sigma Develop Sigma rules for Living Off The Land Binaries and Scripts

Subject: Living Off The Land Binaries and Scripts project
Author: Many, it is a community project. Primary maintainer — Oddvar Moe @oddvarmoe
Type: threat simulation scenarios
Requirements: Create one Pull Request per Sigma rule. The target branch for Pull Requests is oscd

You can pick up some of the listed LOLBAS and develop (improve) Sigma rules for them. Please comment the issue with a task number that you are going to work out so the others will not intersect with you.

Task #	Link to LOLBAS	Date checked	Sigma Rule ID / Link	Coverage	Done
1	Explorer.yml	14.8.2020	10c14723-61c7-4c75-92ca-9af245723ad2	Partial	- [ ]
2	Netsh.yml	14.8.2020	56321594-9087-49d9-bf10-524fe8479452, d3c3861d-c504-4c77-ba55-224ba82d0118, 782d6f3e-4c5d-4b8c-92a3-1d05fed72e63, 322ed9ec-fcab-4f67-9a34-e7c6aef43614	Full	- [X]
3	Nltest.yml	14.8.2020	None	None	- [ ]
4	Openwith.yml	14.8.2020	cec8e918-30f7-4e2d-9bfa-a59cc97ae60f	Full	- [X]
5	Powershell.yml	14.8.2020	45a594aa-1fbd-4972-a809-ff5a99dd81b8	Partial	- [ ]
6	Psr.yml	14.8.2020	2158f96f-43c2-43cb-952a-ab4580f32382	Full (well, "stop" could be added just in case)	- [X]
7	Robocopy.yml	14.8.2020	61ab5496-748e-4818-a92f-de78e20fe7f1	Partial	- [ ]
8	AcroRd32.yml	14.8.2020	None	None	- [ ]
9	aswrundll.yml	14.8.2020	None	None	- [ ]
10	Gpup.yml	14.8.2020	0a4f6091-223b-41f6-8743-f322ec84930b	Partial	- [ ]
11	Nlnotes.yml	14.8.2020	None	None	- [ ]
12	Notes.yml	14.8.2020	None	None	- [ ]
13	Nvudisp.yml	14.8.2020	None	None	- [ ]
14	Nvuhda6.yml	14.8.2020	None	None	- [ ]
15	ROCCAT_Swarm.yml	14.8.2020	None	None	- [ ]
16	RunCmd_X64.yml	14.8.2020	None	None	- [ ]
17	Setup.yml	14.8.2020	None	None	- [ ]
18	Usbinst.yml	14.8.2020	None	None	- [ ]
19	VBoxDrvInst.yml	14.8.2020	None	None	- [ ]
20	Winword.yml	14.8.2020	aa3a6f94-890e-4e22-b634-ffdfd54792cc, 438025f9-5856-4663-83f7-52f878a70a50, 864403a1-36c9-40a2-a982-4c9a45f7d833, 7993792c-5ce2-4475-a3db-a3a5539827ef, fdd84c68-a1f6-47c9-9477-920584f94905, 754ed792-634f-40ae-b3bc-e0448d33f695	Partial (generic rule to detect execution of DLLs required)	- [ ]
21	Testxlst.yml	14.8.2020	None	None	- [ ]
22	At.yml	14.8.2020	60fc936d-2eb0-4543-8a13-911c750a1dfc, 61ab5496-748e-4818-a92f-de78e20fe7f1	Full	- [X]
23	Atbroker.yml	14.8.2020	None	None	- [ ]
24	Bash.yml	14.8.2020	05a2ab7e-ce11-4b63-86db-ab32e763e11d, 03cc0c25-389f-4bf8-b48d-11878079f1ca, 8202070f-edeb-4d31-a010-a26c72ac5600, 438025f9-5856-4663-83f7-52f878a70a50	Partial	- [ ]
