 22, 2022
    Configuration menu
    Copy the full SHA
    9350818 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Aug 22, 2022
    Configuration menu
    Copy the full SHA
    ffd14ac View commit details
    Browse the repository at this point in the history

Commits on Sep 7, 2022

  1. block: SysmonEnte downloads

    @Neo23x0
    Neo23x0 committed Sep 7, 2022
    Configuration menu
    Copy the full SHA
    71b62ae View commit details
    Browse the repository at this point in the history

  2. SysmonQuiet coverage

    @Neo23x0
    Neo23x0 committed Sep 7, 2022
    Configuration menu
    Copy the full SHA
    bb1b414 View commit details
    Browse the repository at this point in the history

  3. SharpEvtMute Hook and Filename IOCs

    @Neo23x0
    Neo23x0 committed Sep 7, 2022
    Configuration menu
    Copy the full SHA
    e274ab6 View commit details
    Browse the repository at this point in the history

Commits on Sep 15, 2022

  1. SharpEvtMute

    @Neo23x0
    Neo23x0 committed Sep 15, 2022
    Configuration menu
    Copy the full SHA
    af1f439 View commit details
    Browse the repository at this point in the history

Commits on Sep 29, 2022

  1. feat: more Cobalt Strike named pipe patterns

    @Neo23x0
    Neo23x0 committed Sep 29, 2022
    Configuration menu
    Copy the full SHA
    6262d68 View commit details
    Browse the repository at this point in the history

Commits on Oct 4, 2022

  1. refactor: reworked file write section

    @Neo23x0
    Neo23x0 committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    d2e5c3d View commit details
    Browse the repository at this point in the history

  2. fix: many events with standard pipe

    @Neo23x0
    Neo23x0 committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    6a904c1 View commit details
    Browse the repository at this point in the history

Commits on Oct 6, 2022

  1. feat: block JuicyPotatoNG downloads

    @Neo23x0
    Neo23x0 committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    f6e9b8f View commit details
    Browse the repository at this point in the history

Commits on Oct 8, 2022

  1. Update sysmonconfig-export-block.xml 

    update extension GPO instructions
add additional msoft urls
    @stevenhardey
    stevenhardey authored Oct 8, 2022
    Configuration menu
    Copy the full SHA
    abd7e1f View commit details
    Browse the repository at this point in the history

Commits on Oct 10, 2022

  1. Merge pull request #35 from stevenhardey/stevenhardey-patch-1 

    Update URLs for Ad Filtering GPO and add additional Microsoft domain.
    @phantinuss
    phantinuss authored Oct 10, 2022
    Configuration menu
    Copy the full SHA
    71f8acd View commit details
    Browse the repository at this point in the history

  2. chore: mirror changes from PR #35

    @phantinuss
    phantinuss committed Oct 10, 2022
    Configuration menu
    Copy the full SHA
    452d448 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #36 from phantinuss/master 

    chore: mirror changes from PR #35
    @phantinuss
    phantinuss authored Oct 10, 2022
    Configuration menu
    Copy the full SHA
    e600a79 View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2022

  1. fix: remove unnecessary exclude block for FileDelete

    @phantinuss
    phantinuss committed Oct 21, 2022
    Configuration menu
    Copy the full SHA
    2af5f4e View commit details
    Browse the repository at this point in the history

  2. Merge pull request #37 from phantinuss/master 

    fix: remove unnecessary exclude block for FileDelete
    @phantinuss
    phantinuss authored Oct 21, 2022
    Configuration menu
    Copy the full SHA
    647ac14 View commit details
    Browse the repository at this point in the history

  3. Revert "fix: many events with standard pipe" 

    This reverts commit 6a904c1.
    @phantinuss
    phantinuss committed Oct 21, 2022
    Configuration menu
    Copy the full SHA
    c90917b View commit details
    Browse the repository at this point in the history

  4. Merge pull request #38 from phantinuss/master 

    Revert "fix: many events with standard pipe"
    @phantinuss
    phantinuss authored Oct 21, 2022
    Configuration menu
    Copy the full SHA
    062473c View commit details
    Browse the repository at this point in the history

