driver_load_invoke_obfuscation_clip+_services.yml
driver_load_invoke_obfuscation_obfuscated_iex_services.yml
driver_load_invoke_obfuscation_stdin+_services.yml
driver_load_invoke_obfuscation_var+_services.yml
driver_load_invoke_obfuscation_via_compress_services.yml
driver_load_invoke_obfuscation_via_rundll_services.yml
driver_load_invoke_obfuscation_via_stdin_services.yml
driver_load_invoke_obfuscation_via_use_clip_services.yml
driver_load_invoke_obfuscation_via_use_mshta_services.yml
driver_load_invoke_obfuscation_via_use_rundll32_services.yml
driver_load_invoke_obfuscation_via_var++_services.yml
driver_load_tap_driver_installation.yml
file_event_executable_and_script_creation_by_office_using_file_ext.yml
lnx_auditd_omigod_scx_runasprovider_executescript.yml
net_dns_high_subdomain_rate.yml
net_dns_large_domain_name.yml
net_possible_dns_rebinding.yml
sysmon_always_install_elevated_msi_spawned_cmd_and_powershell_spawned_processes.yml
sysmon_always_install_elevated_parent_child_correlated.yml
sysmon_non_priv_program_files_move.yml
sysmon_process_reimaging.yml
win_access_fake_files_with_stored_credentials.yml
win_dumping_ntdsdit_via_dcsync.yml
win_dumping_ntdsdit_via_netsync.yml
win_kernel_and_3rd_party_drivers_exploits_token_stealing.yml
win_mal_service_installs.yml
win_metasploit_or_impacket_smb_psexec_service_install.yml
win_possible_privilege_escalation_using_rotten_potato.yml
win_suspicious_werfault_connection_outbound.yml
LICENSE.Detection.Rules.md
Folders and files Name Name Last commit message
Last commit date
parent directory Nov 14, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Nov 10, 2021
Nov 11, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Nov 27, 2021
Oct 29, 2021
Nov 10, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Oct 29, 2021
Nov 10, 2021
View all files
You can’t perform that action at this time.