25	Bitsadmin.yml	14.8.2020	05a2ab7e-ce11-4b63-86db-ab32e763e11d, d059842b-6b9d-4ed1-b5c3-5b89143c6ede, 03cc0c25-389f-4bf8-b48d-11878079f1ca, 8202070f-edeb-4d31-a010-a26c72ac5600, 846b866e-2a57-46ee-8e16-85fa92759be7, 3a6586ad-127a-4d3b-a677-1e6eacdf8fde, 3711eee4-a808-4849-8a14-faf733da3612, 5f0f47a5-cb16-4dbe-9e31-e8d976d73de3	Partial	- [ ]
26	Certutil.yml	14.8.2020	5f0f47a5-cb16-4dbe-9e31-e8d976d73de3, e011a729-98a6-4139-b5c4-bf6f6dd8239a, 61ab5496-748e-4818-a92f-de78e20fe7f1, e62a9f0c-ca1e-46b2-85d5-a6da77f86d1a, 36480ae1-a1cb-4eaa-a0d6-29801d7e9142, 0ba1da6d-b6ce-4366-828c-18826c9de23e	Full; there is even some redundancy in the rules	- [ ]
27	Cmd.yml	24.12.2019	None	None	- [ ]
28	Cmdkey.yml	14.8.2020	07f8bdc2-c9b3-472a-9817-5a670b872f53, 502b42de-4306-40b4-9596-6f590c81f073	Full (the rule should be optimized tho)	- [ ]
29	Cmstp.yml	14.8.2020	e66779cc-383e-4224-a3a4-267eeb585c40, 9d26fede-b526-4413-b069-6e24b6d07167, 4b60e6f2-bf39-47b4-b4ea-398e33cfe253, 36480ae1-a1cb-4eaa-a0d6-29801d7e9142, 0ba1da6d-b6ce-4366-828c-18826c9de23e	Partial (update required)	- [ ]
30	Control.yml	14.8.2020	d7eb979b-c2b5-4a6f-a3a7-c87ce6763819	Partial (check existing rule)	- [ ]
31	Csc.yml	14.8.2020	b730a276-6b63-41b8-bcf8-55930c8fc6ee, dcaa3f04-70c3-427a-80b4-b870d73c94c4, fdd84c68-a1f6-47c9-9477-920584f94905	Partial	- [ ]
32	Cscript.yml	19.8.2020	1e33157c-53b1-41ad-bbcc-780b80b58288, 5f0f47a5-cb16-4dbe-9e31-e8d976d73de3, 61ab5496-748e-4818-a92f-de78e20fe7f1, cea72823-df4d-4567-950c-0b579eaf0846, 966e4016-627f-44f7-8341-f394905c361f, 36480ae1-a1cb-4eaa-a0d6-29801d7e9142, 52cad028-0ff0-4854-8f67-d25dfcbc78b4, 05a2ab7e-ce11-4b63-86db-ab32e763e11d, 03cc0c25-389f-4bf8-b48d-11878079f1ca, 95eadcb2-92e4-4ed1-9031-92547773a6db, 1fac1481-2dbc-48b2-9096-753c49b4ec71, 3a6586ad-127a-4d3b-a677-1e6eacdf8fde, 438025f9-5856-4663-83f7-52f878a70a50	Full	- [X]
33	Desktopimgdownldr.yml	19.8.2020	bb58aa4a-b80b-415a-a2c0-2f65a4c81009	Full	- [X]
34	Dfsvc.yml	19.8.2020	None	None	- [ ]
35	Diskshadow.yml	14.8.2020	None	None	- [ ]
36	Dnscmd.yml	19.8.2020	e61e8a88-59a9-451c-874e-70fcc9740d67	Full (the rule should be optimized tho)	- [ ]
37	Esentutl.yml	19.8.2020	e7be6119-fc37-43f0-ad4f-1f3f99be2f9f, 56a8189f-11b2-48c8-8ca7-c54b03c2fbf7	Partial	- [ ]
38	Eventvwr.yml	19.8.2020	7c81fec3-1c1d-43b0-996a-46753041b1b6	Full (the rule should be optimized tho)	- [ ]
39	Expand.yml	14.8.2020	None	None	- [ ]
40	Explorer.yml	19.8.2020	None	None	- [ ]
41	Extexport.yml	14.8.2020	None	None	- [ ]
42	Extrac32.yml	14.8.2020	None	None	- [ ]
43	Findstr.yml	14.8.2020	None	None	- [ ]
44	Forfiles.yml	19.8.2020	fa47597e-90e9-41cd-ab72-c3b74cfb0d02, 438025f9-5856-4663-83f7-52f878a70a50	Full	- [X]
45	Ftp.yml	14.8.2020	None	None	- [ ]