  5. fix: fixed pipename beginswith clauses

    @pH-T
    pH-T committed Oct 21, 2022
    Configuration menu
    Copy the full SHA
    13588c0 View commit details
    Browse the repository at this point in the history

  6. feat: new havoc c2 pipenames

    @pH-T
    pH-T committed Oct 21, 2022
    Configuration menu
    Copy the full SHA
    fd6830b View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2022

  1. Apply suggestions from code review 

    Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
    @pH-T @phantinuss
    pH-T and phantinuss authored Oct 24, 2022
    Configuration menu
    Copy the full SHA
    7b41eb3 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #39 from pH-T/master 

    pipename begins with fix and new havoc c2 pipenames
    @phantinuss
    phantinuss authored Oct 24, 2022
    Configuration menu
    Copy the full SHA
    937ac18 View commit details
    Browse the repository at this point in the history

Commits on Oct 26, 2022

  1. Update Config

    @nasbench
    nasbench committed Oct 26, 2022
    Configuration menu
    Copy the full SHA
    2c6ce88 View commit details
    Browse the repository at this point in the history

  2. Add missing backslashes in "end with"

    @nasbench
    nasbench committed Oct 26, 2022
    Configuration menu
    Copy the full SHA
    f67d8d3 View commit details
    Browse the repository at this point in the history

Commits on Oct 27, 2022

  1. Merge pull request #40 from nasbench/master 

    Update Config
    @phantinuss
    phantinuss authored Oct 27, 2022
    Configuration menu
    Copy the full SHA
    a7e2293 View commit details
    Browse the repository at this point in the history

Commits on Dec 4, 2022

  1. feat: include SysmonEOP.exe blocks

    @Neo23x0
    Neo23x0 committed Dec 4, 2022
    Configuration menu
    Copy the full SHA
    834388e View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Dec 4, 2022
    Configuration menu
    Copy the full SHA
    a10e454 View commit details
    Browse the repository at this point in the history

Commits on Jan 13, 2023

  1. Exclude aurora agent

    @frack113
    frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    47aed63 View commit details
    Browse the repository at this point in the history

  2. Exclude aurora agent x86

    @frack113
    frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    f78b00c View commit details
    Browse the repository at this point in the history

  3. Exclude aurora agent path

    @frack113
    frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    c2e2f13 View commit details
    Browse the repository at this point in the history

  4. chore: remove boilerplate text (1)

    @phantinuss
    phantinuss authored Jan 13, 2023
    Configuration menu
    Copy the full SHA
    2dff95f View commit details
    Browse the repository at this point in the history

  5. chore: remove boilerplate text (2)

    @phantinuss
    phantinuss authored Jan 13, 2023
    Configuration menu
    Copy the full SHA
    5e7c317 View commit details
    Browse the repository at this point in the history

  6. Apply suggestions from code review 

    Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
    @frack113 @phantinuss
    frack113 and phantinuss authored Jan 13, 2023
    Configuration menu
    Copy the full SHA
    ee64e18 View commit details
    Browse the repository at this point in the history

  7. chore: workflow: switch python3 with nodejs installer as test data

    @phantinuss
    phantinuss committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    4348699 View commit details
    Browse the repository at this point in the history

  8. chore: workflow: update to node16

    @phantinuss
    phantinuss committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    a3014ed View commit details
    Browse the repository at this point in the history

  9. Merge pull request #42 from phantinuss/master 

    fix CI error and update...
    @phantinuss
    phantinuss authored Jan 13, 2023
    Configuration menu
    Copy the full SHA
    e5c291e View commit details
    Browse the repository at this point in the history

  10. Exclude aurora agent

    @frack113
    frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    ddc07ee View commit details
    Browse the repository at this point in the history

  11. Exclude aurora agent x86

    @frack113
    frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    120c110 View commit details
    Browse the repository at this point in the history

  12. Exclude aurora agent path

    @frack113
    frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    b427c6c View commit details
    Browse the repository at this point in the history

