Skip to content

Swift on security Sync and PRs #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Oct 26, 2021
Merged

Swift on security Sync and PRs #21

merged 16 commits into from
Oct 26, 2021

Conversation

humpalum
Copy link
Collaborator

Syncing various changes with SwiftOnSecurity's master and PR: SwiftOnSecurity#160

bartblaze and others added 16 commits November 14, 2019 22:09
@bartblaze
Add scripting filename targets
9fb44e9 
Adds .sct, .wsf, .wsh.
Change Metasploit Alert port from 444 to 4444
36c688b 
Metasploit's default port is 4444 as noted in numerous blogs such as this one: https://blog.rapid7.com/2012/06/01/metasploit-exploit-failed-how-to-test-if-metasploit-is-working/
@MaxNad
Added most of the missing LOLBAS for downloading executables + remove…
1228d37 
…d a bit of noise comming from missing windows process exlusions
@MaxNad
Added powershell_ise.exe to the list of Network connection monitoring
4be02d1
@Neo23x0
Important and relevant NamedPipe names
867b37a 
The events generated by an explicit matches on the listed pipe names should be few and highly relevant.
@Neo23x0
Added missing CS pipe and some comments
83b7a06
@SwiftOnSecurity
74:
edd7376 
CVE-2021-40444 leaves traces in this registry key, along with other office documents that load remote resources
@SwiftOnSecurity
Merge pull request SwiftOnSecurity#157 from f-bader/patch-1
89bb099 
Detect AV exclusions made in Policy Key
@SwiftOnSecurity
Merge pull request SwiftOnSecurity#98 from bartblaze/patch-1
85b88ac 
Add scripting filename targets
@SwiftOnSecurity
Update sysmonconfig-export.xml
ff0ec80
@SwiftOnSecurity
Merge pull request SwiftOnSecurity#105 from ION28/patch-1
681384d 
Change Metasploit Alert port from 444 to 4444
@SwiftOnSecurity
Merge pull request SwiftOnSecurity#106 from GoSecure/master
80d268d 
Added most of the missing LOLBAS for downloading executables
@SwiftOnSecurity
Merge pull request SwiftOnSecurity#151 from Neo23x0/patch-8
1836897 
Important and relevant NamedPipe names
@hieutt35
Update the Antivirus Tampering configuration, using broader condition
7166218
Merge github.com:SwiftOnSecurity/sysmon-config into SwiftOnSecurity-PRs
bac20c7
Merge https://github.com/hieuttmmo/sysmon-config into SwiftOnSecurity…
2fc084e 
…-PRs
@humpalum humpalum requested a review from phantinuss October 22, 2021 07:20
@phantinuss phantinuss merged commit 0052847 into master Oct 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phantinuss phantinuss Awaiting requested review from phantinuss

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@humpalum @phantinuss @bartblaze @MaxNad @Neo23x0 @SwiftOnSecurity @hieutt35