46	GfxDownloadWrapper.yml	19.8.2020	None	None	- [ ]
47	Gpscript.yml	14.8.2020	None	None	- [ ]
48	Hh.yml	19.8.2020	68c8acb4-1b60-4890-8e82-3ddf7a6dba84, 52cad028-0ff0-4854-8f67-d25dfcbc78b4, 438025f9-5856-4663-83f7-52f878a70a50	Partial (update required)	- [ ]
49	Ie4uinit.yml	19.8.2020	None	None	- [ ]
50	Ieexec.yml	19.8.2020	82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719	Partial (improvement required)	- [ ]
51	ilasm.yml	19.8.2020	None	None	- [ ]
52	Infdefaultinstall.yml	19.8.2020	None	None	- [ ]
53	Installutil.yml	19.8.2020	82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719	Partial (improvement required)	- [ ]
54	Jsc.yml	19.8.2020	None	None	- [ ]
55	Makecab.yml	19.8.2020	None	None	- [ ]
56	Mavinject.yml	19.8.2020	17eb8e57-9983-420d-ad8a-2c4976c22eb8	Full	- [X]
57	Microsoft.Workflow.Compiler.yml	19.8.2020	419dbf2b-8a9b-4bea-bf99-7544b050ec8d	Full (the rule should be updated with field modifiers)	- [ ]
58	Mmc.yml	19.8.2020	05a2ab7e-ce11-4b63-86db-ab32e763e11d, 10c14723-61c7-4c75-92ca-9af245723ad2, f1f3bf22-deb2-418d-8cce-e1a45e46a5bd	Partial	- [ ]
59	Msbuild.yml	19.8.2020	82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719	Partial (improvement required)	- [ ]
60	Msconfig.yml	19.8.2020	None	None	- [ ]
61	Msdt.yml	19.8.2020	82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719	Partial (improvement required)	- [ ]
62	Mshta.yml	19.8.2020	67f113fa-e23d-4271-befa-30113b3e08b1, ed5d72a6-f8f4-479d-ba79-02f6a80d7471, 03cc0c25-389f-4bf8-b48d-11878079f1ca, cc7abbd0-762b-41e3-8a26-57ad50d2eea3, 3a6586ad-127a-4d3b-a677-1e6eacdf8fde, 36480ae1-a1cb-4eaa-a0d6-29801d7e9142, 0ba1da6d-b6ce-4366-828c-18826c9de23e, 2b30fa36-3a18-402f-a22d-bf4ce2189f35, c260b6db-48ba-4b4a-a76f-2f67644e99d2, 438025f9-5856-4663-83f7-52f878a70a50	Partial	- [ ]
63	Msiexec.yml	19.8.2020	f7b5f842-a6af-4da5-9e95-e32478f3cd2f, 36480ae1-a1cb-4eaa-a0d6-29801d7e9142, 0ba1da6d-b6ce-4366-828c-18826c9de23e, 438025f9-5856-4663-83f7-52f878a70a50	Partial	- [ ]
64	Odbcconf.yml	19.8.2020	65d2be45-8600-4042-b4c0-577a1ff8a60e	Full	- [X]
65	Pcalua.yml	19.8.2020	fa47597e-90e9-41cd-ab72-c3b74cfb0d02	Full	- [X]
66	Pcwrun.yml	19.8.2020	None	None	- [ ]
67	Presentationhost.yml	19.8.2020	None	None	- [ ]
68	Print.yml	19.8.2020	None	None	- [ ]
69	Rasautou.yml	19.8.2020	None	None	- [ ]
70	Reg.yml	19.8.2020	fd877b94-9bb5-4191-bb25-d79cbd93c167, 24357373-078f-44ed-9ac4-6d334a668a11, 170901d1-de11-4de7-bccb-8fa13678d857, 2b30fa36-3a18-402f-a22d-bf4ce2189f35, 05a2ab7e-ce11-4b63-86db-ab32e763e11d, 03cc0c25-389f-4bf8-b48d-11878079f1ca, 0ba863e6-def5-4e50-9cea-4dd8c7dc46a4, 970007b7-ce32-49d0-a4a4-fbef016950bd, 61ab5496-748e-4818-a92f-de78e20fe7f1, 74ad4314-482e-4c3e-b237-3f7ed3b9ca8d, b932b60f-fdda-4d53-8eda-a170c1d97bbd	Full	- [X]