  13. chore: remove boilerplate text (1)

    @phantinuss @frack113
    phantinuss authored and frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    353f141 View commit details
    Browse the repository at this point in the history

  14. chore: remove boilerplate text (2)

    @phantinuss @frack113
    phantinuss authored and frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    ccd5e5a View commit details
    Browse the repository at this point in the history

  15. Apply suggestions from code review 

    Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
    @frack113 @phantinuss
    frack113 and phantinuss committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    935685e View commit details
    Browse the repository at this point in the history

  16. Merge branch 'exclude_aurora' of github.com:frack113/sysmon-config in… 

    …to exclude_aurora
    @frack113
    frack113 committed Jan 13, 2023
    Configuration menu
    Copy the full SHA
    e66beb4 View commit details
    Browse the repository at this point in the history

  17. Merge pull request #41 from frack113/exclude_aurora 

    Exclude aurora agent
    @phantinuss
    phantinuss authored Jan 13, 2023
    Configuration menu
    Copy the full SHA
    7f75f64 View commit details
    Browse the repository at this point in the history

Commits on Feb 9, 2023

  1. feat: add onenote app to blocklist

    @nasbench
    nasbench authored Feb 9, 2023
    Configuration menu
    Copy the full SHA
    9e25076 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2023

  1. Merge pull request #44 from nasbench/add-onenote-blocklist 

    feat: add onenote app to blocklist
    @phantinuss
    phantinuss authored Feb 10, 2023
    Configuration menu
    Copy the full SHA
    86eb8c9 View commit details
    Browse the repository at this point in the history

Commits on Apr 12, 2023

  1. Fixes #48

    @nasbench
    nasbench committed Apr 12, 2023
    Configuration menu
    Copy the full SHA
    ae41115 View commit details
    Browse the repository at this point in the history

  2. Fixes #49

    @nasbench
    nasbench committed Apr 12, 2023
    Configuration menu
    Copy the full SHA
    1276443 View commit details
    Browse the repository at this point in the history

  3. Fixes #43

    @nasbench
    nasbench committed Apr 12, 2023
    Configuration menu
    Copy the full SHA
    0dc42ba View commit details
    Browse the repository at this point in the history

  4. Fixes #50

    @nasbench
    nasbench committed Apr 12, 2023
    Configuration menu
    Copy the full SHA
    9718f92 View commit details
    Browse the repository at this point in the history

Commits on Apr 19, 2023

  1. feat: update sysmon config

    @nasbench
    nasbench committed Apr 19, 2023
    Configuration menu
    Copy the full SHA
    d6c7c57 View commit details
    Browse the repository at this point in the history

Commits on Apr 21, 2023

  1. feat: remove driver filters

    @nasbench
    nasbench committed Apr 21, 2023
    Configuration menu
    Copy the full SHA
    b766604 View commit details
    Browse the repository at this point in the history

Commits on Apr 27, 2023

  1. fix: apply suggestions from code review 

    Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
    @nasbench @phantinuss
    nasbench and phantinuss authored Apr 27, 2023
    Configuration menu
    Copy the full SHA
    94a324a View commit details
    Browse the repository at this point in the history

Commits on May 5, 2023

  1. new hacktool blocks

    @Neo23x0
    Neo23x0 committed May 5, 2023
    Configuration menu
    Copy the full SHA
    0ee029a View commit details
    Browse the repository at this point in the history

  2. Merge pull request #51 from nasbench/resolve-issues 

    feat: add new entries and resolve multiple issues
    @Neo23x0
    Neo23x0 authored May 5, 2023
    Configuration menu
    Copy the full SHA
    bb5c8a6 View commit details
    Browse the repository at this point in the history

  3. Update sysmonconfig-export-block.xml

    @Neo23x0
    Neo23x0 committed May 5, 2023
    Configuration menu
    Copy the full SHA
    65e6fff View commit details
    Browse the repository at this point in the history

  4. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed May 5, 2023
    Configuration menu
    Copy the full SHA
    6e36404 View commit details
    Browse the repository at this point in the history