71	Regasm.yml	19.8.2020	82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719, 5f0f47a5-cb16-4dbe-9e31-e8d976d73de3	Partial (improvement required)	- [ ]
72	Regedit.yml	19.8.2020	None	None	- [ ]
73	Regini.yml	19.8.2020	None	None	- [ ]
74	Register-cimprovider.yml	19.8.2020	None	None	- [ ]
75	Regsvcs.yml	19.8.2020	82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719	Partial (improvement required)	- [ ]
76	Regsvr32.yml	19.8.2020	c7e91a02-d771-4a6d-a700-42587e0b1095, 8e2b24c9-4add-46a0-b4bb-0057b4e6187d, b236190c-1c61-41e9-84b3-3fe03f6d76b0, 8acf3cfa-1e8c-4099-83de-a0c4038e18f0, 10152a7b-b566-438f-a33c-390b607d1c8d	Partial	- [ ]
77	Replace.yml	19.8.2020	None	None	- [ ]
78	Rpcping.yml	19.8.2020	None	None	- [ ]
79	Rundll32.yml	19.8.2020	e593cf51-88db-4ee1-b920-37e89012a3c9, cdc8da7d-c303-42f8-b08c-b4ab47230263, 09e6d5c0-05b8-4ff8-9eeb-043046ec774c, ba778144-5e3d-40cf-8af9-e28fb1df1e20, 3d4aebe0-6d29-45b2-a8a4-3dfde586a26d, e79a9e79-eb72-4e78-a628-0e7e8f59e89c, f0b70adb-0075-43b0-9745-e82a1c608fcc	Partial	- [ ]
80	Runonce.yml	19.8.2020	None	None	- [ ]
81	Runscripthelper.yml	19.8.2020	None	None	- [ ]
82	Sc.yml	19.8.2020	7fe71fc9-de3b-432a-8d57-8c809efc10ab	Full	- [X]
83	Schtasks.yml	19.8.2020	92626ddd-662c-49e3-ac59-f6535f12d189, 5f0f47a5-cb16-4dbe-9e31-e8d976d73de3	Full (the rules should be updated with field modifiers; also there is redundancy to fix)	- [ ]
84	Scriptrunner.yml	19.8.2020	438025f9-5856-4663-83f7-52f878a70a50	Partial	- [ ]
85	Syncappvpublishingserver.yml	19.8.2020	None	None	- [ ]
86	Tttracer.yml	19.8.2020	None	None	- [ ]
87	vbc.yml	19.8.2020	None	None	- [ ]
88	Verclsid.yml	19.8.2020	None	None	- [ ]
89	Wab.yml	19.8.2020	None	None	- [ ]
90	Wmic.yml	19.8.2020	526be59f-a573-4eea-b5f7-f0973207634d, 8d63dadf-b91b-4187-87b6-34a1114577ea, 05c36dd6-79d6-4a9a-97da-3db20298ab2d	Partial	- [ ]
91	Wscript.yml	19.8.2020	1e33157c-53b1-41ad-bbcc-780b80b58288, 5f0f47a5-cb16-4dbe-9e31-e8d976d73de3, cea72823-df4d-4567-950c-0b579eaf0846	Partial (need to fix redundancy, check if ".vbs" extension is required in case of execution from ADS)	- [ ]
92	Wsreset.yml	19.8.2020	d797268e-28a9-49a7-b9a8-2f5039011c5c	Partial (improvement required)	- [ ]
93	Xwizard.yml	19.8.2020	None	None	- [ ]
94	Advpack.yml	19.8.2020	None	None	- [ ]
95	comsvcs.yml	19.8.2020	09e6d5c0-05b8-4ff8-9eeb-043046ec774c	Full (the rule should be updated with field modifiers)	- [ ]
96	Ieadvpack.yml	19.8.2020	None	None	- [ ]
97	Ieframe.yml	19.8.2020	None	None	- [ ]
98	Mshtml.yml	19.8.2020	None	None	- [ ]
99	Pcwutl.yml	19.8.2020	None	None	- [ ]
100	Setupapi.yml	19.8.2020	None	None	- [ ]
101	Shdocvw.yml	19.8.2020	None	None	- [ ]
102	Shell32.yml	19.8.2020	e593cf51-88db-4ee1-b920-37e89012a3c9	Full (the rule should be updated with field modifiers)	- [ ]
103	Syssetup.yml	19.8.2020	None	None	- [ ]
104	Url.yml	19.8.2020	e593cf51-88db-4ee1-b920-37e89012a3c9	Full (the rule should be updated with field modifiers)	- [ ]
105	Zipfldr.yml	19.8.2020	e593cf51-88db-4ee1-b920-37e89012a3c9	Full (the rule should be updated with field modifiers)	- [ ]
106	Cl_invocation.yml	19.8.2020	None	None	- [ ]
107	CL_mutexverifiers.yml	19.8.2020	None	None	- [ ]
108	Manage-bde.yml	19.8.2020	None	None	- [ ]
109	pester.yml	19.8.2020	None	None	- [ ]
110	Pubprn.yml	19.8.2020	None	None	- [ ]
111	~~Slmgr.yml~~ (archived, not in main repo anymore)	19.8.2020	~~None~~	~~None~~	- [X]
112	Syncappvpublishingserver.yml	19.8.2020	None	None	- [ ]
113	Winrm.yml	19.8.2020	None	None	- [ ]
114	Appvlp.yml	19.8.2020	438025f9-5856-4663-83f7-52f878a70a50	Partial	- [ ]
115	Bginfo.yml	19.8.2020	aaf46cdc-934e-4284-b329-34aa701e3771	Full	- [X]
116	Cdb.yml	19.8.2020	b5c7395f-e501-4a08-94d4-57fe7a9da9d2	Full	- [X]
117	Csi.yml	19.8.2020	a9e416a8-e613-4f8b-88b8-a7d1d1af2f61	Partial	- [ ]
118	Devtoolslauncher.yml	19.8.2020	cc268ac1-42d9-40fd-9ed3-8c4e1a5b87e6	Full	- [X]
119	Dnx.yml	19.8.2020	81ebd28b-9607-4478-bf06-974ed9d53ed7	Full	- [X]
120	Dotnet.yml	19.8.2020	None	None	- [ ]
121	Dxcap.yml	19.8.2020	60f16a96-db70-42eb-8f76-16763e333590	Full (need to make sure that ".exe" extension is required)	- [ ]
122	Excel.yml	19.8.2020	0c79148b-118e-472b-bdb7-9b57b444cc19	Full	- [X]
123	Mftrace.yml	19.8.2020	438025f9-5856-4663-83f7-52f878a70a50	Partial	- [ ]
124	Msdeploy.yml	19.8.2020	None	None	- [ ]
125	Msxsl.yml	19.8.2020	05c36dd6-79d6-4a9a-97da-3db20298ab2d	Full	- [X]
126	Ntdsutil.yml	19.8.2020	2afafd61-6aae-4df4-baed-139fa1f4c345	Full	- [X]
127	Powerpnt.yml	19.8.2020	0c79148b-118e-472b-bdb7-9b57b444cc19	Full	- [X]
128	Rcsi.yml	19.8.2020	None	None	- [ ]
129	Sqldumper.yml	19.8.2020	None	None	- [ ]
130	Sqlps.yml	19.8.2020	None	None	- [ ]
131	Sqltoolsps.yml	19.8.2020	None	None	- [ ]
132	squirrel.yml	19.8.2020	fa4b21c9-0057-4493-b289-2556416ae4d7	Partial	- [ ]
133	Te.yml	19.8.2020	None	None	- [ ]
134	Tracker.yml	19.8.2020	None	None	- [ ]
135	update.yml	19.8.2020	fa4b21c9-0057-4493-b289-2556416ae4d7	Partial	- [ ]
136	Vsjitdebugger.yml	19.8.2020	None	None	- [ ]
137	Winword.yml	19.8.2020	0c79148b-118e-472b-bdb7-9b57b444cc19	Full	- [X]
138	Wsl.yml	19.8.2020	None	None	- [ ]