Commits on May 15, 2023

  1. Remove duplicates sysmonconfig-export

    @cospirho
    cospirho authored May 15, 2023
    Configuration menu
    Copy the full SHA
    46fd40f View commit details
    Browse the repository at this point in the history

  2. Remove duplicates sysmonconfig-export-block

    @cospirho
    cospirho authored May 15, 2023
    Configuration menu
    Copy the full SHA
    cea856d View commit details
    Browse the repository at this point in the history

Commits on May 18, 2023

  1. Merge pull request #53 from cospirho/master 

    feat: remove duplicate rules
    @nasbench
    nasbench authored May 18, 2023
    Configuration menu
    Copy the full SHA
    766b2a7 View commit details
    Browse the repository at this point in the history

Commits on Jun 28, 2023

  1. new FileExecutableDetected Block

    @Neo23x0
    Neo23x0 committed Jun 28, 2023
    Configuration menu
    Copy the full SHA
    43f8ebf View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' of https://github.com/Neo23x0/sysmon-config

    @Neo23x0
    Neo23x0 committed Jun 28, 2023
    Configuration menu
    Copy the full SHA
    8569801 View commit details
    Browse the repository at this point in the history

  3. loldrivers rules

    @Neo23x0
    Neo23x0 committed Jun 28, 2023
    Configuration menu
    Copy the full SHA
    87be34c View commit details
    Browse the repository at this point in the history

  4. Update sysmonconfig-export.xml

    @Neo23x0
    Neo23x0 committed Jun 28, 2023
    Configuration menu
    Copy the full SHA
    f10d77f View commit details
    Browse the repository at this point in the history

  5. fix: increase allowance for trace runs

    @Neo23x0
    Neo23x0 committed Jun 28, 2023
    Configuration menu
    Copy the full SHA
    bc734a5 View commit details
    Browse the repository at this point in the history

  6. feat: blocked config

    @Neo23x0
    Neo23x0 committed Jun 28, 2023
    Configuration menu
    Copy the full SHA
    21205e9 View commit details
    Browse the repository at this point in the history

  7. fix: schema version

    @Neo23x0
    Neo23x0 committed Jun 28, 2023
    Configuration menu
    Copy the full SHA
    65bc443 View commit details
    Browse the repository at this point in the history

  8. Merge pull request #56 from Neo23x0/loldrivers-extension 

    loldrivers rules
    @Neo23x0
    Neo23x0 authored Jun 28, 2023
    Configuration menu
    Copy the full SHA
    277c594 View commit details
    Browse the repository at this point in the history

Commits on Jul 27, 2023

  1. Update sysmonconfig-export.xml

    @nasbench
    nasbench authored Jul 27, 2023
    Configuration menu
    Copy the full SHA
    b2b5554 View commit details
    Browse the repository at this point in the history

  2. Update sysmonconfig-export-block.xml

    @nasbench
    nasbench authored Jul 27, 2023
    Configuration menu
    Copy the full SHA
    8b8c419 View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2023

  1. Merge pull request #57 from nasbench/master 

    feat: add vmware conf path
    @nasbench
    nasbench authored Oct 17, 2023
    Configuration menu
    Copy the full SHA
    fa614fd View commit details
    Browse the repository at this point in the history

Commits on Dec 14, 2023

  1. add: EDRSandblast 

    adding EDRSandblast itself (not just the drivers used by it)
    @Neo23x0
    Neo23x0 committed Dec 14, 2023
    Configuration menu
    Copy the full SHA
    65c78ba View commit details
    Browse the repository at this point in the history

Commits on Dec 29, 2023

  1. EDRSilencer hashes

    @Neo23x0
    Neo23x0 committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    2dc8575 View commit details
    Browse the repository at this point in the history

Commits on Feb 1, 2024

  1. add: EventLogCrasher

    @Neo23x0
    Neo23x0 committed Feb 1, 2024
    Configuration menu
    Copy the full SHA
    f944c05 View commit details
    Browse the repository at this point in the history