Sep 14 '20 17:09 aw350m33d

-85: #1051 -86: #1062 -87: #1068 -93: #1080 -94,-97 : committed by @w0rk3r #1085 -136: #1095

Sep 25 '20 16:09 esebese

40: 9eb271b9-24ae-4cd4-9465-19cfc1047f3e (Accidentally pushed to master branch) 43 68

Sep 25 '20 17:09 caliskanfurkan

132 (already exists) - fa4b21c9-0057-4493-b289-2556416ae4d7

138 (PR completed) - https://github.com/Neo23x0/sigma/pull/1032

Sep 29 '20 04:09 svch0stz

113: #1064, #1066 109: #1087 99: #1039 96: Covered by @w0rk3r in #1085

Oct 01 '20 07:10 Vasilisa-L

131 #1162 133 #1173 136 #1174

Oct 01 '20 08:10 uncleAntik

Hello @esebese , @caliskanfurkan, @svch0stz , @Vasilisa-L , @uncleAntik !

Friendly reminder — please create one Pull Request per Sigma rule. The target branch for Pull Requests is oscd.

Thank you!

Oct 02 '20 00:10 yugoslavskiy

35

Oct 05 '20 10:10 concorde18

67 - #1089 129 - #1092

Oct 05 '20 14:10 zBlurr

110

Oct 05 '20 19:10 Abkh4z

19: #1047

Oct 05 '20 21:10 grikos

77 https://github.com/Neo23x0/sigma/pull/1072 34 - https://github.com/Neo23x0/sigma/pull/1085 94 - https://github.com/Neo23x0/sigma/pull/1085 96 - https://github.com/Neo23x0/sigma/pull/1085 97 - https://github.com/Neo23x0/sigma/pull/1085 98 - https://github.com/Neo23x0/sigma/pull/1085 99 - https://github.com/Neo23x0/sigma/pull/1085 100 - https://github.com/Neo23x0/sigma/pull/1085 101 - https://github.com/Neo23x0/sigma/pull/1085 102 - https://github.com/Neo23x0/sigma/pull/1085 103 - https://github.com/Neo23x0/sigma/pull/1085 104 - https://github.com/Neo23x0/sigma/pull/1085 105 - https://github.com/Neo23x0/sigma/pull/1085

Oct 05 '20 22:10 w0rk3r

80, 134

Oct 06 '20 02:10 V3T0

98, 120, 124

Oct 06 '20 04:10 beyudn

100: #1058

Oct 06 '20 08:10 grikos

72: #1075 73: #1093

Oct 06 '20 15:10 SanWieb

3: #1081

Oct 07 '20 17:10 cy1337

69: #1105 74: #1176 by @concorde18 78: #1104

Oct 08 '20 15:10 Vasilisa-L

@grikos :

100: #1058

@w0rk3r

77 #1072 34 - #1085 94 - #1085 96 - #1085 97 - #1085 98 - #1085 99 - #1085 100 - #1085 101 - #1085 102 - #1085 103 - #1085 104 - #1085 105 - #1085

hey guys, you both picked up task 100

Oct 08 '20 17:10 yugoslavskiy

@beyudn

98, 120, 124

@w0rk3r

77 #1072 34 - #1085 94 - #1085 96 - #1085 97 - #1085 98 - #1085 99 - #1085 100 - #1085 101 - #1085 102 - #1085 103 - #1085 104 - #1085 105 - #1085

hey guys, you both picked up task 98

Oct 08 '20 17:10 yugoslavskiy

@grikos :

100: #1058

@w0rk3r

77 #1072 34 - #1085 94 - #1085 96 - #1085 97 - #1085 98 - #1085 99 - #1085 100 - #1085 101 - #1085 102 - #1085 103 - #1085 104 - #1085 105 - #1085

hey guys, you both picked up task 100

shame on my old blind eyes One rule for all - it's a great idea

Oct 08 '20 17:10 grikos

@Vasilisa-L

113: #1064, #1066 109: #1087 99: #1039 96: Covered by @w0rk3r in #1085

@w0rk3r

77 #1072 34 - #1085 94 - #1085 96 - #1085 97 - #1085 98 - #1085 99 - #1085 100 - #1085 101 - #1085 102 - #1085 103 - #1085 104 - #1085 105 - #1085

hey guys, you both picked up task 99

Oct 08 '20 19:10 yugoslavskiy

@uncleAntik

136, 133, 131

@esebese

-85: #1051 -86: #1062 -87: #1068 -93: #1080 -94,-97 : committed by @w0rk3r #1085 -136: #1095

hey guys, you both picked up task 136

Oct 08 '20 19:10 yugoslavskiy

@Vasilisa-L

99: #1039

@w0rk3r

99 - #1085

hey guys, you both picked up task 99

@yugoslavskiy I had written that rule before i knew that @w0rk3r is going to make one general rule for a bunch of DLLs :thumbsup:

I don't mind, if you use his more general rule Mine is not a work of art, anyway :smile:

Oct 09 '20 06:10 Vasilisa-L

20 - #1226 45 - #1106 46 - #1228 81 - #1227 88 - #1224

Oct 09 '20 09:10 stvetro

130 #1119

Oct 10 '20 15:10 uncleAntik

27

Oct 11 '20 07:10 tito0202

66

Oct 12 '20 10:10 banzay021

89 106 107 108

Oct 12 '20 17:10 nsaddler

Taking 23 PR #1148 PR #1155

Oct 12 '20 21:10 sn0w0tter

117 128

Oct 13 '20 12:10 grikos

sigma sigma copied to clipboard

Develop Sigma rules for Living Off The Land Binaries and Scripts

sigma
sigma copied to clipboard